Presentation is loading. Please wait.

Presentation is loading. Please wait.

Parallelizing Security Checks on Commodity Hardware E.B. Nightingale, D. Peek, P.M. Chen and J. Flinn U Michigan.

Published byBrittney Bennett Modified over 8 years ago

Similar presentations

Presentation on theme: "Parallelizing Security Checks on Commodity Hardware E.B. Nightingale, D. Peek, P.M. Chen and J. Flinn U Michigan."— Presentation transcript:

1 Parallelizing Security Checks on Commodity Hardware E.B. Nightingale, D. Peek, P.M. Chen and J. Flinn U Michigan

2 Overview Introduction Speculator Design Parallel lifeguards Evaluation Conclusion

3 Introduction Security checkers (lifeguards) are too slow (~30X with taintcheck) Multi core systems are increasingly popular Can we exploit idle cores to improve lifeguard performance Speck (Speculative Error ChecKing), parallelizes lifeguards to improve performance

4 Introduction (2) Security checks are decoupled from application execution Security checks are executed in parallel on separate cores Speculator for speculative execution and rollback

5 Speculator OS level support for speculative execution and rollback Checkpoint process state before system call execution Use buffering to hide side effects (e.g I/O) of speculative execution Block process if cannot hide side effects Rollback to checkpoint state if necessary

6 Speck Design Fork instrumented clones of monitored application to run on other cores Security checks run on instrumented clones OS logging to handle non deterministic execution e.g signal delivery, system call results Speculator for speculative execution and rollback of system call

7 Design

8 Parallel Lifeguards Process Memory Analysis System Call Analysis Taint Analysis

9 Parallel Process Memory Analysis Security violations can be detected in memory –Decrypted virus image –Leaked data Check each store location for pattern All checks are independent Easy to parallelize

10 Parallel System Call Analysis Analyze program behavior using system calls –Check system call parameters –Check system call history Checks are independent Easy to parallelize

11 Parallel Taint Analysis Detect critical use of malicious input –Track propagation of input Pin based sequential taintcheck is 18X Checking is inherently sequential and hard to parallelize Log based approach to parallelize –Parallel log generation by instrumented clones (workers) –Sequential log processing by master

12 Parallel Taint Analysis Workers Generate log segments from replayed execution Eliminate redundant log records using mark and sweep algorithm (6X compression ratio) Send compressed segments to master for processing

13 Parallel Taint Analysis Master Maintains metadata Process segments in log order –Detects violations –Update metadata

14 Evaluation 8-core (quad dual core) Intel Xeon – 2.66 GHz, 4GB RAM, 8MB L2, 1.33 GHz bus –Linux 2.6 (64 bit) kernel 4-core (2 dual core) Intel Xeon –2.8G Hz, 3GB RAM, 4MB L2, 800 MHz bus – Linux 2.4 (32 bit) kernel

15 Benchmarks Process memory analysis –Frames per second of mplayer playing Harry Potter trailer System call analysis –Transactions per second (TPS) of Postmark benchmark Taint Analysis –Frames per second of mplayer playing Harry Potter trailer

16 Process Memory Analysis

17 System Call Analysis

18 Taint Analysis

19 Conclusion Speck parallelizes security checks on commodity hardware Pin based lifeguards OS level support (Speculator) for speculative execution of system call Speedups with (4 workers, 8 workers) –Process memory analysis (4X, 7.5X) –System Call Analysis (3.3X, 2.8X) –Taint Analysis (1.6X, 2X)

Download ppt "Parallelizing Security Checks on Commodity Hardware E.B. Nightingale, D. Peek, P.M. Chen and J. Flinn U Michigan."

Similar presentations

Lecture 12: MapReduce: Simplified Data Processing on Large Clusters Xiaowei Yang (Duke University)

Lecture 12: MapReduce: Simplified Data Processing on Large Clusters Xiaowei Yang (Duke University)
Enabling Speculative Parallelization via Merge Semantics in STMs Kaushik Ravichandran Santosh Pande College.

Enabling Speculative Parallelization via Merge Semantics in STMs Kaushik Ravichandran Santosh Pande College.
Energy Efficiency through Burstiness Athanasios E. Papathanasiou and Michael L. Scott University of Rochester, Computer Science Department Rochester, NY.

Energy Efficiency through Burstiness Athanasios E. Papathanasiou and Michael L. Scott University of Rochester, Computer Science Department Rochester, NY.
Gwendolyn Voskuilen, Faraz Ahmad, and T. N. Vijaykumar Electrical & Computer Engineering ISCA 2010.

