Cross-core Microarchitectural Attacks and Countermeasures

In the last decade, multi-threaded systems and resource sharing have brought a number of technologies that facilitate our daily tasks in a way we never imagined. Among others, cloud computing has emerged to offer us powerful computational resources without having to physically acquire and install them, while smartphones have almost acquired the same importance desktop computers had a decade ago. This has only been possible thanks to the ever evolving performance optimization improvements made to modern microarchitectures that efficiently manage concurrent usage of hardware resources. One of the aforementioned optimizations is the usage of shared Last Level Caches (LLCs) to balance different CPU core loads and to maintain coherency between shared memory blocks utilized by different cores. The latter for instance has enabled concurrent execution of several processes in low RAM devices such as smartphones. Although efficient hardware resource sharing has become the de-facto model for several modern technologies, it also poses a major concern with respect to security. Some of the concurrently executed co-resident processes might in fact be malicious and try to take advantage of hardware proximity. New technologies usually claim to be secure by implementing sandboxing techniques and executing processes in isolated software environments, called Virtual Machines (VMs). However, the design of these isolated environments aims at preventing pure software- based attacks and usually does not consider hardware leakages. In fact, the malicious utilization of hardware resources as covert channels might have severe consequences to the privacy of the customers. Our work demonstrates that malicious customers of such technologies can utilize the LLC as the covert channel to obtain sensitive information from a co-resident victim. We show that the LLC is an attractive resource to be targeted by attackers, as it offers high resolution and, unlike previous microarchitectural attacks, does not require core-colocation. Particularly concerning are the cases in which cryptography is compromised, as it is the main component of every security solution. In this sense, the presented work does not only introduce three attack variants that can be applicable in different scenarios, but also demonstrates the ability to recover cryptographic keys (e.g. AES and RSA) and TLS session messages across VMs, bypassing sandboxing techniques. Finally, two countermeasures to prevent microarchitectural attacks in general and LLC attacks in particular from retrieving fine- grain information are presented. Unlike previously proposed countermeasures, ours do not add permanent overheads in the system but can be utilized as preemptive defenses. The first identifies leakages in cryptographic software that can potentially lead to key extraction, and thus, can be utilized by cryptographic code designers to ensure the sanity of their libraries before deployment. The second detects microarchitectural attacks embedded into innocent-looking binaries, preventing them from being posted in official application repositories that usually have the full trust of the customer

UTP WEB DESKTOP ENVIRONMENT

This report describes about the implementation of UTP Web Desktop Environment using Asynchronous JavaScript and XML (AJAX) as main programming languages. The UTP Web Desktop Environment is an online 'desktop' workspace for student where it contains multiple applications that can be accessed simultaneously within a single web browser. The system may promote a new way of experiencing web applications where students are given a bunch of ways to manipulate the system. The objective of the development of the system is to provide a web-based desktop environment that allows user to interact with the desktop workspace as same as user's computer operating system's desktop. Due to some limitation of conventional web applications where most of the content of it is static and dull, it is also the aim of this research to explore the feasibility of using AJAX as the main programming language since it make applications more responsive, interactive, and customizable. To carry out this study, some researches have been made by comparing the requirement of this system with a similar system, WebOS which leads to the objectives of this application. Based on the flow of RAD, the prototypes are developed along with the new ideas of designing it specifically for student's interest. Some researches have also been made about RSS and AJAX's components, requirements, and implementation to distinguish the advantages of using them rather than using other programming languages. The application is driven by EyeOS MicroServer which responsible for managing web server and AJAX compiler. By implementing this project for UTP student, the author can conclude that it will provides students with a cutting edge systems that never been applied before where students may find it very helpful and interesting to organize their live and work

Capabilities for cross-layer micro-service security

Shared infrastructure computing has become ubiquitous; from the smallest start-up deploying on a multi-tenant cloud to the largest corporations whose separate branches all deploy to a shared private cloud. In both cases, the security challenges are similar and are unique from the legacy model of deploying monolithic applications on dedicated hardware. In the case of a multi-tenant cloud deployment, attacks can stem from other tenants who are not part of the same security domain, be that a different security-level within a single organization, or distinct organizations on a public cloud. In addition to nearly ubiquitous adoption of shared infrastructure, the rise of so called “micro-services” poses a set of unique challenges and advantages to security. The micro-service moniker stems from the idea of a Service Oriented Architecture (SOA) with a focus on having a small code base for each component of an application. The SOA approach is complimented by the DevOps movement in which software development practices are being applied to operations. These development and deployment techniques are here to stay as they enable more thorough testing, reliable deployment, and calability that previous software architectures only supported with extensive rewriting. In this dissertation, we focus on providing security to this new paradigm of computing. These trends force us to face security challenges unique to cloud computing such as passive cache-based side-channel attacks. In addition to new challenges, this new paradigm also affords us better tools and services due to the well-defined behavior of micro-services. Here, we focus on mitigating security risks by leveraging the Principle of Least Privilege (PoLP) at every layer of the stack: the interface between the operating system and the hardware, the system call interface, and within individual applications. We implement the PoLP through layer specific capabilities by mapping the security challenges present in cloud computing to a Take-Grant relational model between subjects. We conceptually extend the notion of “subject” to include subjects at every layer of the cloud stack. Additionally, we explore adding more trust guarantees to subject relationship monitoring. Finally, we explore fine grained memory operations within a micro-service that can impact a micro-service’s relationships with other subjects in the system

