RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
|
|
- Pearl Martin
- 6 years ago
- Views:
Transcription
1 RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas
2 Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS OS Process Process Process Process boundary VM boundary 2
3 Today, privilege implies trust (2/3) If computing remotely, what is the TCB? Priviledge??? LOC 150 KLOC CPU HW Hypervisor trusted computing base 12,000 KLOC OS OS Sanctum decouples HW protection from trust! Process Process Process Process boundary VM boundary 3
4 Today, privilege implies trust (3/3) Side channels leak privacy Sanctum uses hardware-assisted isolation Priviledge OS CPU HW Hypervisor OS Strong privacy & integrity with low overhead Process Process Process Process boundary VM boundary 4
5 Remote Software Attestation (1 /2) Trusted HW Diffie Hellman Software Ecosystem Measures (hash) and Signs Remote user App Trusted HW creates proof for remote user 5
6 Remote Software Attestation (2 /2) Trusted HW Diffie Hellman Software Ecosystem Measures (hash) and Signs Remote user Private data App Private result Remote user decides whether or not to trust certificate 6
7 Prior work: TPM, TXT Trusted Platform Module Trusted Execution Technology Tamper-resistant HW Trusted HW must keep its keys private! Measures (hash) and Signs Remote user Diffie Hellman Private data BIOS, OS, Device drivers and all Private result Prior work included too much SW in their attestation App 12,000+ KLOC Software ecosystem must not be vulnerable 7
8 Recent Success : Intel SGX Ring 0 (supervisor mode) Priviledge??? LOC 12,000 KLOC Intel Factory Intel SGX CPU OS Ring 3 (user mode) Process Process Enclave Enclave immutable commitment of resources to one process. 8
9 Threat Model (Intel SGX) Protect privacy* and integrity** of an enclave against a privileged SW adversary (OS/Hypervisor) SGX prevents: Directly reading/ tampering with: - Config. registers - Enclave memory - Enclave process structures - DMA-capable devices Some specific physical attacks: - DRAM contents - Device secret Physical access! *Indirect observation? **Can SGX keep its keys private? 9
10 Threat Model (Sanctum) Protect privacy and integrity of an enclave against a privileged SW adversary (OS/Hypervisor) Sanctum prevents: Directly read/ tamper with: - Config. registers - Enclave memory - Enclave process structures - DMA-capable devices Indirectly* observe private state via shared: - Caches - Microarchitectural state - Data structures managed by the OS - Interrupts / Faults No protection against physical access or fault injection 10
11 Sanctum s Chain of Trust Priviledge Manufacturer Sanctum HW Certificate Authority Machine mode Privileged (supervisor mode) Security Monitor (SM) OS Unprivileged (user mode) Process Process Strongly Isolated Enclave 11
12 Sanctum s Contributions - Formally verifiable open source SM - Truly small TCB for attestation (small SW and HW) - Hardware-assisted isolation with strong guarantees Machine mode Unprivileged (user mode) Priviledge Privileged (supervisor mode) Hardwired 5 KLOC 12,000 KLOC Process Manufacturer Sanctum HW Security Monitor (SM) OS Process Certificate Authority Strongly Isolated Enclave Open source SW Stronger security with low overhead + 2% area % performance 12
13 Sanctum modifies a RISCV Rocket Chip: 4 cores Build hardware support for Core TLB Core TLB small, trusted software to enforce isolation guarantees for unprivileged software. 64b RISCV PTW Datapath PTW Datapath 16KB Private Cache Private Cache Explicitly multiplex between private and OS-controlled state 2MB LLC LLC Bank LLC Bank DRAM 13
14 Enclaves execute on private cores Core Core - Private L1 caches - Private registers, - Private branch target buffer - Private TLB TLB PTW Datapath Private Cache TLB PTW Datapath Private Cache Security monitor cleans up private state when allocating cores to enclaves / OS LLC Bank LLC Bank DRAM 14
15 Isolated Physical Memory in Sanctum DRAM region is a unit of isolated memory Kernel Memory OS Page Tables OS Virtual Address Space Enclave 1 Private Page Table Enclave private data An enclave s Virtual Address Space Only security monitor has access Security Monitor OS / non-enclave processes Enclave 1 Enclave 2 Physical Address Space DRAM regions are non-overlapping 15
16 Isolating in the LLC (1/8) Physical Address 8 ways 15 Tag Set associative (banked) cache 11 Set Index 6 Line Offset LLC 512 sets, 4 banks Select sets with set index Find way with matching tag == == 64 bytes == Select word from line 16
