Memory Defenses. The Elevation from Obscurity to Headlines. Rajeev Balasubramonian School of Computing, University of Utah
|
|
- Lorin Simpson
- 5 years ago
- Views:
Transcription
1 Memory Defenses The Elevation from Obscurity to Headlines Rajeev Balasubramonian School of Computing, University of Utah
2 Image sources: pinterest, gizmodo 2
3 Spectre Overview Victim Code x is controlled by attacker Thanks to bpred, x can be anything if (x < array1_size) y = array2[ array1[x] ]; array1[ ] is the secret Access pattern of array2[ ] betrays the secret 3
4 What Did We Learn? Speculation + Specific Code + No side channel defenses 4
5 The Wake Up Call Say Yes to Side Channel Defenses 5
6 Overview Memory timing channels The Fixed Service memory controller [MICRO 2015] Memory access patterns Near-data ORAM [HPCA 2018] Memory integrity Improving SGX with VAULT [ASPLOS 2018] 6
7 Memory Timing Channels Victim Attacker VM 1 CORE 1 VM 2 CORE 2 MC Two VMs sharing a processor and memory channel 7
8 Possible Attacks VM 1 CORE 1 VM 2 CORE 2 MC Attack 1: Bits in a key influence memory accesses Attack 2: A victim can betray secrets through memory activity Attack 3: A covert channel attack 8
9 Covert Channel Attack Electronic health records 3 rd party document reader Conspirator VM 1 CORE 1 VM 2 CORE 2 MC A covert channel 9
10 Fixed Service Memory Controller VM-1 begins memory access VM-1 has its data in Rank-1 VM-2 has its data in Rank-2 VM-8 has its data in Rank-8 VM-2 begins memory access VM-8 begins memory access VM-1 begins memory access Time (in cycles) 10
11 Fixed Service Details Deterministic schedule No resource contention Dummy accesses if nothing pending Lower bandwidth, higher latency Why 7? DRAM timing parameters, worst-case Rank partitioning: 7 cycle gap Bank partitioning: 15 cycle gap No partitioning: 43 cycle gap 11
12 Overcoming Worst-Case In one batch of requests, schedule all reads, followed by all writes (worst-case encountered once per batch) Impose constraints on banks that can be accessed triple bank alternation Red: Bank-id mod 3 = 0 Blue: Bank-id mod 3 = 1 Green: Bank-id mod 3 = x15 = 45 > 43 12
13 Results NON-SECURE BASELINE 1.0 PERFORMANCE FS: RD/WR-REORDER 0.48 FS 0.74 FS: TRIPLE ALTERNATION TP 0.20 TP Increased OS complexity NO PARTITIONING BANK PARTITIONING RANK PARTITIONING 13
14 Overview Memory timing channels The Fixed Service memory controller [MICRO 2015] Memory access patterns Near-data ORAM [HPCA 2018] Memory integrity Improving SGX with VAULT [ASPLOS 2018] 14
15 Oblivious RAM Assumes that addresses are exposed Image sources: vice.com PHANTOM [CCS 13]: Memory bandwidth overhead of 15
16 Oblivious RAM Assumes that addresses are exposed Image sources: vice.com PHANTOM [CCS 13]: Memory bandwidth overhead of 2560x (about 280x today) 16
17 Path-ORAM Stash 17
18 A Distributed ORAM Authenticated buffer chip Processor MC All buses are exposed ORAM operations shift from Processor to SDIMM. ORAM traffic pattern shifts from the memory bus to on- SDIMM private buses. Buffer chip and processor communication is encrypted 18
19 The Independent ORAM Protocol Processor MC 1. Each SDIMM handles a subtree of the ORAM tree. 2. Only traffic on shared memory channel: CPU requests and leaf-id reassignments. 3. As much parallelism as the number of SDIMMs. 19
20 The Split ORAM Protocol Processor MC 1. Each SDIMM handles a subset of every node. 2. Only metadata is sent to the processor. 3. The processor tells the SDIMMs how to shuffle data. 4. Lower latency per ORAM request, but lower parallelism as well. 20
21 ORAM Results Summary Can combine the Independent and Split protocols to find the best balance of latency and parallelism Bandwidth demands are reduced from 280x 35x Execution time overheads from 5.2x 2.7x Reduces memory energy by 2.5x 21
22 Overview Memory timing channels The Fixed Service memory controller [MICRO 2015] Memory access patterns Near-data ORAM [HPCA 2018] Memory integrity Improving SGX with VAULT [ASPLOS 2018] 22
