Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor
|
|
- Cleopatra Norton
- 5 years ago
- Views:
Transcription
1 Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan, Michael Dalton, Christos Kozyrakis Computer Systems Laboratory Stanford University
2 Motivation Dynamic analysis help better understand SW behavior Security, Debugging, Full system profiling Hardware support for such analyses very useful Provides speed advantage over SW solutions Systems manage metadata for analysis in hardware Implementation challenges Storage overheads of metadata (Suh 05) Processing of metadata Need fast processing (low overheads) Need cost effective implementation Solution: Tightly coupled coprocessor for analysis 2
3 Case Study DIFT (Dynamic Information Flow Tracking) DIFT taints data from untrusted sources Extra tag bit per word marks if untrusted Propagate taint during program execution Operations with tainted data produce tainted results Check for suspicious uses of tainted data Tainted code execution Tainted pointer dereference (code & data) Tainted SQL command Can detect both low-level & high-level threats 3
4 DIFT Example: Memory Corruption Vulnerable C Code int idx = tainted_input; buffer[idx] = x; // memory corruption T Data set r1 &tainted_input r1:0 r1:&input load r2 M[r1] r2:idx=input add r4 r2 + r3 r3:&buffer store M[r4] r5 r4:0 r4:&buffer+idx TRAP r5:x Tainted pointer dereference security trap 4
5 HW Option 1: In-core DIFT I-Cache Decode RegFile ALU D-Cache Traps W B Policy Decode Tag ALU Tag Check Integrated DIFT hardware [Dalton 07, Suh 04, Chen 05] No performance, minor power, and minor area overhead Invasive changes to processor High design and validation costs Synchronizes metadata and data per instruction 5
6 HW Option 2: Offloading DIFT General Purpose Core Core 1 (App) Core 2 (DIFT) General Purpose Core Capture Analyze Trace Trace Log buffer (L2 cache) SW DIFT on modified multi-core chip (e.g., CMU s LBA) Flexible support for various analyses Large area & power overhead (2 nd core, trace compress) Large performance overhead (DBT, memory traffic) Significant changes to processor & memory hierarchy 6
7 Our Proposal: DIFT Coprocessor General Purpose Core Main Core Instructions Exceptions Tag Core DIFT Coprocessor Cache Tag Cache L2 Cache Off-core DIFT coprocessor (similar to watchdog processors) Small performance, power, and area overhead Minor changes to processor Reuse across processor designs 7
8 Outline Motivation & Overview Software Interface of the coprocessor Architecture of the coprocessor Performance & Security Evaluation Conclusion 8
9 Coprocessor Setup A pair of policy registers Accessible via coprocessor instructions Could also be memory-mapped Policy granularity: operation type Select input operands to be checked (if tainted) Select input operands that propagate taint to output Select the propagation mode (and, or, xor) ISA instructions decomposed to 1 operations Types: ALU, logical, branch, memory, compare, FP, Makes policies independent of ISA packaging Same HW policies for both RISC & CISC ISAs 9
10 What happens without Proc/Coproc Synchronization? Vulnerable C Code int idx = tainted_input; buffer[idx] = x; // memory corruption set r1 &tainted_input load r2 M[r1] add r4 r2 + r3 store M[r4] r5 SYSTEM T Data r1:0 r1:&input r2:idx=input r3:&buffer r4:0 r4:&buffer+idx COMPROMISE EXPLOIT r5:x exec (sys call) Attacker executes system call system compromise 10
11 System Calls as Sync points Key Idea: Main core and coproc sync at system calls Security: This prevents attacker from executing system calls Application s corrupted address space can be discarded Does not weaken the DIFT model DIFT detects attack only at time of exploit, not corruption Performance: Synchronization overhead typically tens of cycles Function of decoupling queue size Lost in the noise of system call overheads (hundreds of cycles) 11
12 System Call Synchronization Vulnerable C Code int idx = tainted_input; buffer[idx] = x; // memory corruption set r1 &tainted_input load r2 M[r1] add r4 r2 + r3 Data r1:0 r1:&input r2:idx=input r3:&buffer store M[r4] r5 r4:0 r4:&buffer+idx exec (sys call) TRAP T r5:x STALL Tainted pointer dereference security exception 12
13 Coprocessor Design Security exception Processor Core I Cache D Cache Decoupling queue Stall Policy Decode Tag RF PC DIFT Coprocessor Inst Encoding Physical Address Tag ALU Tag Cache Tag Check W B L2 Cache DIFT functionality in a coprocessor 4 tag bits of metadata per word of data Coprocessor Interface (via decoupling queue) Pass committed instruction information Instruction encoding could be at micro-op granularity (in x86) Physical address obviates need for MMU in coprocessor 13
