A JVM for Soft-Error-Prone Embedded Systems
|
|
- Terence Beasley
- 5 years ago
- Views:
Transcription
1 A JVM for Soft-Error-Prone Embedded Systems Isabella S)lkerich, Michael Strotz, Christoph Erhardt, Mar7n Hoffmann, Daniel Lohmann, Fabian Scheler, Wolfgang Schröder- Preikschat Department of Computer Science 4 Distributed Systems and Opera7ng Systems 1
2 2 Motivation
3 Soft Error Rate (FIT/chip) 06/20/ LCTES 13 2 Motivation Transient hardware faults become more likely Soft error rate in logic has increased by 9 orders of magnitude Soft error rate in SRAM is constantly high Soft errors cannot be ignored anymore Technology Generation
4 2 Motivation Transient hardware faults become more likely Soft error rate in logic has increased by 9 orders of magnitude Soft error rate in SRAM is constantly high Soft errors cannot be ignored anymore Hardware-based fault tolerance (FT) techniques Expensive: size, weight and power
5 2 Motivation Transient hardware faults become more likely Soft error rate in logic has increased by 9 orders of magnitude Soft error rate in SRAM is constantly high Soft errors cannot be ignored anymore Hardware-based fault tolerance (FT) techniques Expensive: size, weight and power Software-based fault tolerance (FT) techniques
6 3 Motivation (2) Most techniques concentrate on application protection Previous work: employ a type-safe language (Java) for SW-based FT Use the type system for automatic... Isolate (SW-based memory protection) Replication of critical modules State protection and recovering Primary focus on protecting the application System software is considered trusted compute base Bit flips can corrupt system software, SW-based memory protection
7 4 Type Safety and Software Isolation Type safety ensures memory safety in absence of transient errors Only explicit references can be used No access outside an object s boundary Type determines in which way memory is used Our software isolation approach is based on Type safety Logical separation of global data But bit flips can break type safety and software isolation! How can we harden the JVM itself?
8 5 Agenda What can be done to preserve type safety and software isolation in the face of soft errors? Can the characteristics of Java be useful to achieve this goal? Case study with the embedded KESO Java Virtual Machine 1. Hardening the KESO JVM 2. Tailoring the safety measures 3. Evaluation
9 6 Fault Model Soft errors visible at the programming interface of the processor Focus of this work: protect the JVM Protection of application data achieved on higher abstraction level Trusted memory base: read-only memory (ROM) More robust against soft errors Program code and constant data are considered to be safe G. Cellere et al.: Neutron-induced soft errors in advanced flash memories (IEDM 2008)
10 7 The KESO JVM Java-to-C ahead-of-time compiler VM tailoring, static configuration RPC Domain A Control Flows Heap Domain B Heap ThreadA1 ThreadA2 ISR1 Static Fields Static Fields
11 8 Runtime Information of KESO Data Segment Domain descriptor pointer to current descriptor Domain Descriptor Static class fields App A Text Segment Instructions Application B Domain Descriptor Static class fields Reference Reference Primitive Class Storage Class Info 1 Class Info 2 Reference Reference Primitive Heap Heap Header size Object Array Header Object type Method Table Virtual Method 1 Virtual Method 2 Virtual Method 3
12 8 Runtime Information of KESO Data Segment Domain descriptor pointer to current descriptor Domain Descriptor Static class fields App A Text Segment Instructions Application B Domain Descriptor Static class fields Reference Reference Primitive Class Storage Class Info 1 Class Info 2 Global Information of the Type System Reference Reference Primitive Heap Heap Header size Object Array Header Object type Method Table Virtual Method 1 Virtual Method 2 Virtual Method 3 Global Information of the Type System
13 8 Runtime Information of KESO Data Segment Domain descriptor pointer to current descriptor Domain Descriptor Static class fields App A Global Text Segment Information of Instructions each protection realm Application B Domain Descriptor Static class fields Global Reference Information of each protection Reference realm Primitive Class Storage Class Info 1 Class Info 2 Global Information of the Type System Reference Reference Primitive Heap Heap Header size Object Array Header Object type Method Table Virtual Method 1 Virtual Method 2 Virtual Method 3 Global Information of the Type System
14 8 Runtime Information of KESO Data Segment Domain descriptor pointer to current descriptor Global Information of each protection realm Domain Descriptor Static class fields App A Global Text Segment Information of Instructions each protection realm Application B Domain Descriptor Static class fields Global Reference Information of each protection Reference realm Primitive Class Storage Class Info 1 Class Info 2 Global Information of the Type System Reference Reference Primitive Heap Heap Header size Object Array Header Object type Method Table Virtual Method 1 Virtual Method 2 Virtual Method 3 Global Information of the Type System
15 8 Runtime Information of KESO Data Segment Domain descriptor pointer to current descriptor Global Information of each protection realm Domain Descriptor Static class fields App A Global Text Segment Information of Instructions each protection realm Application B Domain Descriptor Static class fields Global Reference Information of each protection Reference realm Primitive Class Storage Class Info 1 Class Info 2 Global Information of the Type System Reference Reference Primitive Heap Heap Header size Object Array Header Object type Local Method Table Information inside objects Virtual Method 1 and arrays Virtual Method 2 Virtual Method 3 Global Information of the Type System
16 9 What can go wrong? Wild references Corrupted type information in object headers Invalid current-domain pointer
17 10 Wild References Internal implementation of Java reference: memory address Corrupted reference = wild pointer
18 10 Wild References Internal implementation of Java reference: memory address Corrupted reference = wild pointer Worst-case consequence: access to arbitrary memory location
19 10 Wild References Internal implementation of Java reference: memory address Corrupted reference = wild pointer Worst-case consequence: access to arbitrary memory location Solution: validate references upon access e.g. using parity/checksum Type-safe language: all reference accesses are known ahead of time
20 10 Wild References Internal implementation of Java reference: memory address Corrupted reference = wild pointer Worst-case consequence: access to arbitrary memory location Solution: validate references upon access e.g. using parity/checksum Type-safe language: all reference accesses are known ahead of time But when should we check references?