23 Intel SGX Basics Intel SGX Enclave 1 Enclave N EPC 96MB Non-EPC Sen Non-EPC NSen Memory 1. Enclave data is protected from malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity tree protects non-epc Sen. 4. This keeps overheads (bw and capacity) of integrity tree low. 5. Entails frequent paging between EPC and non-epc. 23
24 Intel SGX Basics Intel SGX Enclave 1 Enclave N EPC 96MB Non-EPC Sen Non-EPC NSen Memory VAULT: Unify EPC and non-epc to reduce paging. New integrity tree for low bw. Better metadata for capacity. 1. Enclave data is protected from malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity tree protects non-epc Sen. 4. This keeps overheads (bw and capacity) of integrity tree low. 5. Entails frequent paging between EPC and non-epc. 24
25 SGX Overheads 25
26 Bonsai Merkle Tree bits Intermediate Hashes Hash Hash Hash 64 bits 512 bits Hash Hash Hash Leaf hashes 512 bits for 64 counters Arity=64 MAC Data Block Data Block MAC Arity=8 Root block in processor Shared global counter 64b 7b Local counter 26 7b
27 VAULT 1. Small linkage counters high arity, compact/shallow tree, better cacheability. 2. Variable counter width to manage overflow. 3. Reduces bandwidth overhead for integrity verification. 27
28 VAULT+SMC 1. MAC storage and bw overheads are high. 2. Sharing a MAC among 4 blocks reduces storage, but incr bw. 3. A block is compressed and the MAC is embedded in the block reduces bw and storage. 28
29 Integrity Results Summary 3.7x performance improvement over SGX primarily because of lower paging overheads A large effective EPC is palatable 4.7% storage overhead and a more scalable tree (34% better than the SGX tree) VAULT+SMC 29
30 Big Finish Memory defenses were purely academic pursuits Integrity trees now a part of Intel SGX: overheads of 2x 40x VAULT improves integrity overhead to 1.5x 2.5x FS eliminates timing channels with overhead of 2x SDIMM improves ORAM overhead to 2.7x An array of memory defenses is now commercially viable and strategic given latent vulnerabilities Acks: Ali Shafiee, Meysam Taassori, Akhila Gundu, Manju Shevgoor, Mohit Tiwari, Feifei Li, NSF, Intel. 30
Secure DIMM: Moving ORAM Primitives Closer to Memory
Secure DIMM: Moving ORAM Primitives Closer to Memory Ali Shafiee, Rajeev Balasubramonian, Feifei Li School of Computing University of Utah Salt Lake City, Utah, USA Email: {shafiee,rajeev,lifeifei}@cs.utah.edu
More informationDesign and Implementation of the Ascend Secure Processor. Ling Ren, Christopher W. Fletcher, Albert Kwon, Marten van Dijk, Srinivas Devadas
Design and Implementation of the Ascend Secure Processor Ling Ren, Christopher W. Fletcher, Albert Kwon, Marten van Dijk, Srinivas Devadas Agenda Motivation Ascend Overview ORAM for obfuscation Ascend:
More informationLecture 24: Memory, VM, Multiproc
Lecture 24: Memory, VM, Multiproc Today s topics: Security wrap-up Off-chip Memory Virtual memory Multiprocessors, cache coherence 1 Spectre: Variant 1 x is controlled by attacker Thanks to bpred, x can
More informationAscend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM)
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7b Ascend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM) Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen
More informationPageVault: Securing Off-Chip Memory Using Page-Based Authen?ca?on. Blaise-Pascal Tine Sudhakar Yalamanchili
PageVault: Securing Off-Chip Memory Using Page-Based Authen?ca?on Blaise-Pascal Tine Sudhakar Yalamanchili Outline Background: Memory Security Motivation Proposed Solution Implementation Evaluation Conclusion
More informationA HIGH-PERFORMANCE OBLIVIOUS RAM CONTROLLER ON THE CONVEY HC-2EX HETEROGENEOUS COMPUTING PLATFORM
A HIGH-PERFORMANCE OBLIVIOUS RAM CONTROLLER ON THE CONVEY HC-2EX HETEROGENEOUS COMPUTING PLATFORM BASED ON PHANTOM: PRACTICAL OBLIVIOUS COMPUTATION IN A SECURE PROCESSOR FROM CCS-2013! Martin Maas, Eric
More informationArchitecture- level Security Issues for main memory. Ali Shafiee