14 Prototype Hardware Paired with simple SPARC V8 core (Leon-3) Mapped to FPGA board 512MB Leon-3 z 512MB DRAM Ethernet Ethernet AoE AoE Software Fully-featured Linux 2.6 Design statistics Clock frequency: same as original Logic: +7.5% overhead of simple in-order core with no speculation 14
15 System Performance Overheads Runtime Overhead (%) 1.00% 0.80% 0.60% 0.40% 0.20% 0.00% gzip gap vpr gcc mcf crafty parser vortex bzip2 twolf Runtime overhead < 1% over SPEC benchmarks 512 byte tag cache 6-entry decoupling queue 15
16 Scaling the tag cache Runtime Overhead (%) 25% 20% 15% 10% 5% 0% Queue full stalls Stalls Memory contention Stalls 16B 32B 64B 128B 256B 512B 1K Size of the Tag Cache Worst case micro-benchmark 512-byte tag cache provides good performance 16
17 Scaling the decoupling queue Runtime Overhead (%) 12% 10% 8% 6% 4% 2% 0% Size of the Queue (no. of entries) Queue fill full Stalls Memory contention Stalls Worst case micro-benchmark 6 entry queue reduces performance overhead 17
18 Coprocessors for complex cores 1.2 gzip Modest overheads with higher IPC cores Because main core rarely achieves peak IPC (=1) Relative Overhead Ratio of main core's clock to coprocessor's clock Coprocessor performs very simple operations Implies coprocessor can be paired with complex cores 18 gcc twolf
19 Security Policies Overview Buffer Overflow Policy Offset-based attacks (control ptr) Format String Policy SQL/XSS Identify all pointers, and track data taint. Check for illegal tainted ptr use. Y Y Track data taint, and bounds check to validate. P Bit T Bit B Bit S Bit Check tainted args to print commands. Y Y Check tainted commands. Y Y Red zone Policy Sandbox heap data. Y Y Sandboxing Policy Protect the security handler. Y 19
20 Security Experiments Program Lang. Attack Detected Vulnerability tar C Directory Traversal Open tainted dir gzip C Directory Traversal Open tainted dir Wu-FTPD C Format String Tainted %n in vfprintf string SUS C Format String Tainted %n in syslog quotactl syscall C User/kernel pointer dereference Tainted pointer to kernelspace sendmail C Buffer (BSS) Overflow Tainted code ptr polymorph C Buffer Overflow Tainted code ptr htdig C++ Cross-site Scripting Tainted <script> tag Scry PHP Cross-site Scripting Tainted <script> tag Unmodified SPARC binaries from real-world programs Basic/net utilities, servers, web apps, search engine 20
21 Security Experiments Program Lang. Attack Detected Vulnerability tar C Directory Traversal Open tainted dir gzip C Directory Traversal Open tainted dir Wu-FTPD C Format String Tainted %n in vfprintf string SUS C Format String Tainted %n in syslog quotactl syscall C User/kernel pointer dereference Tainted pointer to kernelspace sendmail C Buffer (BSS) Overflow Tainted code ptr polymorph C Buffer Overflow Tainted code ptr htdig C++ Cross-site Scripting Tainted <script> tag Scry PHP Cross-site Scripting Tainted <script> tag Protection against low-level memory corruptions Both in userspace and kernelspace 21
22 Security Experiments Program Lang. Attack Detected Vulnerability tar C Directory Traversal Open tainted dir gzip C Directory Traversal Open tainted dir Wu-FTPD C Format String Tainted %n in vfprintf string SUS C Format String Tainted %n in syslog quotactl syscall C User/kernel pointer dereference Tainted pointer to kernelspace sendmail C Buffer (BSS) Overflow Tainted code ptr polymorph C Buffer Overflow Tainted code ptr htdig C++ Cross-site Scripting Tainted <script> tag Scry PHP Cross-site Scripting Tainted <script> tag Protection against semantic vulnerabilities 22
23 Security Experiments Program Lang. Attack Detected Vulnerability tar C Directory Traversal Open tainted dir gzip C Directory Traversal Open tainted dir Wu-FTPD C Format String Tainted %n in vfprintf string SUS C Format String Tainted %n in syslog quotactl syscall C User/kernel pointer dereference Tainted pointer to kernelspace sendmail C Buffer (BSS) Overflow Tainted code ptr polymorph C Buffer Overflow Tainted code ptr htdig C++ Cross-site Scripting Tainted <script> tag Scry PHP Cross-site Scripting Tainted <script> tag Protection is independent of programming language Propagation & checks at the level of basic ops 23