17 Isolating in the LLC (2/8) Physical Address 15 Tag LLC sharing leaks privacy! 11 Set Index 6 Line Offset LLC OS starves enclave at LLC! Availability of this set leaks privacy == == == 64 bytes 17
18 Isolating in the LLC (2/8) Physical Address LLC 15 Tag LLC sharing leaks privacy! 11 Set Index Give private LLC sets to enclaves! 6 Line Offset == == == 64 bytes 18
19 Isolating in the LLC (4/8) Virtual Address OS controls (TLB caches translations) PTW performs translation Physical Address 52 or fewer Virtual Page Number Virtual address translation 4KB Page Offset Page tables Physical Page Number Page Offset
20 Isolating in the LLC (6/8) Address translation LLC Physical Page Number Tag 15 DRAM Region Index Set Index =5 bits controlled by the OS! Page Offset 12 Line Offset 6 To isolate enclaves in LLC, allocate exclusively, at region granularity! 20
21 Isolating in the LLC (7/8) Address translation LLC DRAM Physical Page Number Tag 15 DRAM Region Index =5 bits! Toy example: 3 DRAM region bits Set Index Page Offset 12 Line Offset 6 Each region is 1 4K page in size... To isolate enclaves in LLC, allocate exclusively, at region granularity! 32KB Small problem : A DMA buffer 21
22 Isolating in the LLC (8/8) Physical Page Number Page Offset 12 Rotate PPN to make colors contiguous in DRAM Tag 15 Set Index 11 Line Offset DRAM Region Index Now top PA bits determine DRAM region DRAM Toy example: 3 DRAM region bits Each region is 32KB contiguous, 32KB
23 Hardware-assisted TLB Page Table Walker Isolation Maintain an invariant: TLB entries are safe! HW enforces invariants at page walk Valid bit Response Address & Invariant checker Response valid bit Page table entry Request Cache & DRAM 23
24 Protect SM memory from everyone OS could rewrite S.M. code, do evil fix by... Never map VAddr to SM memory S.M. sanitizes mode switch TLB PRBASE PRMASK Valid bit Response Address Page Table Walker & == & Response valid bit Page table entry Request Cache & DRAM 24
25 Isolating Enclaves in Physical Memory OS could read/write Enclave memory fix by... Enforce DRAM Region permissions to at page walk S.M. updates permissions when scheduling enclaves TLB Valid bit...other invariants Page Table Walker & & Region DRBMAP index to One Hot Response Address Response valid bit Cache & DRAM Page table entry Request 25
26 Isolating enclave page tables Should this VA use enclave s tables? OS could spy on enclave s page table entries fix by... Implement enclave-private page tables EVBASE == EVMASK VAddr & PTBR EPTBR PARBASE EPARBASE DRBMAP PARMASK EDRBMAP EPARMASK 26
27 Sanctum modifies RISCV Rocket Chip (1/3) Add hardware at interfaces only! ~500 Gates, ~700 FFs Per core Enclave PTs PTW invariant checker Core PTW TLB Datapath Core PTW TLB Datapath Private Cache Private Cache LLC Bank LLC Bank DRAM 27
28 Sanctum modifies RISCV Rocket Chip (2/3) Add hardware at interfaces only! Enclave PTs PTW invariant checker Core PTW TLB Datapath Core PTW TLB Datapath ~50 Gates LLC addr. Rotation 600 Gates, 128 FFs DMA whitelist Private Cache Private Cache LLC Bank LLC Bank (hacks upon hacks) ~6% overall performance overhead! DRAM 28
29 Sanctum modifies RISCV Rocket Chip (3/3) Add hardware at interfaces only! Enclave PTs PTW invariant checker Core PTW TLB Datapath Core PTW TLB Datapath LLC addr. Rotation DMA whitelist Private Cache Private Cache 128 FFs Device secret LLC Bank LLC Bank Boot ROM ~2% area increase in total! Boot ROM Device Secret DRAM 29
30 Measuring Overheads: Experimental setup Platform headers Spec 06* riscv-linux RISCV Compiler Sanctum LLC model RISCV isa-sim Performance counters for Sanctum-related events Estimated static costs for Monitor API calls. $ and DRAM access costs modeled after real devices Post-process event log and counters >275 billion instructions simulated! 30
31 this slide is intentionally left blank 31
32 A Detailed Look at Sanctum s Overheads (2/3) Enclave overhead with a DRAM region allocation of 1/4 of LLC sets Benefit from a large LLC Do not use LLC effectively Perform lots of IO 32
33 A Detailed Look at Sanctum s Overheads (3/3) Enclave overhead for various enclave sizes 33
34 Trusted Manufacturer as CA 34
35 Remote Software Attestation 35
36 Sanctum s Software Stack 36
37 Attestation in Sanctum 37
38 Physical Memory in Sacntum (1/2) 38
39 Physical Memory in Sacntum (1/2) 39