Architecture- level Security Issues for main memory Ali Shafiee Aganda Replay- A;ack (bonsai) merkle tree NVM challenages Endurance stealing Side- channel A;ack due to resource sharing Time channel a;ack
More informationSanctum: Minimal HW Extensions for Strong SW Isolation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7a Sanctum: Minimal HW Extensions for Strong SW Isolation Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical &
More informationIntel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron
Real World Cryptography Conference 2016 6-8 January 2016, Stanford, CA, USA Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron Intel Corp., Intel Development Center,
More informationSearchable Encryption Using ORAM. Benny Pinkas
Searchable Encryption Using ORAM Benny Pinkas 1 Desiderata for Searchable Encryption Security No leakage about the query or the results Functionality Variety of queries that are supported Performance 2
More informationThe Ascend Secure Processor. Christopher Fletcher MIT
The Ascend Secure Processor Christopher Fletcher MIT 1 Joint work with Srini Devadas, Marten van Dijk Ling Ren, Albert Kwon, Xiangyao Yu Elaine Shi & Emil Stefanov David Wentzlaff & Princeton Team (Mike,
More informationSGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut
SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic
More informationMain Memory and the CPU Cache
Main Memory and the CPU Cache CPU cache Unrolled linked lists B Trees Our model of main memory and the cost of CPU operations has been intentionally simplistic The major focus has been on determining
More informationObliviate: A Data Oblivious File System for Intel SGX. Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee
Obliviate: A Data Oblivious File System for Intel SGX Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee 1 Clouds? The Ultimate Dream? User Clouds 2 Clouds? The Ultimate Dream? User Clouds
More informationObfusMem: A Low-Overhead Access Obfuscation for Trusted Memories
ObfusMem: A Low-Overhead Access Obfuscation for Trusted Memories Amro Awad 1, Yipeng Wang 2, Deborah Shands 3, Yan Solihin 2 1 Sandia National Laboratories 2 North Carolina State University 3 National
More informationRaccoon: Closing Digital Side-Channels through Obfuscated Execution
Raccoon: Closing Digital Side-Channels through Obfuscated Execution Ashay Rane, Calvin Lin, Mohit Tiwari The University of Texas at Austin Secure code? Instruction Pointer if (secret_bit == 1) { z = (msg
More informationFrom bottom to top: Exploiting hardware side channels in web browsers
From bottom to top: Exploiting hardware side channels in web browsers Clémentine Maurice, Graz University of Technology July 4, 2017 RMLL, Saint-Étienne, France Rennes Graz Clémentine Maurice PhD since
More informationReducing Hit Times. Critical Influence on cycle-time or CPI. small is always faster and can be put on chip
Reducing Hit Times Critical Influence on cycle-time or CPI Keep L1 small and simple small is always faster and can be put on chip interesting compromise is to keep the tags on chip and the block data off
More informationEE 457 Unit 7b. Main Memory Organization
1 EE 457 Unit 7b Main Memory Organization 2 Motivation Organize main memory to Facilitate byte-addressability while maintaining Efficient fetching of the words in a cache block Low order interleaving (L.O.I)
More informationSilent Shredder: Zero-Cost Shredding For Secure Non-Volatile Main Memory Controllers
Silent Shredder: Zero-Cost Shredding For Secure Non-Volatile Main Memory Controllers 1 ASPLOS 2016 2-6 th April Amro Awad (NC State University) Pratyusa Manadhata (Hewlett Packard Labs) Yan Solihin (NC
More informationProtecting Private Data in the Cloud: A Path Oblivious RAM Protocol
Protecting Private Data in the Cloud: A Path Oblivious RAM Protocol Nathan Wolfe and Ethan Zou Mentors: Ling Ren and Xiangyao Yu Fourth Annual MIT PRIMES Conference May 18, 2014 Outline 1. Background 2.