24 Conclusions Hardware dynamic analyses aid program understanding Decoupling analyses from main core essential for practicality Proposed a tightly coupled coprocessor for DIFT Does not compromise security model Has low performance and area overheads Full-system FPGA prototype Reliably catches exploits in user & kernel-space 24
Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor
1 Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan, Michael Dalton, Christos Kozyrakis Presenter: Yue Zheng Yulin Shi Outline Motivation & Background Hardware DIFT
More informationReal-World Buffer Overflow Protection in User & Kernel Space
Real-World Buffer Overflow Protection in User & Kernel Space Michael Dalton, Hari Kannan, Christos Kozyrakis Computer Systems Laboratory Stanford University http://raksha.stanford.edu 1 Motivation Buffer
More informationRaksha: A Flexible Information Flow Architecture for Software Security
Raksha: A Flexible Information Flow Architecture for Software Security Michael Dalton, Hari Kannan, Christos Kozyrakis Computer Systems Laboratory Stanford University {mwdalton, hkannan, kozyraki}@stanford.edu
More informationFiltering Metadata Lookups in Instruction-Grain Application Monitoring
EDIC RESEARCH PROPOSAL 1 Filtering etadata Lookups in Instruction-Grain Application onitoring Yusuf Onur Kocberber Parallel Systems Architecture Lab (PARSA) Ecole Polytechnique Fédérale de Lausanne Lausanne,
More informationEffective Memory Protection Using Dynamic Tainting
Effective Memory Protection Using Dynamic Tainting James Clause Alessandro Orso (software) and Ioanis Doudalis Milos Prvulovic (hardware) College of Computing Georgia Institute of Technology Supported
More informationPrototyping Architectural Support for Program Rollback Using FPGAs
Prototyping Architectural Support for Program Rollback Using FPGAs Radu Teodorescu and Josep Torrellas http://iacoma.cs.uiuc.edu University of Illinois at Urbana-Champaign Motivation Problem: Software
More informationHigh-Performance Parallel Accelerator for Flexible and Efficient Run-Time Monitoring
High-Performance Parallel Accelerator for Flexible and Efficient Run-Time Monitoring Daniel Y. Deng and G. Edward Suh Computer Systems Laboratory, Cornell University Ithaca, New York 14850 {deng, suh}@csl.cornell.edu
More informationFrom Speculation to Security: Practical and Efficient Information Flow Tracking Using Speculative Hardware
From Speculation to Security: Practical and Efficient Information Flow Tracking Using Speculative Hardware Haibo Chen, Xi Wu, Liwei Yuan, Binyu Zang, Pen-chung Yew, and Frederic T. Chong Parallel Processing
More informationHDFI: Hardware-Assisted Data-flow Isolation
HDFI: Hardware-Assisted Data-flow Isolation Presented by Ben Schreiber Chengyu Song 1, Hyungon Moon 2, Monjur Alam 1, Insu Yun 1, Byoungyoung Lee 1, Taesoo Kim 1, Wenke Lee 1, Yunheung Paek 2 1 Georgia
More informationProtoFlex Tutorial: Full-System MP Simulations Using FPGAs
rotoflex Tutorial: Full-System M Simulations Using FGAs Eric S. Chung, Michael apamichael, Eriko Nurvitadhi, James C. Hoe, Babak Falsafi, Ken Mai ROTOFLEX Computer Architecture Lab at Our work in this
More informationDBT Tool. DBT Framework
Thread-Safe Dynamic Binary Translation using Transactional Memory JaeWoong Chung,, Michael Dalton, Hari Kannan, Christos Kozyrakis Computer Systems Laboratory Stanford University http://csl.stanford.edu
More informationImpact of Cache Coherence Protocols on the Processing of Network Traffic
Impact of Cache Coherence Protocols on the Processing of Network Traffic Amit Kumar and Ram Huggahalli Communication Technology Lab Corporate Technology Group Intel Corporation 12/3/2007 Outline Background
More informationMicroarchitecture Overview. Performance
Microarchitecture Overview Prof. Scott Rixner Duncan Hall 3028 rixner@rice.edu January 15, 2007 Performance 4 Make operations faster Process improvements Circuit improvements Use more transistors to make
More informationMicroarchitecture Overview. Performance
Microarchitecture Overview Prof. Scott Rixner Duncan Hall 3028 rixner@rice.edu January 18, 2005 Performance 4 Make operations faster Process improvements Circuit improvements Use more transistors to make
More informationWhat are Exceptions? EE 457 Unit 8. Exception Processing. Exception Examples 1. Exceptions What Happens When Things Go Wrong
8. 8.2 What are Exceptions? EE 457 Unit 8 Exceptions What Happens When Things Go Wrong Exceptions are rare events triggered by the hardware and forcing the processor to execute a software handler Similar
More informationBanked Multiported Register Files for High-Frequency Superscalar Microprocessors