Sanctum: Minimal HW Extensions for Strong SW Isolation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7a Sanctum: Minimal HW Extensions for Strong SW Isolation Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical &
More informationSGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut
SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic
More informationVirtual Memory. Daniel Sanchez Computer Science & Artificial Intelligence Lab M.I.T. November 15, MIT Fall 2018 L20-1
Virtual Memory Daniel Sanchez Computer Science & Artificial Intelligence Lab M.I.T. L20-1 Reminder: Operating Systems Goals of OS: Protection and privacy: Processes cannot access each other s data Abstraction:
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationComputer Architecture Lecture 13: Virtual Memory II
18-447 Computer Architecture Lecture 13: Virtual Memory II Lecturer: Rachata Ausavarungnirun Carnegie Mellon University Spring 2014, 2/17/2014 (with material from Onur Mutlu, Justin Meza and Yoongu Kim)
More informationVirtual Memory. Daniel Sanchez Computer Science & Artificial Intelligence Lab M.I.T. April 12, 2018 L16-1
Virtual Memory Daniel Sanchez Computer Science & Artificial Intelligence Lab M.I.T. L16-1 Reminder: Operating Systems Goals of OS: Protection and privacy: Processes cannot access each other s data Abstraction:
More informationKomodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 16: Virtual Machine Monitors Geoffrey M. Voelker Virtual Machine Monitors 2 Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More informationCS5460: Operating Systems Lecture 14: Memory Management (Chapter 8)
CS5460: Operating Systems Lecture 14: Memory Management (Chapter 8) Important from last time We re trying to build efficient virtual address spaces Why?? Virtual / physical translation is done by HW and
More informationHardware Enclave Attacks CS261
Hardware Enclave Attacks CS261 Threat Model of Hardware Enclaves Intel Attestation Service (IAS) Process Enclave Untrusted Trusted Enclave Code Enclave Data Process Process Other Enclave OS and/or Hypervisor
More informationFast access ===> use map to find object. HW == SW ===> map is in HW or SW or combo. Extend range ===> longer, hierarchical names
Fast access ===> use map to find object HW == SW ===> map is in HW or SW or combo Extend range ===> longer, hierarchical names How is map embodied: --- L1? --- Memory? The Environment ---- Long Latency
More informationSGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 3b SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees Slide deck extracted from Kamran s tutorial on SGX and Chenglu s security analysis
More informationIntel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey May 13, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey torreyj@ainfosec.com
More informationVirtual Memory. Motivations for VM Address translation Accelerating translation with TLBs
Virtual Memory Today Motivations for VM Address translation Accelerating translation with TLBs Fabián Chris E. Bustamante, Riesbeck, Fall Spring 2007 2007 A system with physical memory only Addresses generated
More informationVirtual Memory Oct. 29, 2002
5-23 The course that gives CMU its Zip! Virtual Memory Oct. 29, 22 Topics Motivations for VM Address translation Accelerating translation with TLBs class9.ppt Motivations for Virtual Memory Use Physical
More informationVirtual Memory. Virtual Memory
Virtual Memory Virtual Memory Main memory is cache for secondary storage Secondary storage (disk) holds the complete virtual address space Only a portion of the virtual address space lives in the physical
More informationLecture 19: Virtual Memory: Concepts
CSCI-UA.2-3 Computer Systems Organization Lecture 9: Virtual Memory: Concepts Mohamed Zahran (aka Z) mzahran@cs.nyu.edu http://www.mzahran.com Some slides adapted (and slightly modified) from: Clark Barrett
More informationvirtual memory Page 1 CSE 361S Disk Disk
CSE 36S Motivations for Use DRAM a for the Address space of a process can exceed physical memory size Sum of address spaces of multiple processes can exceed physical memory Simplify Management 2 Multiple
More informationChapter 5B. Large and Fast: Exploiting Memory Hierarchy
Chapter 5B Large and Fast: Exploiting Memory Hierarchy One Transistor Dynamic RAM 1-T DRAM Cell word access transistor V REF TiN top electrode (V REF ) Ta 2 O 5 dielectric bit Storage capacitor (FET gate,
More informationComputer Science 146. Computer Architecture