Data base management system analysis and performance testing with respect to NASA requirements

Several candidate Data Base Management Systems (DBM's) that could support the NASA End-to-End Data System's Integrated Data Base Management System (IDBMS) Project, later rescoped and renamed the Packet Management System (PMS) were evaluated. The candidate DBMS systems which had to run on the Digital Equipment Corporation VAX 11/780 computer system were ORACLE, SEED and RIM. Oracle and RIM are both based on the relational data base model while SEED employs a CODASYL network approach. A single data base application which managed stratospheric temperature profiles was studied. The primary reasons for using this application were an insufficient volume of available PMS-like data, a mandate to use actual rather than simulated data, and the abundance of available temperature profile data

The Orion GN and C Data-Driven Flight Software Architecture for Automated Sequencing and Fault Recovery

The Orion Crew Exploration Vehicle (CET) is being designed to include significantly more automation capability than either the Space Shuttle or the International Space Station (ISS). In particular, the vehicle flight software has requirements to accommodate increasingly automated missions throughout all phases of flight. A data-driven flight software architecture will provide an evolvable automation capability to sequence through Guidance, Navigation & Control (GN&C) flight software modes and configurations while maintaining the required flexibility and human control over the automation. This flexibility is a key aspect needed to address the maturation of operational concepts, to permit ground and crew operators to gain trust in the system and mitigate unpredictability in human spaceflight. To allow for mission flexibility and reconfrgurability, a data driven approach is being taken to load the mission event plan as well cis the flight software artifacts associated with the GN&C subsystem. A database of GN&C level sequencing data is presented which manages and tracks the mission specific and algorithm parameters to provide a capability to schedule GN&C events within mission segments. The flight software data schema for performing automated mission sequencing is presented with a concept of operations for interactions with ground and onboard crew members. A prototype architecture for fault identification, isolation and recovery interactions with the automation software is presented and discussed as a forward work item

Enabling Usable and Performant Trusted Execution

A plethora of major security incidents---in which personal identifiers belonging to hundreds of millions of users were stolen---demonstrate the importance of improving the security of cloud systems. To increase security in the cloud environment, where resource sharing is the norm, we need to rethink existing approaches from the ground-up. This thesis analyzes the feasibility and security of trusted execution technologies as the cornerstone of secure software systems, to better protect users' data and privacy. Trusted Execution Environments (TEE), such as Intel SGX, has the potential to minimize the Trusted Computing Base (TCB), but they also introduce many challenges for adoption. Among these challenges are TEE's significant impact on applications' performance and non-trivial effort required to migrate legacy systems to run on these secure execution technologies. Other challenges include managing a trustworthy state across a distributed system and ensuring these individual machines are resilient to micro-architectural attacks. In this thesis, I first characterize the performance bottlenecks imposed by SGX and suggest optimization strategies. I then address two main adoption challenges for existing applications: managing permissions across a distributed system and scaling the SGX's mechanism for proving authenticity and integrity. I then analyze the resilience of trusted execution technologies to speculative execution, micro-architectural attacks, which put cloud infrastructure at risk. This analysis revealed a devastating security flaw in Intel's processors which is known as Foreshadow/L1TF. Finally, I propose a new architectural design for out-of-order processors which defeats all known speculative execution attacks.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/155139/1/oweisse_1.pd

An accurate prefetching policy for object oriented systems

PhD ThesisIn the latest high-performance computers, there is a growing requirement for accurate prefetching(AP) methodologies for advanced object management schemes in virtual memory and migration systems. The major issue for achieving this goal is that of finding a simple way of accurately predicting the objects that will be referenced in the near future and to group them so as to allow them to be fetched same time. The basic notion of AP involves building a relationship for logically grouping related objects and prefetching them, rather than using their physical grouping and it relies on demand fetching such as is done in existing restructuring or grouping schemes. By this, AP tries to overcome some of the shortcomings posed by physical grouping methods. Prefetching also makes use of the properties of object oriented languages to build inter and intra object relationships as a means of logical grouping. This thesis describes how this relationship can be established at compile time and how it can be used for accurate object prefetching in virtual memory systems. In addition, AP performs control flow and data dependency analysis to reinforce the relationships and to find the dependencies of a program. The user program is decomposed into prefetching blocks which contain all the information needed for block prefetching such as long branches and function calls at major branch points. The proposed prefetching scheme is implemented by extending a C++ compiler and evaluated on a virtual memory simulator. The results show a significant reduction both in the number of page fault and memory pollution. In particular, AP can suppress many page faults that occur during transition phases which are unmanageable by other ways of fetching. AP can be applied to a local and distributed virtual memory system so as to reduce the fault rate by fetching groups of objects at the same time and consequently lessening operating system overheads.British Counci

WRITE-INTENSIVE DATA MANAGEMENT IN LOG-STRUCTURED STORAGE

Ph.DDOCTOR OF PHILOSOPH

Building an Expert Database System in C Using Clips and Paradox

Computer Scienc