Banked Multiported Register Files for High-Frequency Superscalar Microprocessors Jessica H. T seng and Krste Asanoviü MIT Laboratory for Computer Science, Cambridge, MA 02139, USA ISCA2003 1 Motivation
More informationExecution-based Prediction Using Speculative Slices
Execution-based Prediction Using Speculative Slices Craig Zilles and Guri Sohi University of Wisconsin - Madison International Symposium on Computer Architecture July, 2001 The Problem Two major barriers
More informationShengyue Wang, Xiaoru Dai, Kiran S. Yellajyosula, Antonia Zhai, Pen-Chung Yew Department of Computer Science & Engineering University of Minnesota
Loop Selection for Thread-Level Speculation, Xiaoru Dai, Kiran S. Yellajyosula, Antonia Zhai, Pen-Chung Yew Department of Computer Science & Engineering University of Minnesota Chip Multiprocessors (CMPs)
More informationEE 457 Unit 8. Exceptions What Happens When Things Go Wrong
1 EE 457 Unit 8 Exceptions What Happens When Things Go Wrong 2 What are Exceptions? Exceptions are rare events triggered by the hardware and forcing the processor to execute a software handler HW Interrupts
More informationLow-Complexity Reorder Buffer Architecture*
Low-Complexity Reorder Buffer Architecture* Gurhan Kucuk, Dmitry Ponomarev, Kanad Ghose Department of Computer Science State University of New York Binghamton, NY 13902-6000 http://www.cs.binghamton.edu/~lowpower
More informationChip-Multithreading Systems Need A New Operating Systems Scheduler
Chip-Multithreading Systems Need A New Operating Systems Scheduler Alexandra Fedorova Christopher Small Daniel Nussbaum Margo Seltzer Harvard University, Sun Microsystems Sun Microsystems Sun Microsystems
More informationCS377P Programming for Performance Single Thread Performance Out-of-order Superscalar Pipelines
CS377P Programming for Performance Single Thread Performance Out-of-order Superscalar Pipelines Sreepathi Pai UTCS September 14, 2015 Outline 1 Introduction 2 Out-of-order Scheduling 3 The Intel Haswell
More informationThe DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection
: Hardware-Protected Security Modules for In-Place Intrusion Detection Man-Ki Yoon, Mihai Christodorescu, Lui Sha, Sibin Mohan University of Illinois at Urbana-Champaign Qualcomm Research Silicon Valley
More informationRAMP-White / FAST-MP
RAMP-White / FAST-MP Hari Angepat and Derek Chiou Electrical and Computer Engineering University of Texas at Austin Supported in part by DOE, NSF, SRC,Bluespec, Intel, Xilinx, IBM, and Freescale RAMP-White
More informationJosé F. Martínez 1, Jose Renau 2 Michael C. Huang 3, Milos Prvulovic 2, and Josep Torrellas 2
CHERRY: CHECKPOINTED EARLY RESOURCE RECYCLING José F. Martínez 1, Jose Renau 2 Michael C. Huang 3, Milos Prvulovic 2, and Josep Torrellas 2 1 2 3 MOTIVATION Problem: Limited processor resources Goal: More
More informationLecture 4: Instruction Set Design/Pipelining
Lecture 4: Instruction Set Design/Pipelining Instruction set design (Sections 2.9-2.12) control instructions instruction encoding Basic pipelining implementation (Section A.1) 1 Control Transfer Instructions
More informationMobilizing the Micro-Ops: Exploiting Context Sensitive Decoding for Security and Energy Efficiency
Mobilizing the Micro-Ops: Exploiting Context Sensitive Decoding for Security and Energy Efficiency Mohammadkazem Taram, Ashish Venkat, Dean Tullsen University of California, San Diego The Tension between
More informationTRIPS: Extending the Range of Programmable Processors
TRIPS: Extending the Range of Programmable Processors Stephen W. Keckler Doug Burger and Chuck oore Computer Architecture and Technology Laboratory Department of Computer Sciences www.cs.utexas.edu/users/cart
More informationOutline. Exploiting Program Parallelism. The Hydra Approach. Data Speculation Support for a Chip Multiprocessor (Hydra CMP) HYDRA
CS 258 Parallel Computer Architecture Data Speculation Support for a Chip Multiprocessor (Hydra CMP) Lance Hammond, Mark Willey and Kunle Olukotun Presented: May 7 th, 2008 Ankit Jain Outline The Hydra
More informationIntegrated CPU and Cache Power Management in Multiple Clock Domain Processors
Integrated CPU and Cache Power Management in Multiple Clock Domain Processors Nevine AbouGhazaleh, Bruce Childers, Daniel Mossé & Rami Melhem Department of Computer Science University of Pittsburgh HiPEAC
More informationDnmaloc: a more secure memory allocator