Computer Architecture Spring 2004 Harvard University Instructor: Prof. dbrooks@eecs.harvard.edu Lecture 18: Virtual Memory Lecture Outline Review of Main Memory Virtual Memory Simple Interleaving Cycle
More informationCache Performance and Memory Management: From Absolute Addresses to Demand Paging. Cache Performance
6.823, L11--1 Cache Performance and Memory Management: From Absolute Addresses to Demand Paging Asanovic Laboratory for Computer Science M.I.T. http://www.csg.lcs.mit.edu/6.823 Cache Performance 6.823,
More informationFast access ===> use map to find object. HW == SW ===> map is in HW or SW or combo. Extend range ===> longer, hierarchical names
Fast access ===> use map to find object HW == SW ===> map is in HW or SW or combo Extend range ===> longer, hierarchical names How is map embodied: --- L1? --- Memory? The Environment ---- Long Latency
More informationAddress Translation. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University
Address Translation Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Today s Topics How to reduce the size of page tables? How to reduce the time for
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationJohn Wawrzynek & Nick Weaver
CS 61C: Great Ideas in Computer Architecture Lecture 23: Virtual Memory John Wawrzynek & Nick Weaver http://inst.eecs.berkeley.edu/~cs61c From Previous Lecture: Operating Systems Input / output (I/O) Memory
More informationProcesses and Virtual Memory Concepts
Processes and Virtual Memory Concepts Brad Karp UCL Computer Science CS 37 8 th February 28 (lecture notes derived from material from Phil Gibbons, Dave O Hallaron, and Randy Bryant) Today Processes Virtual
More informationCOMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
More informationCarnegie Mellon. Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition
Carnegie Mellon Virtual Memory: Concepts 5-23: Introduction to Computer Systems 7 th Lecture, October 24, 27 Instructor: Randy Bryant 2 Hmmm, How Does This Work?! Process Process 2 Process n Solution:
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationvirtual memory. March 23, Levels in Memory Hierarchy. DRAM vs. SRAM as a Cache. Page 1. Motivation #1: DRAM a Cache for Disk
5-23 March 23, 2 Topics Motivations for VM Address translation Accelerating address translation with TLBs Pentium II/III system Motivation #: DRAM a Cache for The full address space is quite large: 32-bit
More informationVirtual Memory: From Address Translation to Demand Paging
Constructive Computer Architecture Virtual Memory: From Address Translation to Demand Paging Arvind Computer Science & Artificial Intelligence Lab. Massachusetts Institute of Technology November 12, 2014
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationVirtual Memory. CS 3410 Computer System Organization & Programming
Virtual Memory CS 3410 Computer System Organization & Programming These slides are the product of many rounds of teaching CS 3410 by Professors Weatherspoon, Bala, Bracy, and Sirer. Where are we now and
More informationVIRTUAL MEMORY II. Jo, Heeseung
VIRTUAL MEMORY II Jo, Heeseung TODAY'S TOPICS How to reduce the size of page tables? How to reduce the time for address translation? 2 PAGE TABLES Space overhead of page tables The size of the page table
More informationMotivations for Virtual Memory Virtual Memory Oct. 29, Why VM Works? Motivation #1: DRAM a Cache for Disk
class8.ppt 5-23 The course that gives CMU its Zip! Virtual Oct. 29, 22 Topics Motivations for VM Address translation Accelerating translation with TLBs Motivations for Virtual Use Physical DRAM as a Cache
More informationVirtual Memory. CS 3410 Computer System Organization & Programming. [K. Bala, A. Bracy, E. Sirer, and H. Weatherspoon]
Virtual Memory CS 3410 Computer System Organization & Programming [K. Bala, A. Bracy, E. Sirer, and H. Weatherspoon] Click any letter let me know you re here today. Instead of a DJ Clicker Question today,
More informationMemory Hierarchy Requirements. Three Advantages of Virtual Memory
CS61C L12 Virtual (1) CS61CL : Machine Structures Lecture #12 Virtual 2009-08-03 Jeremy Huddleston Review!! Cache design choices: "! Size of cache: speed v. capacity "! size (i.e., cache aspect ratio)
More informationCISC 360. Virtual Memory Dec. 4, 2008
CISC 36 Virtual Dec. 4, 28 Topics Motivations for VM Address translation Accelerating translation with TLBs Motivations for Virtual Use Physical DRAM as a Cache for the Disk Address space of a process
More informationCSCE 410/611: Virtualization!