21 11 Dereference Check (DRC) References stay encoded all the time Checked, whenever they are dereferenced Advantage: High error detection rate Drawbacks: Checked more often than necessary Higher error detection time
22 12 Load Reference Check (LRC) Checked at loads from memory Static reference fields, object ref. fields, reference arrays Advantage: Faster than DRC Shorter error detection time Drawbacks: May wrongly assume correct value
23 13 Header-Only Check (HOC) Check header only upon dereference Advantage: Faster than LRC Drawbacks: May wrongly assume correct value in case of traditional memory layout Requires special memory layout to reduce false negatives, higher memory consumption
24 14 Corrupted Object Meta-Information Bit flip in type ID Heap Object B Header Data type Virtual Method Table setvalue (B) setvalue (X) setvalue (A) Corruption of meta-information in object header possible Critical instructions: Direct use of type ID: checkcast, instanceof Table lookup with type ID as index: invokevirtual, invokeinterface Worst-case consequences: invalid cast, invocation of wrong method Solution: validate object header upon access e.g. using parity/checksum
25 15 Corrupted Array Meta-Information Heap Array C type Header length Data Type ID: same issues as with plain objects Corrupted array length: bounds check may no longer work as expected False positive: Out-of-bounds exception in spite of correct index False negative: No exception in spite of incorrect index! Worst-case consequence: access to arbitrary array index Solution: validate array length before bounds check e.g. using parity/checksum
26 16 Array Accesses
27 16 Array Accesses Results of data-flow analysis are used to address several cases:
28 16 Array Accesses Results of data-flow analysis are used to address several cases: 1.Index and size are constant, no bounds check needed
29 16 Array Accesses Results of data-flow analysis are used to address several cases: 1.Index and size are constant, no bounds check needed int [] array = new int[30];... array[5]=9;
30 16 Array Accesses Results of data-flow analysis are used to address several cases: 1.Index and size are constant, no bounds check needed 2.Size constant, index variable, simple bounds check needed
31 16 Array Accesses Results of data-flow analysis are used to address several cases: 1.Index and size are constant, no bounds check needed 2.Size constant, index variable, simple bounds check needed int [] array = new int[30];... /* index is dynamically derived from input source */ /* simple array bounds check needed */ array[index]=9;
32 16 Array Accesses Results of data-flow analysis are used to address several cases: 1.Index and size are constant, no bounds check needed 2.Size constant, index variable, simple bounds check needed 3.Access is within bounds, but either index or size is not constant, size information has to be checked: Extended array bounds check (EBC)
33 16 Array Accesses Results of data-flow analysis are used to address several cases: 1.Index and size are constant, no bounds check needed 2.Size constant, index variable, simple bounds check needed 3.Access is within bounds, but either index or size is not constant, size information has to be checked: Extended array bounds check (EBC) int [] array = new int[inputvalue];... for(int i=0; i<array.length; i++) { /* Extended Array Bounds Check */ } array[i]=i;
34 16 Array Accesses Results of data-flow analysis are used to address several cases: 1.Index and size are constant, no bounds check needed 2.Size constant, index variable, simple bounds check needed 3.Access is within bounds, but either index or size is not constant, size information has to be checked: Extended array bounds check (EBC) 4.Neither index nor size is constant: EBC
35 17 Invalid Current-Domain Pointer Current-domain pointer can be corrupted Critical instructions: putstatic, getstatic Memory-management operations... Worst-case consequence: arbitrary memory accesses Solution: validate current-domain pointer upon access e.g. using parity/checksum
36 18 Efficient Implementation Static programming model allows collecting extensive information ahead of time Can be exploited by advanced high-level optimizations Optimizations support our purposes (attack-surface reduction, efficiency gains) Constant propagation & folding: replaces (vulnerable) variables with constants, reduces register pressure Runtime-check elimination: elides null-, bounds, integrity checks Devirtualization: elides object-header checks Data-flow analysis: array accesses