Gwendolyn Voskuilen, Faraz Ahmad, and T. N. Vijaykumar Electrical & Computer Engineering ISCA 2010.
+ Accelerating Fully Homomorphic Encryption on GPUs Wei Wang, Yin Hu, Lianmu Chen, Xinming Huang, Berk Sunar ECE Dept., Worcester Polytechnic Institute.

+ Accelerating Fully Homomorphic Encryption on GPUs Wei Wang, Yin Hu, Lianmu Chen, Xinming Huang, Berk Sunar ECE Dept., Worcester Polytechnic Institute.
OSDI ’10 Research Visions 3 October 2010 1 Epoch parallelism: One execution is not enough Jessica Ouyang, Kaushik Veeraraghavan, Dongyoon Lee, Peter Chen,

OSDI ’10 Research Visions 3 October Epoch parallelism: One execution is not enough Jessica Ouyang, Kaushik Veeraraghavan, Dongyoon Lee, Peter Chen,
Multithreaded FPGA Acceleration of DNA Sequence Mapping Edward Fernandez, Walid Najjar, Stefano Lonardi, Jason Villarreal UC Riverside, Department of Computer.

Multithreaded FPGA Acceleration of DNA Sequence Mapping Edward Fernandez, Walid Najjar, Stefano Lonardi, Jason Villarreal UC Riverside, Department of Computer.
Low-Cost Data Deduplication for Virtual Machine Backup in Cloud Storage Wei Zhang, Tao Yang, Gautham Narayanasamy University of California at Santa Barbara.

Low-Cost Data Deduplication for Virtual Machine Backup in Cloud Storage Wei Zhang, Tao Yang, Gautham Narayanasamy University of California at Santa Barbara.
More on Thread Level Speculation Anthony Gitter Dafna Shahaf Or Sheffet.

More on Thread Level Speculation Anthony Gitter Dafna Shahaf Or Sheffet.
Shimin Chen Big Data Reading Group.  Energy efficiency of: ◦ Single-machine instance of DBMS ◦ Standard server-grade hardware components ◦ A wide spectrum.

Shimin Chen Big Data Reading Group.  Energy efficiency of: ◦ Single-machine instance of DBMS ◦ Standard server-grade hardware components ◦ A wide spectrum.
Processor history. 1978-811984 8086/808880286 1987-88 80386 DX/SX 1990-92 80486 SX/DX 1993-95 Pentium 1997 Pentium MMX 1 23455+

Processor history / DX/SX SX/DX Pentium 1997 Pentium MMX
TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.

TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.
Process Description and Control

Process Description and Control
Operating System Support Focus on Architecture

Operating System Support Focus on Architecture
1 Lecture 8: Transactional Memory – TCC Topics: “lazy” implementation (TCC)

1 Lecture 8: Transactional Memory – TCC Topics: “lazy” implementation (TCC)
Dongyoon Lee, Benjamin Wester, Kaushik Veeraraghavan, Satish Narayanasamy, Peter M. Chen, and Jason Flinn University of Michigan, Ann Arbor Respec: Efficient.

Dongyoon Lee, Benjamin Wester, Kaushik Veeraraghavan, Satish Narayanasamy, Peter M. Chen, and Jason Flinn University of Michigan, Ann Arbor Respec: Efficient.
DoublePlay: Parallelizing Sequential Logging and Replay Kaushik Veeraraghavan Dongyoon Lee, Benjamin Wester, Jessica Ouyang, Peter M. Chen, Jason Flinn,

DoublePlay: Parallelizing Sequential Logging and Replay Kaushik Veeraraghavan Dongyoon Lee, Benjamin Wester, Jessica Ouyang, Peter M. Chen, Jason Flinn,
1 Input/Output Chapter 3 TOPICS Principles of I/O hardware Principles of I/O software I/O software layers Disks Clocks Reference: Operating Systems Design.

1 Input/Output Chapter 3 TOPICS Principles of I/O hardware Principles of I/O software I/O software layers Disks Clocks Reference: Operating Systems Design.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
MapReduce : Simplified Data Processing on Large Clusters Hongwei Wang & Sihuizi Jin & Yajing Zhang 2014.10.6.

MapReduce : Simplified Data Processing on Large Clusters Hongwei Wang & Sihuizi Jin & Yajing Zhang

Similar presentations

Ads by Google