Dnmaloc: a more secure memory allocator 28 September 2005 Yves Younan, Wouter Joosen, Frank Piessens and Hans Van den Eynden DistriNet, Department of Computer Science Katholieke Universiteit Leuven Belgium
More informationDesign of Experiments - Terminology
Design of Experiments - Terminology Response variable Measured output value E.g. total execution time Factors Input variables that can be changed E.g. cache size, clock rate, bytes transmitted Levels Specific
More informationBloom Filtering Cache Misses for Accurate Data Speculation and Prefetching
Bloom Filtering Cache Misses for Accurate Data Speculation and Prefetching Jih-Kwon Peir, Shih-Chang Lai, Shih-Lien Lu, Jared Stark, Konrad Lai peir@cise.ufl.edu Computer & Information Science and Engineering
More informationTainting is Not Pointless
Tainting is Not Pointless Michael Dalton, Hari Kannan, Christos Kozyrakis Computer Systems Laboratory Stanford University {mwdalton, hkannan, kozyraki}@stanford.edu Pointer tainting is a form of Dynamic
More informationThe Stanford Hydra CMP. Lance Hammond, Ben Hubbert, Michael Siu, Manohar Prabhu, Mark Willey, Michael Chen, Maciek Kozyrczak*, and Kunle Olukotun
The Stanford Hydra CMP Lance Hammond, Ben Hubbert, Michael Siu, Manohar Prabhu, Mark Willey, Michael Chen, Maciek Kozyrczak*, and Kunle Olukotun Computer Systems Laboratory Stanford University http://www-hydra.stanford.edu
More informationSecuring Software Applications Using Dynamic Dataflow Analysis. OWASP June 16, The OWASP Foundation
Securing Software Applications Using Dynamic Dataflow Analysis Steve Cook OWASP June 16, 2010 0 Southwest Research Institute scook@swri.org (210) 522-6322 Copyright The OWASP Foundation Permission is granted
More informationThe Stanford Hydra CMP. Lance Hammond, Ben Hubbert, Michael Siu, Manohar Prabhu, Michael Chen, Maciek Kozyrczak*, and Kunle Olukotun
The Stanford Hydra CMP Lance Hammond, Ben Hubbert, Michael Siu, Manohar Prabhu, Michael Chen, Maciek Kozyrczak*, and Kunle Olukotun Computer Systems Laboratory Stanford University http://www-hydra.stanford.edu
More informationAries: Transparent Execution of PA-RISC/HP-UX Applications on IPF/HP-UX
Aries: Transparent Execution of PA-RISC/HP-UX Applications on IPF/HP-UX Keerthi Bhushan Rajesh K Chaurasia Hewlett-Packard India Software Operations 29, Cunningham Road Bangalore 560 052 India +91-80-2251554
More informationCOMPUTER ORGANIZATION AND DESI
COMPUTER ORGANIZATION AND DESIGN 5 Edition th The Hardware/Software Interface Chapter 4 The Processor 4.1 Introduction Introduction CPU performance factors Instruction count Determined by ISA and compiler
More informationGrassroots ASPLOS. can we still rethink the hardware/software interface in processors? Raphael kena Poss University of Amsterdam, the Netherlands
Grassroots ASPLOS can we still rethink the hardware/software interface in processors? Raphael kena Poss University of Amsterdam, the Netherlands ASPLOS-17 Doctoral Workshop London, March 4th, 2012 1 Current
More informationRegister Packing Exploiting Narrow-Width Operands for Reducing Register File Pressure
Register Packing Exploiting Narrow-Width Operands for Reducing Register File Pressure Oguz Ergin*, Deniz Balkan, Kanad Ghose, Dmitry Ponomarev Department of Computer Science State University of New York
More informationAn Analysis of the Performance Impact of Wrong-Path Memory References on Out-of-Order and Runahead Execution Processors
An Analysis of the Performance Impact of Wrong-Path Memory References on Out-of-Order and Runahead Execution Processors Onur Mutlu Hyesoon Kim David N. Armstrong Yale N. Patt High Performance Systems Group
More informationPOSH: A TLS Compiler that Exploits Program Structure
POSH: A TLS Compiler that Exploits Program Structure Wei Liu, James Tuck, Luis Ceze, Wonsun Ahn, Karin Strauss, Jose Renau and Josep Torrellas Department of Computer Science University of Illinois at Urbana-Champaign
More informationAdvanced d Instruction Level Parallelism. Computer Systems Laboratory Sungkyunkwan University
Advanced d Instruction ti Level Parallelism Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu ILP Instruction-Level Parallelism (ILP) Pipelining:
More informationKoji Inoue Department of Informatics, Kyushu University Japan Science and Technology Agency
Lock and Unlock: A Data Management Algorithm for A Security-Aware Cache Department of Informatics, Japan Science and Technology Agency ICECS'06 1 Background (1/2) Trusted Program Malicious Program Branch
More informationRun-Time Monitoring with Adjustable Overhead Using Dataflow-Guided Filtering
