Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh."— Presentation transcript:

1 An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh. (ISCA 2006) Lecture: Juan Carlos Martinez Santos

2 Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments

3 Introduction Taxonomy of Network Service Loss

4 Introduction INDRA – Integrated framework for Dependable and Revivable Architectures  Self-healing network  New programming model  Exploits the characteristics of a multicore processor

5 Introduction Main advantages:  Consolidated security and revivability.  High efficiency monitoring, backup, and recovery.

6 Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments

7 Remote Attack Insulation and Service Revivability Features in INDRA:  The ability to implement a component which is insulated from remote exploits.  The ability to detect erroneous and corrupted states during software execution.  The ability to automatically recover compromised services with minimal performance impact.

8 Remote Attack Insulation and Service Revivability Thread and Fault Model  Buffer overflow  Privilege escalation  Corruption of the application’s memory space  Denied of Service - DoS

9 Remote Attack Insulation and Service Revivability Intrusion Revivable and Instant Recoverable Multi-core System  INDRA tries to repair damages caused by malicious request in real time.  INDRA tries to process every received service request.

10 Remote Attack Insulation and Service Revivability

11 Why Multi-core Processors?  Multi-level Insulation  Fine-grained Internal State Logging  Tight Processor Core Coupling and Control  Reconfigurability

12 Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments

13 INDRA Architecture

14 Asymmetric Multi-core and Insulation  Remote exploit insulation Dual or multiple-systems Memory space isolation Network isolation  Boot sequence

15 INDRA Architecture Monitoring and Introspection

16 INDRA Architecture Monitoring and Introspection  Function Call/Return  Code Origin Inspection  Control Transfer Inspection  False Positive vs. False Negative  Synchronization

17 INDRA Architecture State Backup and Recovery  Memory State Backup and Recovery  Hybrid Recovery Scheme  System Resource Recovery  Connection State Recovery

18 INDRA Architecture State Backup and Recovery

19 INDRA Architecture

20 Processing of Memory Write

21 INDRA Architecture Processing of Memory Read

22 INDRA Architecture Processing of Service Request

23 INDRA Architecture

24 Hybrid Recovery Scheme

25 INDRA Architecture Limitation  INDRA does not promise to handle all conceivable attacks and recover from all possible corrupted machine states.  INDRA’s architectural design does not attempt any file system recovery assuming that all disk writes are issued by verified program execution and properly checked.  INDRA is also not a replacement for the conventional means of patching software vulnerabilities.  Last, INDRA does not handle attacks that jam a network channel, e.g. router flooding.

26 Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments

27 Evaluation Security Evaluation Performance  Monitor  State Backup and Recovery

28 Evaluation Processor model parameters

29 Evaluation Impact of Shared Queue SizeMonitoring Overhead

30 Evaluation Slowdown by backup and rollback Slowdown using traditional memory virtual checkpoint

31 Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments

32 Related Work Exploit Detection Recovery  Traditional Recovery  Reactive Immune System and DIRA  Reliability and Security Engine  Memory State Recovery

33 Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments

34 Conclusion INDRA creates a remote attack immune hardware sandbox based on asymmetric configuration among different cores to create a solid insulation against malicious exploits. INDRA proposes a novel delta backup scheme for resurrectees to enable high speed recovery when an attack or a fault is detected by their resurrector. INDRA provides better dependability and availability for high performance production servers hosting high volume networked services. INDRA facilitates a fast backup and recovery mechanism that shows a substantial improvement against the conventional checkpointing schemes.

35 Outline Introduction Remote Attack Insulation and Service Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments

36 Ever the focus of this paper is in the recovery of network services caused by malicious remote exploit attacks, some aspects are important, for example, synchronization and hardware insulation. Buffer overflow (vulnerable)  No prevention  Detection  Avoid Denied of Service This approach presents performance degradation due to synchronization process. A solution could be sampling the process of checking, for example, only in IL1 missing.

37 Questions? Thank you.

Download ppt "An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh."

Similar presentations

Henry C. H. Chen and Patrick P. C. Lee

Henry C. H. Chen and Patrick P. C. Lee
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
CS 345 Computer System Overview

CS 345 Computer System Overview
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
1 Virtual Private Caches ISCA’07 Kyle J. Nesbit, James Laudon, James E. Smith Presenter: Yan Li.

1 Virtual Private Caches ISCA’07 Kyle J. Nesbit, James Laudon, James E. Smith Presenter: Yan Li.
User Level Interprocess Communication for Shared Memory Multiprocessor by Bershad, B.N. Anderson, A.E., Lazowska, E.D., and Levy, H.M.

User Level Interprocess Communication for Shared Memory Multiprocessor by Bershad, B.N. Anderson, A.E., Lazowska, E.D., and Levy, H.M.
Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (http://www.cs.umn.edu/Ajanta/publications.html)http://www.cs.umn.edu/Ajanta/publications.html.

Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., 2006. All rights reserved. Chapter 4: Integrity and security.

Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 4: Integrity and security.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
DISTRIBUTED COMPUTING

DISTRIBUTED COMPUTING
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Hacking Framework Extended: The Role of Vulnerabilities Joseph H. Schuessler Bahorat Ibragimova 8 th Annual Security Conference Las Vegas, Nevada April.

Hacking Framework Extended: The Role of Vulnerabilities Joseph H. Schuessler Bahorat Ibragimova 8 th Annual Security Conference Las Vegas, Nevada April.
Design and Implementation of a Single System Image Operating System for High Performance Computing on Clusters Christine MORIN PARIS project-team, IRISA/INRIA.

Design and Implementation of a Single System Image Operating System for High Performance Computing on Clusters Christine MORIN PARIS project-team, IRISA/INRIA.
Computer System Lifecycle Chapter 1. Introduction Computer System users, administrators, and designers are all interested in performance evaluation. Whether.

Computer System Lifecycle Chapter 1. Introduction Computer System users, administrators, and designers are all interested in performance evaluation. Whether.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Similar presentations

Ads by Google