CSCE 410/611: Virtualization! Definitions, Terminology! Why Virtual Machines?! Mechanics of Virtualization! Virtualization of Resources (Memory)! Some slides made available Courtesy of Gernot Heiser, UNSW.!
More informationComputer Systems. Virtual Memory. Han, Hwansoo
Computer Systems Virtual Memory Han, Hwansoo A System Using Physical Addressing CPU Physical address (PA) 4 Main memory : : 2: 3: 4: 5: 6: 7: 8:... M-: Data word Used in simple systems like embedded microcontrollers
More informationAscend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM)
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7b Ascend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM) Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen
More informationLecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems
Lecture 7 Xen and the Art of Virtualization Paul Braham, Boris Dragovic, Keir Fraser et al. Advanced Operating Systems 16 November, 2011 SOA/OS Lecture 7, Xen 1/38 Contents Virtualization Xen Memory CPU
More informationLeaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX W. Wang, G. Chen, X, Pan, Y. Zhang, XF. Wang, V. Bindschaedler, H. Tang, C. Gunter. September 19, 2017 Motivation Intel
More informationChapter 8 Memory Management
Chapter 8 Memory Management Da-Wei Chang CSIE.NCKU Source: Abraham Silberschatz, Peter B. Galvin, and Greg Gagne, "Operating System Concepts", 9th Edition, Wiley. 1 Outline Background Swapping Contiguous
More informationCIS 4360 Secure Computer Systems SGX
CIS 4360 Secure Computer Systems SGX Professor Qiang Zeng Spring 2017 Some slides are stolen from Intel docs Previous Class UEFI Secure Boot Windows s Trusted Boot Intel s Trusted Boot CIS 4360 Secure
More informationCS 152 Computer Architecture and Engineering. Lecture 8 - Address Translation
CS 152 Computer Architecture and Engineering Lecture 8 - Translation Krste Asanovic Electrical Engineering and Computer Sciences University of California at Berkeley http://www.eecs.berkeley.edu/~krste!
More informationCIS Operating Systems Memory Management Cache. Professor Qiang Zeng Fall 2017
CIS 5512 - Operating Systems Memory Management Cache Professor Qiang Zeng Fall 2017 Previous class What is logical address? Who use it? Describes a location in the logical memory address space Compiler
More informationCSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
More informationVirtual Machine Monitors (VMMs) are a hot topic in
CSE 120 Principles of Operating Systems Winter 2007 Lecture 16: Virtual Machine Monitors Keith Marzullo and Geoffrey M. Voelker Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot topic
More informationCSE 560 Computer Systems Architecture
This Unit: CSE 560 Computer Systems Architecture App App App System software Mem I/O The operating system () A super-application Hardware support for an Page tables and address translation s and hierarchy
More information14 May 2012 Virtual Memory. Definition: A process is an instance of a running program
Virtual Memory (VM) Overview and motivation VM as tool for caching VM as tool for memory management VM as tool for memory protection Address translation 4 May 22 Virtual Memory Processes Definition: A
More informationVirtual Memory. Patterson & Hennessey Chapter 5 ELEC 5200/6200 1
Virtual Memory Patterson & Hennessey Chapter 5 ELEC 5200/6200 1 Virtual Memory Use main memory as a cache for secondary (disk) storage Managed jointly by CPU hardware and the operating system (OS) Programs
More informationDawn Song
1 Virtual Machines & Security Dawn Song dawnsong@cs.berkeley.edu Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability
More informationVirtual Memory II CSE 351 Spring
Virtual Memory II CSE 351 Spring 2018 https://xkcd.com/1495/ Virtual Memory (VM) Overview and motivation VM as a tool for caching Address translation VM as a tool for memory management VM as a tool for
More informationCS 152 Computer Architecture and Engineering. Lecture 8 - Address Translation
CS 152 Computer Architecture and Engineering Lecture 8 - Translation Krste Asanovic Electrical Engineering and Computer Sciences University of California at Berkeley http://www.eecs.berkeley.edu/~krste!