Run-Time Monitoring with Adjustable Overhead Using Dataflow-Guided Filtering Daniel Lo, Tao Chen, Mohamed Ismail, and G. Edward Suh Cornell University Ithaca, NY 14850, USA {dl575, tc466, mii5, gs272}@cornell.edu
More informationAPPENDIX Summary of Benchmarks
158 APPENDIX Summary of Benchmarks The experimental results presented throughout this thesis use programs from four benchmark suites: Cyclone benchmarks (available from [Cyc]): programs used to evaluate
More informationAFRL-RI-RS-TR
AFRL-RI-RS-TR-2014-088 A NEW OPERATING SYSTEM FOR SECURITY TAGGED ARCHITECTURE HARDWARE IN SUPPORT OF MULTIPLE INDEPENDENT LEVELS OF SECURITY (MILS) COMPLIANT SYSTEM UNIVERSITY OF IDAHO APRIL 2014 FINAL
More informationHA2lloc: Hardware-Assisted Secure Allocator
HA2lloc: Hardware-Assisted Secure Allocator Orlando Arias, Dean Sullivan, Yier Jin {oarias,dean.sullivan}@knights.ucf.edu yier.jin@ece.ufl.edu University of Central Florida University of Florida June 25,
More informationFlexible Architecture Research Machine (FARM)
Flexible Architecture Research Machine (FARM) RAMP Retreat June 25, 2009 Jared Casper, Tayo Oguntebi, Sungpack Hong, Nathan Bronson Christos Kozyrakis, Kunle Olukotun Motivation Why CPUs + FPGAs make sense
More informationZSIM: FAST AND ACCURATE MICROARCHITECTURAL SIMULATION OF THOUSAND-CORE SYSTEMS
ZSIM: FAST AND ACCURATE MICROARCHITECTURAL SIMULATION OF THOUSAND-CORE SYSTEMS DANIEL SANCHEZ MIT CHRISTOS KOZYRAKIS STANFORD ISCA-40 JUNE 27, 2013 Introduction 2 Current detailed simulators are slow (~200
More informationThwarting unknown bugs: hardening features in the mainline Linux kernel
Thwarting unknown bugs: hardening features in the mainline Linux kernel Mark Rutland ARM Ltd Embedded Linux Conference Europe 2016 October 11, 2016 ARM 2016 2 ARM 2016 What s the
More informationThread-Safe Dynamic Binary Translation using Transactional Memory
Thread-Safe Dynamic Binary Translation using Transactional Memory JaeWoong Chung, Michael Dalton, Hari Kannan, Christos Kozyrakis Computer Systems Laboratory Stanford University {jwchung, mwdalton, hkannan,
More informationZSIM: FAST AND ACCURATE MICROARCHITECTURAL SIMULATION OF THOUSAND-CORE SYSTEMS
ZSIM: FAST AND ACCURATE MICROARCHITECTURAL SIMULATION OF THOUSAND-CORE SYSTEMS DANIEL SANCHEZ MIT CHRISTOS KOZYRAKIS STANFORD ISCA-40 JUNE 27, 2013 Introduction 2 Current detailed simulators are slow (~200
More informationConfinement (Running Untrusted Programs)
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules
More informationAdvanced issues in pipelining
Advanced issues in pipelining 1 Outline Handling exceptions Supporting multi-cycle operations Pipeline evolution Examples of real pipelines 2 Handling exceptions 3 Exceptions In pipelined execution, one
More informationMulti-cycle Instructions in the Pipeline (Floating Point)
Lecture 6 Multi-cycle Instructions in the Pipeline (Floating Point) Introduction to instruction level parallelism Recap: Support of multi-cycle instructions in a pipeline (App A.5) Recap: Superpipelining
More informationCEC 450 Real-Time Systems
CEC 450 Real-Time Systems Lecture 6 Accounting for I/O Latency September 28, 2015 Sam Siewert A Service Release and Response C i WCET Input/Output Latency Interference Time Response Time = Time Actuation
More informationA program execution is memory safe so long as memory access errors never occur:
A program execution is memory safe so long as memory access errors never occur: Buffer overflows, null pointer dereference, use after free, use of uninitialized memory, illegal free Memory safety categories
More informationThe Processor: Instruction-Level Parallelism
The Processor: Instruction-Level Parallelism Computer Organization Architectures for Embedded Computing Tuesday 21 October 14 Many slides adapted from: Computer Organization and Design, Patterson & Hennessy
More informationCISC 360. Virtual Memory Dec. 4, 2008
CISC 36 Virtual Dec. 4, 28 Topics Motivations for VM Address translation Accelerating translation with TLBs Motivations for Virtual Use Physical DRAM as a Cache for the Disk Address space of a process
More informationDual-Core Execution: Building A Highly Scalable Single-Thread Instruction Window
Dual-Core Execution: Building A Highly Scalable Single-Thread Instruction Window Huiyang Zhou School of Computer Science University of Central Florida New Challenges in Billion-Transistor Processor Era
More informationCHAPTER 8: MEMORY MANAGEMENT. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.
