An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh. (ISCA 2006) Lecture: Juan Carlos Martinez Santos
Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
Introduction Taxonomy of Network Service Loss
Introduction INDRA – Integrated framework for Dependable and Revivable Architectures Self-healing network New programming model Exploits the characteristics of a multicore processor
Introduction Main advantages: Consolidated security and revivability. High efficiency monitoring, backup, and recovery.
Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
Remote Attack Insulation and Service Revivability Features in INDRA: The ability to implement a component which is insulated from remote exploits. The ability to detect erroneous and corrupted states during software execution. The ability to automatically recover compromised services with minimal performance impact.
Remote Attack Insulation and Service Revivability Thread and Fault Model Buffer overflow Privilege escalation Corruption of the application’s memory space Denied of Service - DoS
Remote Attack Insulation and Service Revivability Intrusion Revivable and Instant Recoverable Multi-core System INDRA tries to repair damages caused by malicious request in real time. INDRA tries to process every received service request.
Remote Attack Insulation and Service Revivability
Why Multi-core Processors? Multi-level Insulation Fine-grained Internal State Logging Tight Processor Core Coupling and Control Reconfigurability
Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
INDRA Architecture
Asymmetric Multi-core and Insulation Remote exploit insulation Dual or multiple-systems Memory space isolation Network isolation Boot sequence
INDRA Architecture Monitoring and Introspection
INDRA Architecture Monitoring and Introspection Function Call/Return Code Origin Inspection Control Transfer Inspection False Positive vs. False Negative Synchronization
INDRA Architecture State Backup and Recovery Memory State Backup and Recovery Hybrid Recovery Scheme System Resource Recovery Connection State Recovery
INDRA Architecture State Backup and Recovery
INDRA Architecture
Processing of Memory Write
INDRA Architecture Processing of Memory Read
INDRA Architecture Processing of Service Request
INDRA Architecture
Hybrid Recovery Scheme
INDRA Architecture Limitation INDRA does not promise to handle all conceivable attacks and recover from all possible corrupted machine states. INDRA’s architectural design does not attempt any file system recovery assuming that all disk writes are issued by verified program execution and properly checked. INDRA is also not a replacement for the conventional means of patching software vulnerabilities. Last, INDRA does not handle attacks that jam a network channel, e.g. router flooding.
Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
Evaluation Security Evaluation Performance Monitor State Backup and Recovery
Evaluation Processor model parameters
Evaluation Impact of Shared Queue SizeMonitoring Overhead
Evaluation Slowdown by backup and rollback Slowdown using traditional memory virtual checkpoint
Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
Related Work Exploit Detection Recovery Traditional Recovery Reactive Immune System and DIRA Reliability and Security Engine Memory State Recovery
Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
Conclusion INDRA creates a remote attack immune hardware sandbox based on asymmetric configuration among different cores to create a solid insulation against malicious exploits. INDRA proposes a novel delta backup scheme for resurrectees to enable high speed recovery when an attack or a fault is detected by their resurrector. INDRA provides better dependability and availability for high performance production servers hosting high volume networked services. INDRA facilitates a fast backup and recovery mechanism that shows a substantial improvement against the conventional checkpointing schemes.
Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
Ever the focus of this paper is in the recovery of network services caused by malicious remote exploit attacks, some aspects are important, for example, synchronization and hardware insulation. Buffer overflow (vulnerable) No prevention Detection Avoid Denied of Service This approach presents performance degradation due to synchronization process. A solution could be sampling the process of checking, for example, only in IL1 missing.
Questions? Thank you.