More informationEITF20: Computer Architecture Part 5.1.1: Virtual Memory
EITF20: Computer Architecture Part 5.1.1: Virtual Memory Liang Liu liang.liu@eit.lth.se 1 Outline Reiteration Cache optimization Virtual memory Case study AMD Opteron Summary 2 Memory hierarchy 3 Cache
More informationMain Memory (Fig. 7.13) Main Memory
Main Memory (Fig. 7.13) CPU CPU CPU Cache Multiplexor Cache Cache Bus Bus Bus Memory Memory bank 0 Memory bank 1 Memory bank 2 Memory bank 3 Memory b. Wide memory organization c. Interleaved memory organization
More informationCS 152 Computer Architecture and Engineering
CS 152 Computer Architecture and Engineering Lecture 12 -- Virtual Memory 2014-2-27 John Lazzaro (not a prof - John is always OK) TA: Eric Love www-inst.eecs.berkeley.edu/~cs152/ Play: CS 152 L12: Virtual
More informationComputer Architecture Background
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 2b Computer Architecture Background Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical & Computer Engineering
More informationEmbedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi
Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi Lecture - 13 Virtual memory and memory management unit In the last class, we had discussed
More informationCIS Operating Systems Memory Management Cache and Demand Paging. Professor Qiang Zeng Spring 2018
CIS 3207 - Operating Systems Memory Management Cache and Demand Paging Professor Qiang Zeng Spring 2018 Process switch Upon process switch what is updated in order to assist address translation? Contiguous
More informationMeltdown or "Holy Crap: How did we do this to ourselves" Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory
Meltdown or "Holy Crap: How did we do this to ourselves" Abstract Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory locations Breaks all security assumptions given
More informationCS252 S05. Main memory management. Memory hardware. The scale of things. Memory hardware (cont.) Bottleneck
Main memory management CMSC 411 Computer Systems Architecture Lecture 16 Memory Hierarchy 3 (Main Memory & Memory) Questions: How big should main memory be? How to handle reads and writes? How to find
More informationVirtual Memory. Samira Khan Apr 27, 2017
Virtual Memory Samira Khan Apr 27, 27 Virtual Memory Idea: Give the programmer the illusion of a large address space while having a small physical memory So that the programmer does not worry about managing
More informationEECS 470. Lecture 16 Virtual Memory. Fall 2018 Jon Beaumont
Lecture 16 Virtual Memory Fall 2018 Jon Beaumont http://www.eecs.umich.edu/courses/eecs470 Slides developed in part by Profs. Austin, Brehob, Falsafi, Hill, Hoe, Lipasti, Shen, Smith, Sohi, Tyson, and
More informationAnother View of the Memory Hierarchy. Lecture #25 Virtual Memory I Memory Hierarchy Requirements. Memory Hierarchy Requirements
CS61C L25 Virtual I (1) inst.eecs.berkeley.edu/~cs61c CS61C : Machine Structures Lecture #25 Virtual I 27-8-7 Scott Beamer, Instructor Another View of the Hierarchy Thus far{ Next: Virtual { Regs Instr.
More informationSecure Boot and Remote Attestation in the Sanctum Processor
Secure Boot and Remote Attestation in the Sanctum Processor Ilia Lebedev MIT CSAIL, USA ilebedev@csail.mit.edu Kyle Hogan MIT CSAIL, USA klhogan@csail.mit.edu Srinivas Devadas MIT CSAIL, USA devadas@mit.edu
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 10: Paging Geoffrey M. Voelker Lecture Overview Today we ll cover more paging mechanisms: Optimizations Managing page tables (space) Efficient
More informationSystems Programming and Computer Architecture ( ) Timothy Roscoe
Systems Group Department of Computer Science ETH Zürich Systems Programming and Computer Architecture (252-6-) Timothy Roscoe Herbstsemester 26 AS 26 Virtual Memory 8: Virtual Memory Computer Architecture
More informationSecure Boot and Remote Attestation in the Sanctum Processor
Secure Boot and Remote Attestation in the Sanctum Processor Ilia Lebedev MIT CSAIL, USA ilebedev@csail.mit.edu Kyle Hogan MIT CSAIL, USA klhogan@csail.mit.edu Srinivas Devadas MIT CSAIL, USA devadas@mit.edu
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More informationCertifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology
Certifying Program Execution with Secure Processors Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology Motivation All PCs may soon include trusted computing
More informationVirtual Memory Virtual memory first used to relive programmers from the burden of managing overlays.