37 19 Efficient Implementation (2) Trusted memory base: ROM Use data-flow analysis to derive constant data Constant application and system data can be located in ROM Immediate accesses are safe Incorporation of platform-specific features Alignment and address layout: object headers TriCore TC1796 (32-bit, 1 MiB SRAM, 2 MiB ROM) AVR ATmega8535 (8-bit, 512 B SRAM, 8 KiB ROM) Memory protection unit (MPU) TC1796 Reference: Safety net Use hardware exceptions Object header: P(classID) 32 bits address P(address) classid unused reserved Array header: P(size) P(classID) size classid
38 20 Evaluation Real-time Java application benchmark Collision Detector (CDx) Built KESO CDx variants No runtime checks Null and array bound checks (Safety checks enabled) LRC (Reference and type integrity checking prior to safety checks) Measured overhead (memory footprint, runtime) Injected faults in main computation loop with Fail* tool Fault space pruning Grouped domain data by compiler s reachability analysis
39 21 Evaluation - TC1796 Text%Segment%Overhead% Full$LRC$(incl.$Array$Checks)$ Header$Checks$(LRC)$ Address$Checks$(LRC)$ +5% +18% +24% JVM's$Safety$Checks$ 0.00%$ 5.00%$ 10.00%$ 15.00%$ 20.00%$ 25.00%$ 30.00%$ No size changes in.data or.bss segment
40 22 Evaluation - TC1796 Full$LRC$(incl.$Array$Checks)$ Full$LRC$(no$array$opGmizaGon)$ Header$Checks$(LRC)$ Address$Checks$(LRC)$ +8% Run$me' +18% +31% +46% JVM's$Safety$Checks$ 0.00%$ 5.00%$ 10.00%$ 15.00%$ 20.00%$ 25.00%$ 30.00%$ 35.00%$ 40.00%$ 45.00%$ 50.00%$ Example: Deactivated array optimization (always EBC)
41 23 Evaluation - Fault Injection LRC" JVM's"Safety"Checks" -92% -94% Parity"ExcepDon" Traps" Illegal"Memory"Access" No"Safety"Checks" 0" 100,000" 200,000" 300,000" 400,000" 500,000" 600,000" 700,000" More numbers can be found in the paper
42 24 Conclusion What can be done to preserve type safety and software isolation in the face of soft errors? Protect global type-system information (method table, class table, current-domain pointer) Check global and local references (addresses, type information) Can the characteristics of Java be useful to achieve this goal? Separation of references and data values, type information Explicit protection of references Runtime-structural information for automated protection of application data Software-based memory protection
43 25 Future Work Improve program and system analyses and code generation Loop unrolling to elide array bounds checks Object header elision due to address layout peculiarities Only address checking needed ROM allocation: Application data protection and runtime check elision Fragmented allocation Use of software or hardware exceptions No address checking needed, only header checks Incorporation of hardware characteristics (ROM/MPU/Memory layout)
44 26 Questions? KESO: distributed under the terms of the GNU LGPL, version 3
KESO Functional Safety and the Use of Java in Embedded Systems
KESO Functional Safety and the Use of Java in Embedded Systems Isabella S1lkerich, Bernhard Sechser Embedded Systems Engineering Kongress 05.12.2012 Lehrstuhl für Informa1k 4 Verteilte Systeme und Betriebssysteme
More informationA JVM for Soft-Error-Prone Embedded Systems
A JVM for Soft-Error-Prone Embedded Systems Isabella Stilkerich Michael Strotz Christoph Erhardt Martin Hoffmann Daniel Lohmann Fabian Scheler Wolfgang Schröder-Preikschat Friedrich-Alexander University
More informationCooperative Memory Management in Embedded Systems
ooperative Memory Management in Embedded Systems, Philip Taffner, hristoph Erhardt, hris7an Dietrich, Michael S7lkerich Department of omputer Science 4 Distributed Systems and Opera7ng Systems 1 2 Motivation
More informationCoping with Immutable Data in a JVM for Embedded Real-Time Systems. Christoph Erhardt, Simon Kuhnle, Isabella Stilkerich, Wolfgang Schröder-Preikschat
The final Frontier Coping with Immutable Data in a JVM for Embedded Real-Time Systems Christoph Erhardt, Simon Kuhnle, Isabella Stilkerich, Wolfgang Schröder-Preikschat https://www4.cs.fau.de/research/keso/
