Leveraging concurrency for performance and security

Shalabi, Yasser

Permalink

https://hdl.handle.net/2142/108227 Copy

Description

Title

Leveraging concurrency for performance and security

Author(s)

Shalabi, Yasser

Issue Date

2020-03-09

Director of Research (if dissertation) or Advisor (if thesis)

Torrellas, Josep

Doctoral Committee Chair(s)

Torrellas, Josep

Committee Member(s)

• Hwu, Wen-Mei
• Fletcher, Christopher
• Huang, Jian

Department of Study

Electrical & Computer Eng

Discipline

Electrical & Computer Engr

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• Concurrency
• record and replay
• security
• return oriented programming
• side channel attack
• prime and probe
• spectre

Abstract

"In this thesis we explore methods for exploiting concurrency to improve the security and performance of computing systems. We put forth four proposals: the Concurrency Accelerator (ConcAcl), Record-and-Replay Safe (RnRSafe), ReplayConfusion, and ReplayEndurance. With ConcAcl we accelerate concurrency management operations by creating a dedicated layer that is programmed by supervisor software (e.g. Operating System kernels or multi-threading runtimes). This layer is provisioned with dedicated compute and memory resources which are replicated across all cores in a multi-core processor. ConcAcl hosts procedures which are designed to exploit this unique arrangement to accelerate synchronization-heavy operations that are critical for concurrency. We use ConcAcl to offload functions related to event-synchronization, cross-core remote procedure calls, and task scheduling. In addition to improving concurrency management we also explore techniques which exploit concurrency to extract security benefits. The difficulty of implementing hardware-enforced security policies is exacerbated by a trade-off between implementation intrusiveness and completeness of methods. Methods which can guarantee detection will often require radical architectural changes. In addition, security systems need to be flexible, as security threats continuously evolve. To help address these requirements, we propose utilizing a novel framework where ``Record and Deterministic Replay"" (RnR) is used to {\em complement} hardware security features. We call our approach RnRSafe. By recording non-deterministic behaviors concurrent replay can be used to investigate potential alarms. Thus, RnRSafe reduces the cost of security hardware by allowing it to be less precise at detecting attacks, potentially reporting false positives. We show how RnRSafe can be used to defend against Return Oriented Programming (ROP) attacks with minimal changes to the processor architecture. We also propose exploiting concurrent record and replay to enable the detection of otherwise undetectable covert channel attacks using two techniques -- ReplayConfusion and ReplayEndurance. %These techniques allow the detection of covert channels which flow across the Last Level Cache or across the speculative execution boundary. Covert channels encode secret values in sub-architectural features like caches and buffers. To detect covert channels we propose techniques similar to our RnR-Safe approach. First, the original instruction execution is recorded. Then, in either offline or online fashion, a replay is performed under a slightly altered configuration designed to alter sub-architectural behaviors. Thus, by comparing the original instruction execution to the modified replay-time execution, a signal can be extracted which measures the divergence between the recorded and replayed program in order to estimate the program's sensitivity to sub-architectural behaviors. With ReplayConfusion we alter parameters which organize the last-level cache and with ReplayEndurance we modify those which govern speculative execution. Altogether, this enables the construction of robust defenses against these attacks which can defend systems despite insecure hardware."

Graduation Semester

2020-05

Type of Resource

Thesis

Permalink

http://hdl.handle.net/2142/108227

Copyright and License Information

Copyright 2020 Yasser Shalabi

Owning Collections