More informationLecture 14: Cache Innovations and DRAM. Today: cache access basics and innovations, DRAM (Sections )
Lecture 14: Cache Innovations and DRAM Today: cache access basics and innovations, DRAM (Sections 5.1-5.3) 1 Reducing Miss Rate Large block size reduces compulsory misses, reduces miss penalty in case
More informationHardware Enclave Attacks CS261
Hardware Enclave Attacks CS261 Threat Model of Hardware Enclaves Intel Attestation Service (IAS) Process Enclave Untrusted Trusted Enclave Code Enclave Data Process Process Other Enclave OS and/or Hypervisor
More informationMing Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay
Hardware and Architectural Support for Security and Privacy (HASP 18), June 2, 2018, Los Angeles, CA, USA Ming Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay Computing and Engineering (SCSE) Nanyang Technological
More information15-740/ Computer Architecture Lecture 19: Main Memory. Prof. Onur Mutlu Carnegie Mellon University
15-740/18-740 Computer Architecture Lecture 19: Main Memory Prof. Onur Mutlu Carnegie Mellon University Last Time Multi-core issues in caching OS-based cache partitioning (using page coloring) Handling
More informationSGXBounds Memory Safety for Shielded Execution
SGXBounds Memory Safety for Shielded Execution Dmitrii Kuvaiskii, Oleksii Oleksenko, Sergei Arnautov, Bohdan Trach, Pramod Bhatotia *, Pascal Felber, Christof Fetzer TU Dresden, * The University of Edinburgh,
More informationLocking Down the Processor via the Rowhammer Attack
SGX-BOMB: Locking Down the Processor via the Rowhammer Attack Yeongjin Jang*, Jaehyuk Lee, Sangho Lee, and Taesoo Kim Oregon State University* KAIST Georgia Institute of Technology TL;DR SGX locks up the
More informationLecture 5: Scheduling and Reliability. Topics: scheduling policies, handling DRAM errors
Lecture 5: Scheduling and Reliability Topics: scheduling policies, handling DRAM errors 1 PAR-BS Mutlu and Moscibroda, ISCA 08 A batch of requests (per bank) is formed: each thread can only contribute
More informationComputer Systems Architecture I. CSE 560M Lecture 18 Guest Lecturer: Shakir James
Computer Systems Architecture I CSE 560M Lecture 18 Guest Lecturer: Shakir James Plan for Today Announcements No class meeting on Monday, meet in project groups Project demos < 2 weeks, Nov 23 rd Questions
More informationRapid Detection of RowHammer Attacks using Dynamic Skewed Hash Tree
Rapid Detection of RowHammer Attacks using Dynamic Skewed Hash Tree SARU VIG SIEW-KEI LAM N A N YA N G T E C H N O LO G I C A L U N I V E R S I T Y, S I N G A P O R E SARANI BHAT TACHARYA DEBDEEP MUKHOPADHYA
More informationLecture: Cache Hierarchies. Topics: cache innovations (Sections B.1-B.3, 2.1)
Lecture: Cache Hierarchies Topics: cache innovations (Sections B.1-B.3, 2.1) 1 Types of Cache Misses Compulsory misses: happens the first time a memory word is accessed the misses for an infinite cache
More informationThe Last Mile An Empirical Study of Timing Channels on sel4
The Last Mile An Empirical Study of Timing on David Cock Qian Ge Toby Murray Gernot Heiser 4 November 2014 NICTA Funding and Supporting Members and Partners Outline The Last Mile Copyright NICTA 2014 David
More informationLast lecture we talked about how Intrusion Detection works. Today we will talk about the attacks. Intrusion Detection. Shell code
4/25/2006 Lecture Notes: DOS Beili Wang Last lecture we talked about how Intrusion Detection works. Today we will talk about the attacks. Intrusion Detection Aps Monitor OS Internet Shell code Model In
More informationLecture 16: Cache in Context (Uniprocessor) James C. Hoe Department of ECE Carnegie Mellon University
18 447 Lecture 16: Cache in Context (Uniprocessor) James C. Hoe Department of ECE Carnegie Mellon University 18 447 S18 L16 S1, James C. Hoe, CMU/ECE/CALCM, 2018 Your goal today Housekeeping understand
More information(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.