More informationA program execution is memory safe so long as memory access errors never occur:
A program execution is memory safe so long as memory access errors never occur: Buffer overflows, null pointer dereference, use after free, use of uninitialized memory, illegal free Memory safety categories
More informationField Analysis. Last time Exploit encapsulation to improve memory system performance
Field Analysis Last time Exploit encapsulation to improve memory system performance This time Exploit encapsulation to simplify analysis Two uses of field analysis Escape analysis Object inlining April
More informationThe Use of Java in the Context of AUTOSAR 4.0
The Use of Java in the Context of AUTOSAR 4.0 Expectations and Possibilities Christian Wawersich cwh@methodpark.de MethodPark Software AG, Germany Isabella Thomm Michael Stilkerich {ithomm,stilkerich}@cs.fau.de
More informationNon-Blocking Inter-Partition Communication with Wait-Free Pair Transactions
Non-Blocking Inter-Partition Communication with Wait-Free Pair Transactions Ethan Blanton and Lukasz Ziarek Fiji Systems, Inc. October 10 th, 2013 WFPT Overview Wait-Free Pair Transactions A communication
More informationLecture Notes on Garbage Collection
Lecture Notes on Garbage Collection 15-411: Compiler Design André Platzer Lecture 20 1 Introduction In the previous lectures we have considered a programming language C0 with pointers and memory and array
More informationThe Perfect Getaway: Using Escape Analysis in Embedded Real-Time Systems
The Perfect Getaway: Using Escape Analysis in Embedded Real-Time Systems ISABELLA STILKERICH, CLEMENS LANG, CHRISTOPH ERHARDT, CHRISTIAN BAY, and MICHAEL STILKERICH, Friedrich-Alexander-University Erlangen-Nuremberg
More informationKESO. An Open-Source Multi-JVM for Deeply Embedded Systems
KESO An Open-Source Multi-JVM for Deeply Embedded Systems Isabella Thomm Michael Stilkerich Christian Wawersich Wolfgang Schröder-Preikschat {ithomm,stilkerich,wawi,wosch}@cs.fau.de Friedrich-Alexander
More informationEliminating Single Points of Failure in Software Based Redundancy
Eliminating Single Points of Failure in Software Based Redundancy Peter Ulbrich, Martin Hoffmann, Rüdiger Kapitza, Daniel Lohmann, Reiner Schmid and Wolfgang Schröder-Preikschat EDCC May 9, 2012 SYSTEM
More informationCSE P 501 Compilers. Java Implementation JVMs, JITs &c Hal Perkins Winter /11/ Hal Perkins & UW CSE V-1
CSE P 501 Compilers Java Implementation JVMs, JITs &c Hal Perkins Winter 2008 3/11/2008 2002-08 Hal Perkins & UW CSE V-1 Agenda Java virtual machine architecture.class files Class loading Execution engines
More informationCS-527 Software Security
CS-527 Software Security Memory Safety Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-softsec/ Spring 2017 Eternal
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More information6.828: OS/Language Co-design. Adam Belay
6.828: OS/Language Co-design Adam Belay Singularity An experimental research OS at Microsoft in the early 2000s Many people and papers, high profile project Influenced by experiences at
More informationThe Java Language Implementation
CS 242 2012 The Java Language Implementation Reading Chapter 13, sections 13.4 and 13.5 Optimizing Dynamically-Typed Object-Oriented Languages With Polymorphic Inline Caches, pages 1 5. Outline Java virtual
More informationAcknowledgements These slides are based on Kathryn McKinley s slides on garbage collection as well as E Christopher Lewis s slides
Garbage Collection Last time Compiling Object-Oriented Languages Today Motivation behind garbage collection Garbage collection basics Garbage collection performance Specific example of using GC in C++
More informationPreventing Use-after-free with Dangling Pointers Nullification
Preventing Use-after-free with Dangling Pointers Nullification Byoungyoung Lee, Chengyu Song, Yeongjin Jang Tielei Wang, Taesoo Kim, Long Lu, Wenke Lee Georgia Institute of Technology Stony Brook University
More informationLecture 4 September Required reading materials for this class
EECS 261: Computer Security Fall 2007 Lecture 4 September 6 Lecturer: David Wagner Scribe: DK Moon 4.1 Required reading materials for this class Beyond Stack Smashing: Recent Advances in Exploiting Buffer
More informationSoftware-based Fault Tolerance Mission (Im)possible?