CHAPTER 8: MEMORY MANAGEMENT By I-Chen Lin Textbook: Operating System Concepts 9th Ed. Chapter 8: Memory Management Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the
More informationA Cross-Architectural Interface for Code Cache Manipulation. Kim Hazelwood and Robert Cohn
A Cross-Architectural Interface for Code Cache Manipulation Kim Hazelwood and Robert Cohn Software-Managed Code Caches Software-managed code caches store transformed code at run time to amortize overhead
More informationAnnouncements. ECE4750/CS4420 Computer Architecture L11: Speculative Execution I. Edward Suh Computer Systems Laboratory
ECE4750/CS4420 Computer Architecture L11: Speculative Execution I Edward Suh Computer Systems Laboratory suh@csl.cornell.edu Announcements Lab3 due today 2 1 Overview Branch penalties limit performance
More informationSpeculative Multithreaded Processors
Guri Sohi and Amir Roth Computer Sciences Department University of Wisconsin-Madison utline Trends and their implications Workloads for future processors Program parallelization and speculative threads
More informationsecubt Hacking the Hackers with User Space Virtualization
secubt Hacking the Hackers with User Space Virtualization Mathias Payer Mathias Payer: secubt User Space Virtualization 1 Motivation Virtualizing and encapsulating running programs
More informationA Cost Effective Spatial Redundancy with Data-Path Partitioning. Shigeharu Matsusaka and Koji Inoue Fukuoka University Kyushu University/PREST
A Cost Effective Spatial Redundancy with Data-Path Partitioning Shigeharu Matsusaka and Koji Inoue Fukuoka University Kyushu University/PREST 1 Outline Introduction Data-path Partitioning for a dependable
More informationTDT Coarse-Grained Multithreading. Review on ILP. Multi-threaded execution. Contents. Fine-Grained Multithreading
Review on ILP TDT 4260 Chap 5 TLP & Hierarchy What is ILP? Let the compiler find the ILP Advantages? Disadvantages? Let the HW find the ILP Advantages? Disadvantages? Contents Multi-threading Chap 3.5
More informationThe Nios II Family of Configurable Soft-core Processors
The Nios II Family of Configurable Soft-core Processors James Ball August 16, 2005 2005 Altera Corporation Agenda Nios II Introduction Configuring your CPU FPGA vs. ASIC CPU Design Instruction Set Architecture
More informationECE550 PRACTICE Final
ECE550 PRACTICE Final This is a full length practice midterm exam. If you want to take it at exam pace, give yourself 175 minutes to take the entire test. Just like the real exam, each question has a point
More information15-740/ Computer Architecture Lecture 10: Runahead and MLP. Prof. Onur Mutlu Carnegie Mellon University
15-740/18-740 Computer Architecture Lecture 10: Runahead and MLP Prof. Onur Mutlu Carnegie Mellon University Last Time Issues in Out-of-order execution Buffer decoupling Register alias tables Physical
More informationBaggy bounds checking. Periklis Akri5dis, Manuel Costa, Miguel Castro, Steven Hand
Baggy bounds checking Periklis Akri5dis, Manuel Costa, Miguel Castro, Steven Hand C/C++ programs are vulnerable Lots of exis5ng code in C and C++ More being wrieen every day C/C++ programs are prone to
More informationMotivations for Virtual Memory Virtual Memory Oct. 29, Why VM Works? Motivation #1: DRAM a Cache for Disk
class8.ppt 5-23 The course that gives CMU its Zip! Virtual Oct. 29, 22 Topics Motivations for VM Address translation Accelerating translation with TLBs Motivations for Virtual Use Physical DRAM as a Cache
More informationChapter 8: Memory-Management Strategies
Chapter 8: Memory-Management Strategies Chapter 8: Memory Management Strategies Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the Page Table Example: The Intel 32 and
More informationA Scheme of Predictor Based Stream Buffers. Bill Hodges, Guoqiang Pan, Lixin Su
A Scheme of Predictor Based Stream Buffers Bill Hodges, Guoqiang Pan, Lixin Su Outline Background and motivation Project hypothesis Our scheme of predictor-based stream buffer Predictors Predictor table
More informationHardware Speculation Support
Hardware Speculation Support Conditional instructions Most common form is conditional move BNEZ R1, L ;if MOV R2, R3 ;then CMOVZ R2,R3, R1 L: ;else Other variants conditional loads and stores nullification
More informationCS 252 Graduate Computer Architecture. Lecture 4: Instruction-Level Parallelism
CS 252 Graduate Computer Architecture Lecture 4: Instruction-Level Parallelism Krste Asanovic Electrical Engineering and Computer Sciences University of California, Berkeley http://wwweecsberkeleyedu/~krste
More informationVirtual Memory Oct. 29, 2002
5-23 The course that gives CMU its Zip! Virtual Memory Oct. 29, 22 Topics Motivations for VM Address translation Accelerating translation with TLBs class9.ppt Motivations for Virtual Memory Use Physical
More informationMicroarchitecture-Based Introspection: A Technique for Transient-Fault Tolerance in Microprocessors. Moinuddin K. Qureshi Onur Mutlu Yale N.