CS140 Winter 2006 Final Exam Solutions (1) In class we talked about the link count in the inode of the Unix file system being incorrect after a crash. The reference count can either be either too high
More informationLecture: Large Caches, Virtual Memory. Topics: cache innovations (Sections 2.4, B.4, B.5)
Lecture: Large Caches, Virtual Memory Topics: cache innovations (Sections 2.4, B.4, B.5) 1 More Cache Basics caches are split as instruction and data; L2 and L3 are unified The /L2 hierarchy can be inclusive,
More informationSecuring the Frisbee Multicast Disk Loader
Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah 1 What is Frisbee? 2 Frisbee is Emulab s tool to install whole disk images from a server to many clients using
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationWhy memory hierarchy? Memory hierarchy. Memory hierarchy goals. CS2410: Computer Architecture. L1 cache design. Sangyeun Cho
Why memory hierarchy? L1 cache design Sangyeun Cho Computer Science Department Memory hierarchy Memory hierarchy goals Smaller Faster More expensive per byte CPU Regs L1 cache L2 cache SRAM SRAM To provide
More informationLocality. CS429: Computer Organization and Architecture. Locality Example 2. Locality Example
Locality CS429: Computer Organization and Architecture Dr Bill Young Department of Computer Sciences University of Texas at Austin Principle of Locality: Programs tend to reuse data and instructions near
More informationLeaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX W. Wang, G. Chen, X, Pan, Y. Zhang, XF. Wang, V. Bindschaedler, H. Tang, C. Gunter. September 19, 2017 Motivation Intel
More informationSGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 3b SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees Slide deck extracted from Kamran s tutorial on SGX and Chenglu s security analysis
More informationMEMORY/RESOURCE MANAGEMENT IN MULTICORE SYSTEMS
MEMORY/RESOURCE MANAGEMENT IN MULTICORE SYSTEMS INSTRUCTOR: Dr. MUHAMMAD SHAABAN PRESENTED BY: MOHIT SATHAWANE AKSHAY YEMBARWAR WHAT IS MULTICORE SYSTEMS? Multi-core processor architecture means placing
More informationTDT Appendix E Interconnection Networks
TDT 4260 Appendix E Interconnection Networks Review Advantages of a snooping coherency protocol? Disadvantages of a snooping coherency protocol? Advantages of a directory coherency protocol? Disadvantages
More informationDRAM Main Memory. Dual Inline Memory Module (DIMM)
DRAM Main Memory Dual Inline Memory Module (DIMM) Memory Technology Main memory serves as input and output to I/O interfaces and the processor. DRAMs for main memory, SRAM for caches Metrics: Latency,
More informationMicro-Architectural Attacks and Countermeasures
Micro-Architectural Attacks and Countermeasures Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 25 Contents Micro-Architectural Attacks Cache Attacks Branch Prediction Attack
More informationAnd Then There Were More:
David Naylor Carnegie Mellon And Then There Were More: Secure Communication for More Than Two Parties Richard Li University of Utah Christos Gkantsidis Microsoft Research Thomas Karagiannis Microsoft Research
More informationSecure Remote Storage Using Oblivious RAM
Secure Remote Storage Using Oblivious RAM Giovanni Malloy Mentors: Georgios Kellaris, Kobbi Nissim August 11, 2016 Abstract Oblivious RAM (ORAM) is a protocol that allows a user to access the data she
More informationExploring Timing Side-channel Attacks on Path-ORAMs
Exploring Timing Side-channel Attacks on Path-ORAMs Chongxi Bao, and Ankur Srivastava Dept. of ECE, University of Maryland, College Park Email: {borisbcx, ankurs}@umd.edu Abstract In recent research, it
More informationDonn Morrison Department of Computer Science. TDT4255 Memory hierarchies
TDT4255 Lecture 10: Memory hierarchies Donn Morrison Department of Computer Science 2 Outline Chapter 5 - Memory hierarchies (5.1-5.5) Temporal and spacial locality Hits and misses Direct-mapped, set associative,