Software-based Fault Tolerance Mission Im)possible? Peter Ulbrich The 29th CREST Open Workshop on Software Redundancy November 18, 2013 System Software Group http://www4.cs.fau.de Embedded Systems Initiative
More informationCS527 Software Security
Security Policies Purdue University, Spring 2018 Security Policies A policy is a deliberate system of principles to guide decisions and achieve rational outcomes. A policy is a statement of intent, and
More information[0569] p 0318 garbage
A Pointer is a variable which contains the address of another variable. Declaration syntax: Pointer_type *pointer_name; This declaration will create a pointer of the pointer_name which will point to the
More informationUsing Process-Level Redundancy to Exploit Multiple Cores for Transient Fault Tolerance
Using Process-Level Redundancy to Exploit Multiple Cores for Transient Fault Tolerance Outline Introduction and Motivation Software-centric Fault Detection Process-Level Redundancy Experimental Results
More informationHigh-Level Language VMs
High-Level Language VMs Outline Motivation What is the need for HLL VMs? How are these different from System or Process VMs? Approach to HLL VMs Evolutionary history Pascal P-code Object oriented HLL VMs
More informationCCured. One-Slide Summary. Lecture Outline. Type-Safe Retrofitting of C Programs
CCured Type-Safe Retrofitting of C Programs [Necula, McPeak,, Weimer, Condit, Harren] #1 One-Slide Summary CCured enforces memory safety and type safety in legacy C programs. CCured analyzes how you use
More informationRuntime Defenses against Memory Corruption
CS 380S Runtime Defenses against Memory Corruption Vitaly Shmatikov slide 1 Reading Assignment Cowan et al. Buffer overflows: Attacks and defenses for the vulnerability of the decade (DISCEX 2000). Avijit,
More informationBinding and Storage. COMP 524: Programming Language Concepts Björn B. Brandenburg. The University of North Carolina at Chapel Hill
Binding and Storage Björn B. Brandenburg The University of North Carolina at Chapel Hill Based in part on slides and notes by S. Olivier, A. Block, N. Fisher, F. Hernandez-Campos, and D. Stotts. What s
More informationBEAMJIT: An LLVM based just-in-time compiler for Erlang. Frej Drejhammar
BEAMJIT: An LLVM based just-in-time compiler for Erlang Frej Drejhammar 140407 Who am I? Senior researcher at the Swedish Institute of Computer Science (SICS) working on programming languages,
More informationCyber Moving Targets. Yashar Dehkan Asl
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system
More informationLecture Notes on Memory Layout
Lecture Notes on Memory Layout 15-122: Principles of Imperative Computation Frank Pfenning André Platzer Lecture 11 1 Introduction In order to understand how programs work, we can consider the functions,
More informationInheritance, Polymorphism and the Object Memory Model
Inheritance, Polymorphism and the Object Memory Model 1 how objects are stored in memory at runtime? compiler - operations such as access to a member of an object are compiled runtime - implementation
More informationAgenda. CSE P 501 Compilers. Java Implementation Overview. JVM Architecture. JVM Runtime Data Areas (1) JVM Data Types. CSE P 501 Su04 T-1
Agenda CSE P 501 Compilers Java Implementation JVMs, JITs &c Hal Perkins Summer 2004 Java virtual machine architecture.class files Class loading Execution engines Interpreters & JITs various strategies
More informationHA2lloc: Hardware-Assisted Secure Allocator
HA2lloc: Hardware-Assisted Secure Allocator Orlando Arias, Dean Sullivan, Yier Jin {oarias,dean.sullivan}@knights.ucf.edu yier.jin@ece.ufl.edu University of Central Florida University of Florida June 25,
More informationJAVA PERFORMANCE. PR SW2 S18 Dr. Prähofer DI Leopoldseder
JAVA PERFORMANCE PR SW2 S18 Dr. Prähofer DI Leopoldseder OUTLINE 1. What is performance? 1. Benchmarking 2. What is Java performance? 1. Interpreter vs JIT 3. Tools to measure performance 4. Memory Performance
More informationUndefined Behaviour in C
Undefined Behaviour in C Report Field of work: Scientific Computing Field: Computer Science Faculty for Mathematics, Computer Science and Natural Sciences University of Hamburg Presented by: Dennis Sobczak
More informationJVML Instruction Set. How to get more than 256 local variables! Method Calls. Example. Method Calls
CS6: Program and Data Representation University of Virginia Computer Science Spring 006 David Evans Lecture 8: Code Safety and Virtual Machines (Duke suicide picture by Gary McGraw) pushing constants JVML
More informationSafeDispatch Securing C++ Virtual Calls from Memory Corruption Attacks by Jang, Dongseok and Tatlock, Zachary and Lerner, Sorin
SafeDispatch Securing C++ Virtual Calls from Memory Corruption Attacks by Jang, Dongseok and Tatlock, Zachary and Lerner, Sorin in NDSS, 2014 Alexander Hefele Fakultät für Informatik Technische Universität
More informationToday Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues
Finding Bugs Last time Run-time reordering transformations Today Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues CS553 Lecture Finding
More informationMemory Safety for Low- Level Software/Hardware Interactions
Safety for Low- Level Software/Hardware Interactions John Criswell Nicolas Geoffray Montreal or Bust! Vikram Adve Safety Future is Bright User-space memory safety is improving Safe languages SAFECode,
More informationParallel Streaming Computation on Error-Prone Processors. Yavuz Yetim, Margaret Martonosi, Sharad Malik