CSE420 Virtual Memory Prof. Mokhtar Aboelaze York University Based on Slides by Prof. L. Bhuyan (UCR) Prof. M. Shaaban (RIT) Virtual Memory Virtual memory first used to relive programmers from the burden
More informationCSCE 410/611: Virtualization
CSCE 410/611: Virtualization Definitions, Terminology Why Virtual Machines? Mechanics of Virtualization Virtualization of Resources (Memory) Some slides made available Courtesy of Gernot Heiser, UNSW.
More informationMemory Management. Disclaimer: some slides are adopted from book authors slides with permission 1
Memory Management Disclaimer: some slides are adopted from book authors slides with permission 1 CPU management Roadmap Process, thread, synchronization, scheduling Memory management Virtual memory Disk
More informationVirtualization with XEN. Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California
Virtualization with XEN Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California A g e n d a Introduction Virtualization approaches Basic XEN Architecture Setting up XEN Bootstrapping
More informationcsci 3411: Operating Systems
csci 3411: Operating Systems Memory Management II Gabriel Parmer Slides adapted from Silberschatz and West Each Process has its Own Little World Virtual Address Space Picture from The
More informationIntroduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017
Introduction to SGX (Software Guard Extensions) and SGX Virtualization Kai Huang, Jun Nakajima (Speaker) July 12, 2017 1 INTEL RESTRICTED SECRET Agenda SGX Introduction Xen SGX Virtualization Support Backup
More informationHY225 Lecture 12: DRAM and Virtual Memory
HY225 Lecture 12: DRAM and irtual Memory Dimitrios S. Nikolopoulos University of Crete and FORTH-ICS May 16, 2011 Dimitrios S. Nikolopoulos Lecture 12: DRAM and irtual Memory 1 / 36 DRAM Fundamentals Random-access
More informationVirtual Memory Nov 9, 2009"
Virtual Memory Nov 9, 2009" Administrivia" 2! 3! Motivations for Virtual Memory" Motivation #1: DRAM a Cache for Disk" SRAM" DRAM" Disk" 4! Levels in Memory Hierarchy" cache! virtual memory! CPU" regs"
More informationLeveraging Intel SGX to Create a Nondisclosure Cryptographic library
CS 2530 - Computer and Network Security Project presentation Leveraging Intel SGX to Create a Nondisclosure Cryptographic library Mohammad H Mofrad & Spencer L Gray University of Pittsburgh Thursday, December
More information18-447: Computer Architecture Lecture 16: Virtual Memory
18-447: Computer Architecture Lecture 16: Virtual Memory Justin Meza Carnegie Mellon University (with material from Onur Mutlu, Michael Papamichael, and Vivek Seshadri) 1 Notes HW 2 and Lab 2 grades will
More informationCS 153 Design of Operating Systems Winter 2016
CS 153 Design of Operating Systems Winter 2016 Lecture 16: Memory Management and Paging Announcement Homework 2 is out To be posted on ilearn today Due in a week (the end of Feb 19 th ). 2 Recap: Fixed
More informationCS 152 Computer Architecture and Engineering. Lecture 9 - Address Translation
CS 152 Computer Architecture and Engineering Lecture 9 - Address Translation Krste Asanovic Electrical Engineering and Computer Sciences University of California at Berkeley http://www.eecs.berkeley.edu/~krste
More informationCS 61C: Great Ideas in Computer Architecture. Lecture 23: Virtual Memory. Bernhard Boser & Randy Katz
CS 61C: Great Ideas in Computer Architecture Lecture 23: Virtual Memory Bernhard Boser & Randy Katz http://inst.eecs.berkeley.edu/~cs61c Agenda Virtual Memory Paged Physical Memory Swap Space Page Faults
More informationCS 61C: Great Ideas in Computer Architecture Virtual Memory. Instructors: John Wawrzynek & Vladimir Stojanovic
CS 61C: Great Ideas in Computer Architecture Virtual Memory Instructors: John Wawrzynek & Vladimir Stojanovic http://inst.eecs.berkeley.edu/~cs61c/ 1 Review Programmed I/O Polling vs. Interrupts Booting