More informationDesign Space Exploration and Optimization of Path Oblivious RAM in Secure Processors
Design Space Exploration and Optimization of Path Oblivious RAM in Secure Processors Ling Ren, Xiangyao Yu, Christopher W. Fletcher, Marten van Dijk and Srinivas Devadas MIT CSAIL, Cambridge, MA, USA {renling,
More informationEfficient Memory Integrity Verification and Encryption for Secure Processors
Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology New Security
More informationDeterministic Memory Abstraction and Supporting Multicore System Architecture
Deterministic Memory Abstraction and Supporting Multicore System Architecture Farzad Farshchi $, Prathap Kumar Valsan^, Renato Mancuso *, Heechul Yun $ $ University of Kansas, ^ Intel, * Boston University
More informationCOS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy
Topics COS 318: Operating Systems File Systems hierarchy File system abstraction File system operations File system protection 2 Traditional Data Center Hierarchy Evolved Data Center Hierarchy Clients
More informationAuthenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas
Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013 Cloud Storage Model
More informationIntroduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017
Introduction to SGX (Software Guard Extensions) and SGX Virtualization Kai Huang, Jun Nakajima (Speaker) July 12, 2017 1 INTEL RESTRICTED SECRET Agenda SGX Introduction Xen SGX Virtualization Support Backup
More informationCS 550 Operating Systems Spring File System
1 CS 550 Operating Systems Spring 2018 File System 2 OS Abstractions Process: virtualization of CPU Address space: virtualization of memory The above to allow a program to run as if it is in its own private,
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationROTE: Rollback Protection for Trusted Execution
ROTE: Rollback Protection for Trusted Execution Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, Srdjan Capkun Siniša Matetić ETH Zurich Institute of
More informationCSC 5930/9010 Cloud S & P: Cloud Primitives
CSC 5930/9010 Cloud S & P: Cloud Primitives Professor Henry Carter Spring 2017 Methodology Section This is the most important technical portion of a research paper Methodology sections differ widely depending
More informationLecture 16: On-Chip Networks. Topics: Cache networks, NoC basics
Lecture 16: On-Chip Networks Topics: Cache networks, NoC basics 1 Traditional Networks Huh et al. ICS 05, Beckmann MICRO 04 Example designs for contiguous L2 cache regions 2 Explorations for Optimality
More informationLecture 15: PCM, Networks. Today: PCM wrap-up, projects discussion, on-chip networks background
Lecture 15: PCM, Networks Today: PCM wrap-up, projects discussion, on-chip networks background 1 Hard Error Tolerance in PCM PCM cells will eventually fail; important to cause gradual capacity degradation
More informationPage 1. Multilevel Memories (Improving performance using a little cash )
Page 1 Multilevel Memories (Improving performance using a little cash ) 1 Page 2 CPU-Memory Bottleneck CPU Memory Performance of high-speed computers is usually limited by memory bandwidth & latency Latency
More informationSecure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Attacks
: Defending Against Cache-Based Side Channel Attacks Mengjia Yan, Bhargava Gopireddy, Thomas Shull, Josep Torrellas University of Illinois at Urbana-Champaign http://iacoma.cs.uiuc.edu Presented by Mengjia
More informationReplacement policies for shared caches on symmetric multicores : a programmer-centric point of view
1 Replacement policies for shared caches on symmetric multicores : a programmer-centric point of view Pierre Michaud INRIA HiPEAC 11, January 26, 2011 2 Outline Self-performance contract Proposition for
More information6.857 L17. Secure Processors. Srini Devadas
6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);
More informationEastern Mediterranean University School of Computing and Technology CACHE MEMORY. Computer memory is organized into a hierarchy.