Parallel Streaming Computation on Error-Prone Processors Yavuz Yetim, Margaret Martonosi, Sharad Malik Upsets/B muons/mb Average Number of Dopant Atoms Hardware Errors on the Rise Soft Errors Due to Cosmic
More informationOperating Systems. Memory Management. Lecture 9 Michael O Boyle
Operating Systems Memory Management Lecture 9 Michael O Boyle 1 Memory Management Background Logical/Virtual Address Space vs Physical Address Space Swapping Contiguous Memory Allocation Segmentation Goals
More informationMemory Safety for Embedded Devices with nescheck
Memory Safety for Embedded Devices with nescheck Daniele MIDI, Mathias PAYER, Elisa BERTINO Purdue University AsiaCCS 2017 Ubiquitous Computing and Security Sensors and WSNs are pervasive Small + cheap
More informationCSCI-UA /2. Computer Systems Organization Lecture 19: Dynamic Memory Allocation: Basics
Slides adapted (and slightly modified) from: Clark Barrett Jinyang Li Randy Bryant Dave O Hallaron CSCI-UA.0201-001/2 Computer Systems Organization Lecture 19: Dynamic Memory Allocation: Basics Mohamed
More informationDynamic Selection of Application-Specific Garbage Collectors
Dynamic Selection of Application-Specific Garbage Collectors Sunil V. Soman Chandra Krintz University of California, Santa Barbara David F. Bacon IBM T.J. Watson Research Center Background VMs/managed
More informationCauses of Software Failures
Causes of Software Failures Hardware Faults Permanent faults, e.g., wear-and-tear component Transient faults, e.g., bit flips due to radiation Software Faults (Bugs) (40% failures) Nondeterministic bugs,
More informationDistributed Systems Theory 4. Remote Procedure Call. October 17, 2008
Distributed Systems Theory 4. Remote Procedure Call October 17, 2008 Client-server model vs. RPC Client-server: building everything around I/O all communication built in send/receive distributed computing
More informationProgram Analysis. CSCE Lecture 16-03/03/2016
Program Analysis CSCE 747 - Lecture 16-03/03/2016 Axiom of Testing Program testing can be used to show the presence of bugs, but never their absence. - Dijkstra Gregory Gay CSCE 747 - Spring 2016 2 Holy
More informationFast Byte-Granularity Software Fault Isolation
Fast Byte-Granularity Software Fault Isolation Manuel Costa Microsoft Research, Cambridge Joint work with: Miguel Castro, Jean-Philippe Martin, Marcus Peinado, Periklis Akritidis, Austin Donnelly, Paul
More informationSimulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1
Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 2012 The MathWorks, Inc. 1 Agenda Formal Verification Key concept Applications Verification of designs against (functional) requirements Design error detection Test
More information16 Sharing Main Memory Segmentation and Paging
Operating Systems 64 16 Sharing Main Memory Segmentation and Paging Readings for this topic: Anderson/Dahlin Chapter 8 9; Siberschatz/Galvin Chapter 8 9 Simple uniprogramming with a single segment per
More informationExpressing high level optimizations within LLVM. Artur Pilipenko
Expressing high level optimizations within LLVM Artur Pilipenko artur.pilipenko@azul.com This presentation describes advanced development work at Azul Systems and is for informational purposes only. Any
More informationHAFT Hardware-Assisted Fault Tolerance
HAFT Hardware-Assisted Fault Tolerance Dmitrii Kuvaiskii Rasha Faqeh Pramod Bhatotia Christof Fetzer Technische Universität Dresden Pascal Felber Université de Neuchâtel Hardware Errors in the Wild Online
More informationIronclad C++ A Library-Augmented Type-Safe Subset of C++
Ironclad C++ A Library-Augmented Type-Safe Subset of C++ Christian DeLozier, Richard Eisenberg, Peter-Michael Osera, Santosh Nagarakatte*, Milo M. K. Martin, and Steve Zdancewic October 30, 2013 University
More information1. Memory technology & Hierarchy
1 Memory technology & Hierarchy Caching and Virtual Memory Parallel System Architectures Andy D Pimentel Caches and their design cf Henessy & Patterson, Chap 5 Caching - summary Caches are small fast memories
More informationHard Real-Time Garbage Collection in Java Virtual Machines
Hard Real-Time Garbage Collection in Java Virtual Machines... towards unrestricted real-time programming in Java Fridtjof Siebert, IPD, University of Karlsruhe 1 Jamaica Systems Structure Exisiting GC
More informationAutomated Application of Fault Tolerance Mechanisms in a Component-Based System
Automated Application of Fault Tolerance Mechanisms in a Component-Based System Isabella Thomm Michael Stilkerich Rüdiger Kapitza Daniel Lohmann Wolfgang Schröder-Preikschat {ithomm,stilkerich,rrkapitz,lohmann,wosch}@cs.fau.de
More information15 Sharing Main Memory Segmentation and Paging
Operating Systems 58 15 Sharing Main Memory Segmentation and Paging Readings for this topic: Anderson/Dahlin Chapter 8 9; Siberschatz/Galvin Chapter 8 9 Simple uniprogramming with a single segment per
More informationSABLEJIT: A Retargetable Just-In-Time Compiler for a Portable Virtual Machine p. 1
SABLEJIT: A Retargetable Just-In-Time Compiler for a Portable Virtual Machine David Bélanger dbelan2@cs.mcgill.ca Sable Research Group McGill University Montreal, QC January 28, 2004 SABLEJIT: A Retargetable
More informationRun-Time Environments/Garbage Collection
Run-Time Environments/Garbage Collection Department of Computer Science, Faculty of ICT January 5, 2014 Introduction Compilers need to be aware of the run-time environment in which their compiled programs
