hardware support for isolation
DESCRIPTION
Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011. Hardware Support for Isolation. SVA. Cryptographic secure computation. e.g., Enforce properties on a malicious OS. Binary translation and emulation. Data-centric security. - PowerPoint PPT PresentationTRANSCRIPT
1
Hardware Support for IsolationKrste AsanovicU.C. Berkeley
MURI “DHOSA” Site VisitApril 28, 2011
TRANSFORMATION
HARDWARE SYSTEM ARCHITECTURES
SVA
Binary translation and
emulation
Formal methods
Hardware support for isolation
Dealing with malicious hardware
Cryptographic secure
computation
Data-centric security
Secure browser appliance
Secure servers
WEB-BASED ARCHITECTURES
e.g., Enforce properties on a malicious OS
e.g., Prevent dataexfiltration
e.g., Enable complex distributed systems, with resilience to hostile OS’s
TRANSFORMATION
HARDWARE SYSTEM ARCHITECTURES
SVA
Binary translation and
emulation
Formal methods
Hardware support for isolation
Dealing with malicious hardware
Cryptographic secure
computation
Data-centric security
Secure browser appliance
Secure servers
WEB-BASED ARCHITECTURES
e.g., Enforce properties on a malicious OS
e.g., Prevent dataexfiltration
e.g., Enable complex distributed systems, with resilience to hostile OS’s
Target Scenario
Trusted HardwareTrusted Hypervisor
Valuable Data
Normal Execution Environment
Untrusted OSNoncritical App
Secure Execution Environment
Approved information
flow
Desirable AppUntrusted OS
Undesirable information
leak
Hardware Isolation Techniques Fine-grain Memory Protection Dynamic Information Flow Tracking Secure Messaging Timing Isolation
Hardware Isolation Techniques Fine-grain Memory Protection Dynamic Information Flow Tracking Secure Messaging Timing Isolation
Modern Multicore Systems
Many shared resources:Last-level Cache InterconnectLast-Level Cache CapacityDRAM & I/O Interconnects
CPU
L1
L2Bank
DRAM
CPU
L1
L2Bank
DRAM
CPU
L1
L2Bank
DRAM
CPU
L1
L2Bank
DRAM
CPU
L1
L2Bank
DRAM
L2 Interconnect
DRAM & I/O Interconnect
All shared hardware resources can be used to build high-bandwidth timing-based covert channels
Timing-Based Covert Channel using shared interconnect
Time
Unit message time on interconnect
Sending core modulates traffic on shared interconnect (e.g., writes to given memory location over bus)
Covert “1” Covert “0”
Writes by sending core
Receiving core attempts to saturate bus with requests and observes how much bandwidth is available
Time
Writes by receiving core
Multicore & Timing-Based Attacks
Concurrent execution on different cores and high-performance on-chip interconnect allows higher-bandwidth covert channels
Ability to quickly train attacker using timing gathered when running on a subset of machine E.g., calibrate using two unsecured cores, before
using between secured and unsecured cores.
Hardware Partitioning for Timing Isolation
Partition can contain own: Cores L1 and L2 $ capacity Off-chip DRAM bandwidth On-chip interconnect bandwidth allocation
CPU
L1
L2Bank
DRAM
CPU
L1
L2Bank
DRAM
CPU
L1
L2Bank
DRAM
CPU
L1
L2Bank
DRAM
CPU
L1
L2Bank
DRAM
L2 Interconnect
DRAM & I/O Interconnect
Partition 2Partition 1
How to isolate while
retaining high efficiency?
Interconnect Partitioning Off-chip DRAM bandwidth and on-chip
interconnect bandwidth are among most expensive resources in system.
Static partitioning would require dedicated, and hence under-utilized, interconnect.
Multiplexing interconnect among multiple requesters increases system efficiency, but enables timing attacks.
Secure Interconnect Multiplexing:Time-Division Multiplexing
Statically allocate bus time slots between different cores.
Time
Insecure traffic
allocation (1/3)
Secure traffic
allocation (2/3)
Repeating fixed allocation within frame
Secure Interconnect Multiplexing:Time-Division Multiplexing
TimeInsecure traffic
allocation (1/3)
Secure traffic
allocation (2/3)
If one core cannot use slot, it is left idle even if other core has traffic to send. Cores cannot see each other’s traffic level.Secure, but wasteful.
Idle slots
Secure Interconnect Multiplexing:One-Sided Bandwidth Recycling Allow secure traffic to use unclaimed
insecure bus slots, but not vice versa. Insecure app cannot view timing of secure
app.
TimeInsecure traffic
allocation (1/3)
Secure traffic
allocation (2/3)
Recycled idle slots
Real System Interconnects Multihop interconnection networks
Rings, meshes Cache-coherence protocols
Single load or store instruction can generate dozens of individual interconnect messages
Multiple interconnection networks for memory system Separate physical networks for initial requests, snoop
traffic, responses, data payloads
Intel Sandy Bridge
Globally Synchronized Frames for Memory SystemExtending our earlier work on GSF for point-point
networks: Divide time into discrete “frames”. Each core receives allocation of credits each
frame time to perform memory operations. Credit is permission to cause worst-case traffic
on every network for one memory operation. Reclaim unused credits to boost bandwidth. For secure system, only secure cores reclaim
unused bandwidths.
FPGA Emulation of Hardware Concepts
RAMP Gold: Initial version models 64 cores of SPARC v8 with shared memory system on $750 board
Cost Performance(MIPS) Simulations per day
SoftwareSimulator $2,000 0.1 - 1 1
RAMP Gold $2,000 + $750 50 - 100 100
GSFm Status on RAMP Gold Working GSF-style memory bandwidth
reservation system on RAMP Gold Working Tessellation OS partition-based
operating system can adjust allocations to control bandwidth partitioning Also partitions cores and cache capacity.
Ongoing: investigating hardware cost/efficiency loss of asymetric bandwidth recycling.
Adoption path Hardware vendors already considering
partitioning support for performance isolation Real-time guarantees (e.g., media playback) Service-level guarantees (e.g., cloud computing) Performance tuning (e.g., repeatable timing)
Small tweak could also prevent timing channels
Other Hardware Isolation Mechanisms in Progress
Fine-grained memory protection and protection domains
Fine-grain dynamic information flow tracking
User-level protected message passing Direct protected communication between
trusted app components and trusted services
Questions?