Eastern Mediterranean University School of Computing and Technology ITEC255 Computer Organization & Architecture CACHE MEMORY Introduction Computer memory is organized into a hierarchy. At the highest
More informationTowards Constant Bandwidth Overhead Integrity Checking of Untrusted Data
Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data Dwaine Clarke, G. Edward Suh, Blaise Gassend, Ajay Sudan, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology
More informationStorage and File System
COS 318: Operating Systems Storage and File System Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Topics Storage hierarchy File
More informationLecture 8: Virtual Memory. Today: DRAM innovations, virtual memory (Sections )
Lecture 8: Virtual Memory Today: DRAM innovations, virtual memory (Sections 5.3-5.4) 1 DRAM Technology Trends Improvements in technology (smaller devices) DRAM capacities double every two years, but latency
More informationMaking Searchable Encryption Scale to the Cloud. Ian Miers and Payman Mohassel
Making Searchable Encryption Scale to the Cloud Ian Miers and Payman Mohassel End to end Encryption No encryption Transport encryption End2End Encryption Service provider Service provider Service provider
More informationHello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard, Kay Römer
More informationTowards Constant Bandwidth Overhead Integrity Checking of Untrusted Data
Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data Dwaine Clarke, G. Edward Suh, Blaise Gassend, Ajay Sudan, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology
More informationFile Systems. Kartik Gopalan. Chapter 4 From Tanenbaum s Modern Operating System
File Systems Kartik Gopalan Chapter 4 From Tanenbaum s Modern Operating System 1 What is a File System? File system is the OS component that organizes data on the raw storage device. Data, by itself, is
More informationand data combined) is equal to 7% of the number of instructions. Miss Rate with Second- Level Cache, Direct- Mapped Speed
5.3 By convention, a cache is named according to the amount of data it contains (i.e., a 4 KiB cache can hold 4 KiB of data); however, caches also require SRAM to store metadata such as tags and valid
More informationECE 598-MS: Advanced Memory and Storage Systems Lecture 7: Unified Address Translation with FlashMap
ECE 598-MS: Advanced Memory and Storage Systems Lecture 7: Unified Address Translation with Map Jian Huang Use As Non-Volatile Memory DRAM (nanoseconds) Application Memory Component SSD (microseconds)
More informationPractical Near-Data Processing for In-Memory Analytics Frameworks
Practical Near-Data Processing for In-Memory Analytics Frameworks Mingyu Gao, Grant Ayers, Christos Kozyrakis Stanford University http://mast.stanford.edu PACT Oct 19, 2015 Motivating Trends End of Dennard
More informationSystem-centric Solutions to
System-centric Solutions to Micro-architectural and System-level Side Channels Yinqian Zhang, Ph.D. The Ohio State University Micro-architectural and System-level Side Channels Micro-architectural side
More informationOut of Order Processing
Out of Order Processing Manu Awasthi July 3 rd 2018 Computer Architecture Summer School 2018 Slide deck acknowledgements : Rajeev Balasubramonian (University of Utah), Computer Architecture: A Quantitative
More informationCSCI 1800 Cybersecurity and International Relations. Computer Hardware & Software John E. Savage Brown University
CSCI 1800 Cybersecurity and International Relations Computer Hardware & Software John E. Savage Brown University Overview Introduction computer design Central Processing Unit (CPU) Random Access Memory
More informationSecuring Multiple Mobile Platforms
Securing Multiple Mobile Platforms CPU-based Multi Factor Security 2010 Security Workshop ETSI 2010 Security Workshop Navin Govind Aventyn, Inc. Founder and CEO 1 Mobile Platform Security Gaps Software
More informationLecture 18: Core Design, Parallel Algos
Lecture 18: Core Design, Parallel Algos Today: Innovations for ILP, TLP, power and parallel algos Sign up for class presentations 1 SMT Pipeline Structure Front End Front End Front End Front End Private/
