Presentation is loading. Please wait.

Presentation is loading. Please wait.

S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M."— Presentation transcript:

1 S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M

2 Goals Design information flow control on multicore message passing Determine the cost of safe communication to CPU performance Low impact to receiving node from malicious sender

3 Asbestos Prevents unauthorized communication Message passing Applications set their policy Single Core

4 Asbestos on Multicore Distributed labels and checks Hardware component + trusted library Message passing OS Hardware OS Hardware OS Hardware

5 OS Hardware OS Hardware OS Hardware OS – Taint Unit Network Hardware – Taint Unit Design

6 Message Request Taint S p1 R p2 Taint Protocol - Simple = ?

7 Problem Sending Process Changes Taint Label Before Responding With Taint

8 Message Request Taint S p1 R p2 Taint Sending Process Modifies Taint Modify Taint

9 OS Hardware OS Hardware OS Hardware OS – Taint Unit Network Hardware – Taint Unit Design

10 Message, round = 2 Request Taint, round = 2 S p1 R p2 Taint, round = 2 Protocol – With Round Numbers Modify Taint

11 Problem Every Message Requires Three Messages

12 OS Hardware OS Hardware OS Hardware OS – Taint Unit Network Hardware – Taint Unit Design

13 Message, round = 2 S p1 R p2 Cache The Taint Check Result Hardware – Taint Unit 2p1p211

14 Problem Buffering Messages Requires Receiving Node CPU Time

15 Message, round = 2 S p1 R p2 Software Costs

16 OS Hardware OS Hardware OS Hardware OS – Taint Unit Network Hardware – Taint Unit Design

17 Message, round = 2 Request Taint, round = 2 S p1 R p2 Taint, round = 2 Hardware Buffer Hardware 1

18 Problem Both Sending And Receiving CPU Time Wasted on Deny

19 Message, round = 2 Request Taint, round = 2 S p1 R p2 Taint, round = 2 Software Costs = ?

20 Quick Deny – Taint Meta Data Send Taint meta data with message Reject if sender has higher number of the most classified labels

21 OS Hardware OS Hardware OS Hardware OS – Taint Unit Network Hardware – Taint Unit Design

22 Message, round = 2, meta = 3 S p1 R p2 Quick Deny – Taint Meta Data 1 Hardware – Taint Unit p126 3 Send > 1 Receive Hardware – Taint Unit p1232 REJECT

23 Problem Quality of Service

24 B = Buffering messages RT = Reading taint to send RT = Reading taint for comparison C = Comparison Message, round = 2 Request Taint, round = 2 S R Taint, round = 2 Software Costs = ?

25 B = Buffering messages RT = Reading taint to send RT = Reading taint for comparison C = Comparison Quality of Service B + RT + C RT Receiver Work Sender Work RT B + RT + C Hardware Buffer RT >> C ~ 1

26 B = Buffering messages RT = Reading taint to send RT = Reading taint for comparison C = Comparison Quality of Service RT B + RT + C Cache Hit or Quick Deny B + RT + C RT Receiver Work Sender Work

27 Communication Rate % Productive WorkCommunication Rate (per node) Message Arrival Rate % Productive Work Message Arrival Rate Allowed Communication % Productive Work % of Allowed Communication All cache hits Some cache hits No cache hits All HW buffering Some HW buffering No HW buffering

28 Simulation Simics – full system multicore simulator Implemented message passing Added latency at nodes to represent –Buffering messages –Reading taint to send –Reading taint for comparison –Comparison

29 Conclusions Message passing is well suited for information flow tracking We can bound the cost of secure communication in a distributed protocol

Download ppt "S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M."

Similar presentations

--- IT Acumens. COMIT Acumens. COM SNMP Project. AIM The aim of our project is to monitor and manage the performance of a network. The aim of our project.

--- IT Acumens. COMIT Acumens. COM SNMP Project. AIM The aim of our project is to monitor and manage the performance of a network. The aim of our project.
Cache Coherence Mechanisms (Research project) CSCI-5593

Cache Coherence Mechanisms (Research project) CSCI-5593
The Building Blocks: Send and Receive Operations

The Building Blocks: Send and Receive Operations
CA 714CA Midterm Review. C5 Cache Optimization Reduce miss penalty –Hardware and software Reduce miss rate –Hardware and software Reduce hit time –Hardware.

CA 714CA Midterm Review. C5 Cache Optimization Reduce miss penalty –Hardware and software Reduce miss rate –Hardware and software Reduce hit time –Hardware.
1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.
CMP206 – Introduction to Data Communication & Networks Lecture 1 - Networking Fundamentals.

CMP206 – Introduction to Data Communication & Networks Lecture 1 - Networking Fundamentals.
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Protocols and software for exploiting Myrinet clusters Congduc Pham and the main contributors P. Geoffray, L. Prylli, B. Tourancheau, R. Westrelin.

Protocols and software for exploiting Myrinet clusters Congduc Pham and the main contributors P. Geoffray, L. Prylli, B. Tourancheau, R. Westrelin.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1. Overview  Introduction  Motivations  Multikernel Model  Implementation – The Barrelfish  Performance Testing  Conclusion 2.

1. Overview  Introduction  Motivations  Multikernel Model  Implementation – The Barrelfish  Performance Testing  Conclusion 2.
1 Performance Modeling l Basic Model »Needed to evaluate approaches »Must be simple l Synchronization delays l Main components »Latency and Bandwidth »Load.

1 Performance Modeling l Basic Model »Needed to evaluate approaches »Must be simple l Synchronization delays l Main components »Latency and Bandwidth »Load.
1 Virtual Private Caches ISCA’07 Kyle J. Nesbit, James Laudon, James E. Smith Presenter: Yan Li.

1 Virtual Private Caches ISCA’07 Kyle J. Nesbit, James Laudon, James E. Smith Presenter: Yan Li.
1: Operating Systems Overview

1: Operating Systems Overview
Active Messages: a Mechanism for Integrated Communication and Computation von Eicken et. al. Brian Kazian CS258 Spring 2008.

Active Messages: a Mechanism for Integrated Communication and Computation von Eicken et. al. Brian Kazian CS258 Spring 2008.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
CS533 Concepts of OS Class 16 ExoKernel by Constantia Tryman.

CS533 Concepts of OS Class 16 ExoKernel by Constantia Tryman.
LogTM: Log-Based Transactional Memory Kevin E. Moore, Jayaram Bobba, Michelle J. Moravan, Mark D. Hill, & David A. Wood Presented by Colleen Lewis.

LogTM: Log-Based Transactional Memory Kevin E. Moore, Jayaram Bobba, Michelle J. Moravan, Mark D. Hill, & David A. Wood Presented by Colleen Lewis.
Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.

Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

Similar presentations

Ads by Google