S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Slides:

Advertisements

Similar presentations

--- IT Acumens. COMIT Acumens. COM SNMP Project. AIM The aim of our project is to monitor and manage the performance of a network. The aim of our project.

Advertisements

Cache Coherence Mechanisms (Research project) CSCI-5593

The Building Blocks: Send and Receive Operations

CA 714CA Midterm Review. C5 Cache Optimization Reduce miss penalty –Hardware and software Reduce miss rate –Hardware and software Reduce hit time –Hardware.

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.

CMP206 – Introduction to Data Communication & Networks Lecture 1 - Networking Fundamentals.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Protocols and software for exploiting Myrinet clusters Congduc Pham and the main contributors P. Geoffray, L. Prylli, B. Tourancheau, R. Westrelin.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

1. Overview  Introduction  Motivations  Multikernel Model  Implementation – The Barrelfish  Performance Testing  Conclusion 2.

1 Performance Modeling l Basic Model »Needed to evaluate approaches »Must be simple l Synchronization delays l Main components »Latency and Bandwidth »Load.

1 Virtual Private Caches ISCA’07 Kyle J. Nesbit, James Laudon, James E. Smith Presenter: Yan Li.

1: Operating Systems Overview

Active Messages: a Mechanism for Integrated Communication and Computation von Eicken et. al. Brian Kazian CS258 Spring 2008.

Figure 1.1 Interaction between applications and the operating system.

CS533 Concepts of OS Class 16 ExoKernel by Constantia Tryman.

LogTM: Log-Based Transactional Memory Kevin E. Moore, Jayaram Bobba, Michelle J. Moravan, Mark D. Hill, & David A. Wood Presented by Colleen Lewis.

Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Locality-Aware Request Distribution in Cluster-based Network Servers Presented by: Kevin Boos Authors: Vivek S. Pai, Mohit Aron, et al. Rice University.

Performance and Power Efficient On-Chip Communication Using Adaptive Virtual Point-to-Point Connections M. Modarressi, H. Sarbazi-Azad, and A. Tavakkol.

Practical TDMA for Datacenter Ethernet

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

LOGO OPERATING SYSTEM Dalia AL-Dabbagh

Operating System Review September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

1 Hardware Security Mechanisms Krste Asanovic U.C. Berkeley August 20, 2009.

Routing Protocol Evaluation David Holmer

GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.

Boosting Event Building Performance Using Infiniband FDR for CMS Upgrade Andrew Forrest – CERN (PH/CMD) Technology and Instrumentation in Particle Physics.

 Protocols used by network systems are not effective to distributed system  Special requirements are needed here.  They are in cases of: Transparency.

Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS-Related Hardware.

1 Labels and Event Processes in the Asbestos Operating System Petros Efstathopoulos, Maxwell Krohn, et al. KARTHIK ANANTAPUR BACHERAO 10/28/2005.

Chapter 19 - Binding Protocol Addresses

Performance Characterization and Architecture Exploration of PicoRadio Data Link Layer Mei Xu and Rahul Shah EE249 Project Fall 2001 Mentor: Roberto Passerone.

McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.

Intro to Firewalls. A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing.

Latency Reduction Techniques for Remote Memory Access in ANEMONE Mark Lewandowski Department of Computer Science Florida State University.

Ronny Krashinsky Erik Machnicki Software Cache Coherent Shared Memory under Split-C.

Internet Security and Firewall Design Chapter 32.

SECURING SELF-VIRTUALIZING ETHERNET DEVICES IGOR SMOLYAR, MULI BEN-YEHUDA, AND DAN TSAFRIR PRESENTED BY LUREN WANG.

ICP and the Squid Web Cache Duane Wessels and K. Claffy 산업공학과 조희권.

Simics: A Full System Simulation Platform Synopsis by Jen Miller 19 March 2004.

Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.

Software Overhead in Messaging Layers Pitch Patarasuk.

1 Technion – Israel Institute of Technology Department of Electrical Engineering High Speed Digital Systems Lab Instructor: Evgeny Fiksman Students: Meir.

Tutorial 11 Solutions. Question 1 Q1. What is meant by interactivity for streaming stored audio/video? What is meant by interactivity for real-time interactive.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Securing Distributed Systems with Information Flow Control.