More informationSoftware Speculative Multithreading for Java
Software Speculative Multithreading for Java Christopher J.F. Pickett and Clark Verbrugge School of Computer Science, McGill University {cpicke,clump}@sable.mcgill.ca Allan Kielstra IBM Toronto Lab kielstra@ca.ibm.com
More informationBypassing Browser Memory Protections
Bypassing Browser Memory Protections Network Security Instructor: Dr. Shishir Nagaraja September 10, 2011. 1 Introduction to the topic A number of memory protection mechanisms like GS, SafeSEH, DEP and
More informationReal-World Buffer Overflow Protection in User & Kernel Space
Real-World Buffer Overflow Protection in User & Kernel Space Michael Dalton, Hari Kannan, Christos Kozyrakis Computer Systems Laboratory Stanford University http://raksha.stanford.edu 1 Motivation Buffer
More informationUsing the Singularity Research Development Kit
Using the Research Development Kit James Larus & Galen Hunt Microsoft Research ASPLOS 08 Tutorial March 1, 2008 Outline Overview (Jim) Rationale & key decisions architecture Details (Galen) Safe Languages
More informationThe basic operations defined on a symbol table include: free to remove all entries and free the storage of a symbol table
SYMBOL TABLE: A symbol table is a data structure used by a language translator such as a compiler or interpreter, where each identifier in a program's source code is associated with information relating
More informationStatic Analysis and Bugfinding
Static Analysis and Bugfinding Alex Kantchelian 09/12/2011 Last week we talked about runtime checking methods: tools for detecting vulnerabilities being exploited in deployment. So far, these tools have
More informationQPSI. Qualcomm Technologies Countermeasures Update
QPSI Qualcomm Technologies Countermeasures Update 1 Introduction Sometime back in 2010 Let s have exploit countermeasures on our products Why? Hard to fix all bugs. We might as well make them more fun
More informationCPSC 3740 Programming Languages University of Lethbridge. Data Types
Data Types A data type defines a collection of data values and a set of predefined operations on those values Some languages allow user to define additional types Useful for error detection through type
More informationRuntime. The optimized program is ready to run What sorts of facilities are available at runtime
Runtime The optimized program is ready to run What sorts of facilities are available at runtime Compiler Passes Analysis of input program (front-end) character stream Lexical Analysis token stream Syntactic
More informationDynamic Memory Allocation: Basic Concepts
Dynamic Memory Allocation: Basic Concepts CSE 238/2038/2138: Systems Programming Instructor: Fatma CORUT ERGİN Slides adapted from Bryant & O Hallaron s slides 1 Today Basic concepts Implicit free lists
More informationJamaicaVM Java for Embedded Realtime Systems
JamaicaVM Java for Embedded Realtime Systems... bringing modern software development methods to safety critical applications Fridtjof Siebert, 25. Oktober 2001 1 Deeply embedded applications Examples:
More informationSeparating Access Control Policy, Enforcement, and Functionality in Extensible Systems. Robert Grimm University of Washington
Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems Robert Grimm University of Washington Extensions Added to running system Interact through low-latency interfaces Form
More informationCMSC 330: Organization of Programming Languages
CMSC 330: Organization of Programming Languages Memory Management and Garbage Collection CMSC 330 Spring 2017 1 Memory Attributes Memory to store data in programming languages has the following lifecycle
More informationTolerating Hardware Device Failures in Software. Asim Kadav, Matthew J. Renzelmann, Michael M. Swift University of Wisconsin Madison
Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M. Swift University of Wisconsin Madison Current state of OS hardware interaction Many device drivers assume device
More informationCS 430 Spring Mike Lam, Professor. Data Types and Type Checking
CS 430 Spring 2015 Mike Lam, Professor Data Types and Type Checking Type Systems Type system Rules about valid types, type compatibility, and how data values can be used Benefits of a robust type system
More informationAUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann
AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel Alexander Züpke, Marc Bommert, Daniel Lohmann alexander.zuepke@hs-rm.de, marc.bommert@hs-rm.de, lohmann@cs.fau.de Motivation Automotive and Avionic industry
More informationCS 161 Exam II Winter 2018 FORM 1
CS 161 Exam II Winter 2018 FORM 1 Please put your name and form number on the scantron. True (A)/False (B) (28 pts, 2 pts each) 1. The following array declaration is legal double scores[]={0.1,0.2,0.3;
More informationLimitations of the stack
The heap hic 1 Limitations of the stack int *table_of(int num, int len) { int table[len+1]; for (int i=0; i
More informationIntrusion Detection and Malware Analysis
Intrusion Detection and Malware Analysis Host Based Attacks Pavel Laskov Wilhelm Schickard Institute for Computer Science Software security threats Modification of program code viruses and self-replicating
More informationFault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard
Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO 26262 standard NMI Automotive Electronics Systems 2013 Event Victor Reyes Technical Marketing System