More informationCS 333 Introduction to Operating Systems. Class 11 Virtual Memory (1) Jonathan Walpole Computer Science Portland State University
CS 333 Introduction to Operating Systems Class 11 Virtual Memory (1) Jonathan Walpole Computer Science Portland State University Virtual addresses Virtual memory addresses (what the process uses) Page
More informationMemory Management. Disclaimer: some slides are adopted from book authors slides with permission 1
Memory Management Disclaimer: some slides are adopted from book authors slides with permission 1 CPU management Roadmap Process, thread, synchronization, scheduling Memory management Virtual memory Disk
More information@2010 Badri Computer Architecture Assembly II. Virtual Memory. Topics (Chapter 9) Motivations for VM Address translation
Virtual Memory Topics (Chapter 9) Motivations for VM Address translation 1 Motivations for Virtual Memory Use Physical DRAM as a Cache for the Disk Address space of a process can exceed physical memory
More informationVirtual Memory. Stefanos Kaxiras. Credits: Some material and/or diagrams adapted from Hennessy & Patterson, Hill, online sources.
Virtual Memory Stefanos Kaxiras Credits: Some material and/or diagrams adapted from Hennessy & Patterson, Hill, online sources. Caches Review & Intro Intended to make the slow main memory look fast by
More informationVirtual Memory. CS61, Lecture 15. Prof. Stephen Chong October 20, 2011
Virtual Memory CS6, Lecture 5 Prof. Stephen Chong October 2, 2 Announcements Midterm review session: Monday Oct 24 5:3pm to 7pm, 6 Oxford St. room 33 Large and small group interaction 2 Wall of Flame Rob
More informationEITF20: Computer Architecture Part 5.1.1: Virtual Memory
EITF20: Computer Architecture Part 5.1.1: Virtual Memory Liang Liu liang.liu@eit.lth.se 1 Outline Reiteration Virtual memory Case study AMD Opteron Summary 2 Memory hierarchy 3 Cache performance 4 Cache
More informationCSE 153 Design of Operating Systems
CSE 53 Design of Operating Systems Winter 28 Lecture 6: Paging/Virtual Memory () Some slides modified from originals by Dave O hallaron Today Address spaces VM as a tool for caching VM as a tool for memory
More informationCS 152 Computer Architecture and Engineering. Lecture 9 - Address Translation
CS 152 Computer Architecture and Engineering Lecture 9 - Address Translation Krste Asanovic Electrical Engineering and Computer Sciences University of California at Berkeley http://www.eecs.berkeley.edu/~krste!
More informationCS 61C: Great Ideas in Computer Architecture. Lecture 23: Virtual Memory
CS 61C: Great Ideas in Computer Architecture Lecture 23: Virtual Memory Krste Asanović & Randy H. Katz http://inst.eecs.berkeley.edu/~cs61c/fa17 1 Agenda Virtual Memory Paged Physical Memory Swap Space
More informationCarnegie Mellon. 16 th Lecture, Mar. 20, Instructors: Todd C. Mowry & Anthony Rowe
Virtual Memory: Concepts 5 23 / 8 23: Introduction to Computer Systems 6 th Lecture, Mar. 2, 22 Instructors: Todd C. Mowry & Anthony Rowe Today Address spaces VM as a tool lfor caching VM as a tool for
More informationTrustzone Security IP for IoT
Trustzone Security IP for IoT Udi Maor CryptoCell-7xx product manager Systems & Software Group ARM Tech Forum Singapore July 12 th 2017 Why is getting security right for IoT so important? When our everyday
More informationVirtualization and memory hierarchy
Virtualization and memory hierarchy Computer Architecture J. Daniel García Sánchez (coordinator) David Expósito Singh Francisco Javier García Blas ARCOS Group Computer Science and Engineering Department
More informationCSE 451: Operating Systems Winter Page Table Management, TLBs and Other Pragmatics. Gary Kimura
CSE 451: Operating Systems Winter 2013 Page Table Management, TLBs and Other Pragmatics Gary Kimura Moving now from Hardware to how the OS manages memory Two main areas to discuss Page table management,
More information