Microarchitecture-Based Introspection: A Technique for Transient-Fault Tolerance in Microprocessors Moinuddin K. Qureshi Onur Mutlu Yale N. Patt High Performance Systems Group Department of Electrical
More informationCPE300: Digital System Architecture and Design
CPE300: Digital System Architecture and Design Fall 2011 MW 17:30-18:45 CBC C316 Arithmetic Unit 10032011 http://www.egr.unlv.edu/~b1morris/cpe300/ 2 Outline Recap Chapter 3 Number Systems Fixed Point
More informationCHAPTER 8 - MEMORY MANAGEMENT STRATEGIES
CHAPTER 8 - MEMORY MANAGEMENT STRATEGIES OBJECTIVES Detailed description of various ways of organizing memory hardware Various memory-management techniques, including paging and segmentation To provide
More informationSpectre and Meltdown. Clifford Wolf q/talk
Spectre and Meltdown Clifford Wolf q/talk 2018-01-30 Spectre and Meltdown Spectre (CVE-2017-5753 and CVE-2017-5715) Is an architectural security bug that effects most modern processors with speculative
More informationChapter 13 Reduced Instruction Set Computers
Chapter 13 Reduced Instruction Set Computers Contents Instruction execution characteristics Use of a large register file Compiler-based register optimization Reduced instruction set architecture RISC pipelining
More informationLecture 10. Pointless Tainting? Evaluating the Practicality of Pointer Tainting. Asia Slowinska, Herbert Bos. Advanced Operating Systems
Lecture 10 Pointless Tainting? Evaluating the Practicality of Pointer Tainting Asia Slowinska, Herbert Bos Advanced Operating Systems December 15, 2010 SOA/OS Lecture 10, Pointer Tainting 1/40 Introduction
More informationRuler: High-Speed Packet Matching and Rewriting on Network Processors
Ruler: High-Speed Packet Matching and Rewriting on Network Processors Tomáš Hrubý Kees van Reeuwijk Herbert Bos Vrije Universiteit, Amsterdam World45 Ltd. ANCS 2007 Tomáš Hrubý (VU Amsterdam, World45)
More informationUnit 8: Superscalar Pipelines
A Key Theme: arallelism reviously: pipeline-level parallelism Work on execute of one instruction in parallel with decode of next CIS 501: Computer Architecture Unit 8: Superscalar ipelines Slides'developed'by'Milo'Mar0n'&'Amir'Roth'at'the'University'of'ennsylvania'
More informationA Key Theme of CIS 371: Parallelism. CIS 371 Computer Organization and Design. Readings. This Unit: (In-Order) Superscalar Pipelines
A Key Theme of CIS 371: arallelism CIS 371 Computer Organization and Design Unit 10: Superscalar ipelines reviously: pipeline-level parallelism Work on execute of one instruction in parallel with decode
More informationChapter 8: Main Memory. Operating System Concepts 9 th Edition
Chapter 8: Main Memory Silberschatz, Galvin and Gagne 2013 Chapter 8: Memory Management Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the Page Table Example: The Intel
More informationMultithreaded Processors. Department of Electrical Engineering Stanford University
Lecture 12: Multithreaded Processors Department of Electrical Engineering Stanford University http://eeclass.stanford.edu/ee382a Lecture 12-1 The Big Picture Previous lectures: Core design for single-thread
More informationSuperscalar Processors Ch 14
Superscalar Processors Ch 14 Limitations, Hazards Instruction Issue Policy Register Renaming Branch Prediction PowerPC, Pentium 4 1 Superscalar Processing (5) Basic idea: more than one instruction completion
More informationChapter 8: Main Memory
Chapter 8: Main Memory Chapter 8: Memory Management Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the Page Table Example: The Intel 32 and 64-bit Architectures Example:
More informationSuperscalar Processing (5) Superscalar Processors Ch 14. New dependency for superscalar case? (8) Output Dependency?
Superscalar Processors Ch 14 Limitations, Hazards Instruction Issue Policy Register Renaming Branch Prediction PowerPC, Pentium 4 1 Superscalar Processing (5) Basic idea: more than one instruction completion
More informationEECS 322 Computer Architecture Superpipline and the Cache
EECS 322 Computer Architecture Superpipline and the Cache Instructor: Francis G. Wolff wolff@eecs.cwru.edu Case Western Reserve University This presentation uses powerpoint animation: please viewshow Summary:
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More informationChapter 8: Main Memory
Chapter 8: Main Memory Silberschatz, Galvin and Gagne 2013 Chapter 8: Memory Management Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the Page Table Example: The Intel
More informationAFRL-RI-RS-TR
AFRL-RI-RS-TR-2015-143 FLEXIBLE TAGGED ARCHITECTURE FOR TRUSTWORTHY MULTI-CORE PLATFORMS CORNELL UNIVERSITY JUNE 2015 FINAL TECHNICAL REPORT APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED STINFO COPY
More informationEITF20: Computer Architecture Part2.2.1: Pipeline-1
EITF20: Computer Architecture Part2.2.1: Pipeline-1 Liang Liu liang.liu@eit.lth.se 1 Outline Reiteration Pipelining Harzards Structural hazards Data hazards Control hazards Implementation issues Multi-cycle
More informationMesocode: Optimizations for Improving Fetch Bandwidth of Future Itanium Processors
: Optimizations for Improving Fetch Bandwidth of Future Itanium Processors Marsha Eng, Hong Wang, Perry Wang Alex Ramirez, Jim Fung, and John Shen Overview Applications of for Itanium Improving fetch bandwidth
More information2 nd Half. Memory management Disk management Network and Security Virtual machine
Final Review 1 2 nd Half Memory management Disk management Network and Security Virtual machine 2 Abstraction Virtual Memory (VM) 4GB (32bit) linear address space for each process Reality 1GB of actual
More information