More informationPrinceton University Computer Science 217: Introduction to Programming Systems. Dynamic Memory Management
Princeton University Computer Science 217: Introduction to Programming Systems Dynamic Memory Management 1 Goals of this Lecture Help you learn about: The need for dynamic* memory mgmt (DMM) Implementing
More informationLecture Notes on Advanced Garbage Collection
Lecture Notes on Advanced Garbage Collection 15-411: Compiler Design André Platzer Lecture 21 November 4, 2010 1 Introduction More information on garbage collection can be found in [App98, Ch 13.5-13.7]
More informationCSE 307: Principles of Programming Languages
CSE 307: Principles of Programming Languages Variables and Constants R. Sekar 1 / 22 Topics 2 / 22 Variables and Constants Variables are stored in memory, whereas constants need not be. Value of variables
More informationHomework I - Solution
CS 426 Fall 2017 1 Homework I - Solution Homework I - Solution CS 426 Compiler Construction Fall Semester 2017 1. (50 points) Intermediate representations: (a) (25 points) Construct a Control-Flow Graph
More informationBaggy bounds checking. Periklis Akri5dis, Manuel Costa, Miguel Castro, Steven Hand
Baggy bounds checking Periklis Akri5dis, Manuel Costa, Miguel Castro, Steven Hand C/C++ programs are vulnerable Lots of exis5ng code in C and C++ More being wrieen every day C/C++ programs are prone to
More informationReal-Time Garbage Collection Panel JTRES 2007
Real-Time Garbage Collection Panel JTRES 2007 Bertrand Delsart, Sun Sean Foley, IBM Kelvin Nilsen, Aonix Sven Robertz, Lund Univ Fridtjof Siebert, aicas Feedback from our customers Is it fast enough to
More informationCMSC 330: Organization of Programming Languages
CMSC 330: Organization of Programming Languages Memory Management and Garbage Collection CMSC 330 - Spring 2013 1 Memory Attributes! Memory to store data in programming languages has the following lifecycle
More informationSome Lessons Learned from Designing the Resource PKI
Some Lessons Learned from Designing the Resource PKI Geoff Huston Chief Scientist, APNIC May 2007 Address and Routing Security The basic security questions that need to be answered are: Is this a valid
More informationRun-time Environments - 3
Run-time Environments - 3 Y.N. Srikant Computer Science and Automation Indian Institute of Science Bangalore 560 012 NPTEL Course on Principles of Compiler Design Outline of the Lecture n What is run-time
More informationDynamic Memory Allocation. Basic Concepts. Computer Organization 4/3/2012. CSC252 - Spring The malloc Package. Kai Shen
Dynamic Memory Allocation: Basic Concepts Kai Shen Dynamic Memory Allocation Programmers use dynamic memory allocators (such as malloc) to acquire memory at run time. For data structures whose size is
More informationSpectre and Meltdown: Data leaks during speculative execution
Spectre and Meltdown: Data leaks during speculative execution Speaker: Jann Horn (Google Project Zero) Paul Kocher (independent) Daniel Genkin (University of Pennsylvania and University of Maryland) Yuval
More informationCSE 504: Compiler Design. Runtime Environments
Runtime Environments Pradipta De pradipta.de@sunykorea.ac.kr Current Topic Procedure Abstractions Mechanisms to manage procedures and procedure calls from compiler s perspective Runtime Environment Choices
More informationLecture Notes on Queues
Lecture Notes on Queues 15-122: Principles of Imperative Computation Frank Pfenning Lecture 9 September 25, 2012 1 Introduction In this lecture we introduce queues as a data structure and linked lists
More informationOn the Algorithm for Specializing Java Programs with Generic Types
On the Algorithm for Specializing Java Programs with Generic Types Daniel Selifonov, Nathan Dahlberg, Elena Machkasova Computer Science Discipline University of Minnesota Morris Morris MN, 56267 selif004,dahlb061,elenam@umn.edu
More information_äìé`çêé» VM Memory Mapping and Memory Usage. Application Note. November CSR Cambridge Science Park Milton Road Cambridge CB4 0WH United Kingdom
_äìé`çêé» VM Memory Mapping and Memory Usage Application Note November 2006 CSR Cambridge Science Park Milton Road Cambridge CB4 0WH United Kingdom Registered in England 4187346 Tel: +44 (0)1223 692000
More informationLanguage Security. Lecture 40
Language Security Lecture 40 (from notes by G. Necula) Prof. Hilfinger CS 164 Lecture 40 1 Lecture Outline Beyond compilers Looking at other issues in programming language design and tools C Arrays Exploiting
More informationCompiler Construction
Compiler Construction Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-16/cc/ Recap: Static Data Structures Outline of Lecture 18 Recap:
More informationOperating Systems Design Exam 3 Review: Spring Paul Krzyzanowski
Operating Systems Design Exam 3 Review: Spring 2012 Paul Krzyzanowski pxk@cs.rutgers.edu 1 Question 1 An Ethernet device driver implements the: (a) Data Link layer. (b) Network layer. (c) Transport layer.
More informationDynamic Memory Allocation: Basic Concepts
Dynamic Memory Allocation: Basic Concepts 15-213: Introduction to Computer Systems 19 th Lecture, March 30, 2017 Instructor: Franz Franchetti & Seth Copen Goldstein 1 Today Basic concepts Implicit free
More informationDieHard: Probabilistic Memory Safety for Unsafe Programming Languages
DieHard: Probabilistic Memory Safety for Unsafe Programming Languages Emery Berger University of Massachusetts Amherst Ben Zorn Microsoft Research Problems with Unsafe Languages C, C++: pervasive apps,
More information