Medical Center Management System Group One Jeremy Raul Phillip.

The University of Adelaide, School of Computer Science

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

Emulating Volunteer Computing Scheduling Policies Dr. David P. Anderson University of California, Berkeley May 20, 2011.

Alternative system models

RT2003, Montreal Niko Neufeld, CERN-EP & Univ. de Lausanne

SABRes: Atomic Object Reads for In-Memory Rack-Scale Computing

CMSC 611: Advanced Computer Architecture

Distributed Shared Memory

Lecture 9: Directory Protocol Implementations

Lecture 25: Multiprocessors

EXOKERNEL Gabriel Beltran John Blackman David Martin Kurt Rohrbacher

Lecture 25: Multiprocessors

A simple network connecting two machines

Presentation transcript:

S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M

Goals Design information flow control on multicore message passing Determine the cost of safe communication to CPU performance Low impact to receiving node from malicious sender

Asbestos Prevents unauthorized communication Message passing Applications set their policy Single Core

Asbestos on Multicore Distributed labels and checks Hardware component + trusted library Message passing OS Hardware OS Hardware OS Hardware

OS Hardware OS Hardware OS Hardware OS – Taint Unit Network Hardware – Taint Unit Design

Message Request Taint S p1 R p2 Taint Protocol - Simple = ?

Problem Sending Process Changes Taint Label Before Responding With Taint

Message Request Taint S p1 R p2 Taint Sending Process Modifies Taint Modify Taint

OS Hardware OS Hardware OS Hardware OS – Taint Unit Network Hardware – Taint Unit Design

Message, round = 2 Request Taint, round = 2 S p1 R p2 Taint, round = 2 Protocol – With Round Numbers Modify Taint

Problem Every Message Requires Three Messages

OS Hardware OS Hardware OS Hardware OS – Taint Unit Network Hardware – Taint Unit Design

Message, round = 2 S p1 R p2 Cache The Taint Check Result Hardware – Taint Unit 2p1p211

Problem Buffering Messages Requires Receiving Node CPU Time

Message, round = 2 S p1 R p2 Software Costs

OS Hardware OS Hardware OS Hardware OS – Taint Unit Network Hardware – Taint Unit Design

Message, round = 2 Request Taint, round = 2 S p1 R p2 Taint, round = 2 Hardware Buffer Hardware 1

Problem Both Sending And Receiving CPU Time Wasted on Deny

Message, round = 2 Request Taint, round = 2 S p1 R p2 Taint, round = 2 Software Costs = ?

Quick Deny – Taint Meta Data Send Taint meta data with message Reject if sender has higher number of the most classified labels

OS Hardware OS Hardware OS Hardware OS – Taint Unit Network Hardware – Taint Unit Design

Message, round = 2, meta = 3 S p1 R p2 Quick Deny – Taint Meta Data 1 Hardware – Taint Unit p126 3 Send > 1 Receive Hardware – Taint Unit p1232 REJECT

Problem Quality of Service

B = Buffering messages RT = Reading taint to send RT = Reading taint for comparison C = Comparison Message, round = 2 Request Taint, round = 2 S R Taint, round = 2 Software Costs = ?

B = Buffering messages RT = Reading taint to send RT = Reading taint for comparison C = Comparison Quality of Service B + RT + C RT Receiver Work Sender Work RT B + RT + C Hardware Buffer RT >> C ~ 1

B = Buffering messages RT = Reading taint to send RT = Reading taint for comparison C = Comparison Quality of Service RT B + RT + C Cache Hit or Quick Deny B + RT + C RT Receiver Work Sender Work

Communication Rate % Productive WorkCommunication Rate (per node) Message Arrival Rate % Productive Work Message Arrival Rate Allowed Communication % Productive Work % of Allowed Communication All cache hits Some cache hits No cache hits All HW buffering Some HW buffering No HW buffering

Simulation Simics – full system multicore simulator Implemented message passing Added latency at nodes to represent –Buffering messages –Reading taint to send –Reading taint for comparison –Comparison

Conclusions Message passing is well suited for information flow tracking We can bound the cost of secure communication in a distributed protocol