More informationAdvanced Caches. ECE/CS 752 Fall 2017
Advanced Caches ECE/CS 752 Fall 2017 Prof. Mikko H. Lipasti University of Wisconsin-Madison Lecture notes based on notes by John P. Shen and Mark Hill Updated by Mikko Lipasti Read on your own: Review:
More informationMemories: Memory Technology
Memories: Memory Technology Z. Jerry Shi Assistant Professor of Computer Science and Engineering University of Connecticut * Slides adapted from Blumrich&Gschwind/ELE475 03, Peh/ELE475 * Memory Hierarchy
More informationSpring 2018 :: CSE 502. Main Memory & DRAM. Nima Honarmand
Main Memory & DRAM Nima Honarmand Main Memory Big Picture 1) Last-level cache sends its memory requests to a Memory Controller Over a system bus of other types of interconnect 2) Memory controller translates
More informationMemory Hierarchy. Slides contents from:
Memory Hierarchy Slides contents from: Hennessy & Patterson, 5ed Appendix B and Chapter 2 David Wentzlaff, ELE 475 Computer Architecture MJT, High Performance Computing, NPTEL Memory Performance Gap Memory
More informationFreecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM
Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM Christopher W. Fletcher, Ling Ren, Albert Kwon, Marten van Dijk, Srinivas Devadas Massachusetts Institute
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More informationLecture 15: NoC Innovations. Today: power and performance innovations for NoCs
Lecture 15: NoC Innovations Today: power and performance innovations for NoCs 1 Network Power Power-Driven Design of Router Microarchitectures in On-Chip Networks, MICRO 03, Princeton Energy for a flit
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
STO1926BU A Day in the Life of a VSAN I/O Diving in to the I/O Flow of vsan John Nicholson (@lost_signal) Pete Koehler (@vmpete) VMworld 2017 Content: Not for publication #VMworld #STO1926BU Disclaimer
More informationUsing a Certified Hypervisor to Secure V2X communication
SYSGO AG PUBLIC 1 Using a Certified Hypervisor to Secure V2X communication Author(s): Date: Version Chris Berg 08/05/2017 v1.1 SYSGO AG PUBLIC 2 Protecting Assets People started protecting their assets
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationSnoop-Based Multiprocessor Design III: Case Studies
Snoop-Based Multiprocessor Design III: Case Studies Todd C. Mowry CS 41 March, Case Studies of Bus-based Machines SGI Challenge, with Powerpath SUN Enterprise, with Gigaplane Take very different positions
More informationAdvanced Memory Organizations
CSE 3421: Introduction to Computer Architecture Advanced Memory Organizations Study: 5.1, 5.2, 5.3, 5.4 (only parts) Gojko Babić 03-29-2018 1 Growth in Performance of DRAM & CPU Huge mismatch between CPU
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationCooperative Path-ORAM for Effective Memory Bandwidth Sharing in Server Settings
2017 IEEE International Symposium on High Performance Computer Architecture Cooperative Path-ORAM for Effective Memory Bandwidth Sharing in Server Settings Rujia Wang Youtao Zhang Jun Yang Electrical and
More informationLixia Liu, Zhiyuan Li Purdue University, USA. grants ST-HEC , CPA and CPA , and by a Google Fellowship
Lixia Liu, Zhiyuan Li Purdue University, USA PPOPP 2010, January 2009 Work supported in part by NSF through Work supported in part by NSF through grants ST-HEC-0444285, CPA-0702245 and CPA-0811587, and
More informationSlalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian Tramèr (joint work with Dan Boneh) Intel, Santa Clara August 30 th 2018 Trusted execution of ML: 3 motivating
More informationHardening Fingerprint Authentication Systems Using Intel s SGX Enclave Technology. Interim Progress Report
Hardening Fingerprint Authentication Systems Using Intel s SGX Enclave Technology Interim Progress Report DELL-EMC Envision the Future Competition 2018 Table of Contents List of Figures... 3 List of tables...
More informationEmbedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi
Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi Lecture - 13 Virtual memory and memory management unit In the last class, we had discussed
More information