590 research outputs found

    Resource-aware scheduling for 2D/3D multi-/many-core processor-memory systems

    Get PDF
    This dissertation addresses the complexities of 2D/3D multi-/many-core processor-memory systems, focusing on two key areas: enhancing timing predictability in real-time multi-core processors and optimizing performance within thermal constraints. The integration of an increasing number of transistors into compact chip designs, while boosting computational capacity, presents challenges in resource contention and thermal management. The first part of the thesis improves timing predictability. We enhance shared cache interference analysis for set-associative caches, advancing the calculation of Worst-Case Execution Time (WCET). This development enables accurate assessment of cache interference and the effectiveness of partitioned schedulers in real-world scenarios. We introduce TCPS, a novel task and cache-aware partitioned scheduler that optimizes cache partitioning based on task-specific WCET sensitivity, leading to improved schedulability and predictability. Our research explores various cache and scheduling configurations, providing insights into their performance trade-offs. The second part focuses on thermal management in 2D/3D many-core systems. Recognizing the limitations of Dynamic Voltage and Frequency Scaling (DVFS) in S-NUCA many-core processors, we propose synchronous thread migrations as a thermal management strategy. This approach culminates in the HotPotato scheduler, which balances performance and thermal safety. We also introduce 3D-TTP, a transient temperature-aware power budgeting strategy for 3D-stacked systems, reducing the need for Dynamic Thermal Management (DTM) activation. Finally, we present 3QUTM, a novel method for 3D-stacked systems that combines core DVFS and memory bank Low Power Modes with a learning algorithm, optimizing response times within thermal limits. This research contributes significantly to enhancing performance and thermal management in advanced processor-memory systems

    Quality of experience and access network traffic management of HTTP adaptive video streaming

    Get PDF
    The thesis focuses on Quality of Experience (QoE) of HTTP adaptive video streaming (HAS) and traffic management in access networks to improve the QoE of HAS. First, the QoE impact of adaptation parameters and time on layer was investigated with subjective crowdsourcing studies. The results were used to compute a QoE-optimal adaptation strategy for given video and network conditions. This allows video service providers to develop and benchmark improved adaptation logics for HAS. Furthermore, the thesis investigated concepts to monitor video QoE on application and network layer, which can be used by network providers in the QoE-aware traffic management cycle. Moreover, an analytic and simulative performance evaluation of QoE-aware traffic management on a bottleneck link was conducted. Finally, the thesis investigated socially-aware traffic management for HAS via Wi-Fi offloading of mobile HAS flows. A model for the distribution of public Wi-Fi hotspots and a platform for socially-aware traffic management on private home routers was presented. A simulative performance evaluation investigated the impact of Wi-Fi offloading on the QoE and energy consumption of mobile HAS.Die Doktorarbeit beschäftigt sich mit Quality of Experience (QoE) – der subjektiv empfundenen Dienstgüte – von adaptivem HTTP Videostreaming (HAS) und mit Verkehrsmanagement, das in Zugangsnetzwerken eingesetzt werden kann, um die QoE des adaptiven Videostreamings zu verbessern. Zuerst wurde der Einfluss von Adaptionsparameters und der Zeit pro Qualitätsstufe auf die QoE von adaptivem Videostreaming mittels subjektiver Crowdsourcingstudien untersucht. Die Ergebnisse wurden benutzt, um die QoE-optimale Adaptionsstrategie für gegebene Videos und Netzwerkbedingungen zu berechnen. Dies ermöglicht Dienstanbietern von Videostreaming verbesserte Adaptionsstrategien für adaptives Videostreaming zu entwerfen und zu benchmarken. Weiterhin untersuchte die Arbeit Konzepte zum Überwachen von QoE von Videostreaming in der Applikation und im Netzwerk, die von Netzwerkbetreibern im Kreislauf des QoE-bewussten Verkehrsmanagements eingesetzt werden können. Außerdem wurde eine analytische und simulative Leistungsbewertung von QoE-bewusstem Verkehrsmanagement auf einer Engpassverbindung durchgeführt. Schließlich untersuchte diese Arbeit sozialbewusstes Verkehrsmanagement für adaptives Videostreaming mittels WLAN Offloading, also dem Auslagern von mobilen Videoflüssen über WLAN Netzwerke. Es wurde ein Modell für die Verteilung von öffentlichen WLAN Zugangspunkte und eine Plattform für sozialbewusstes Verkehrsmanagement auf privaten, häuslichen WLAN Routern vorgestellt. Abschließend untersuchte eine simulative Leistungsbewertung den Einfluss von WLAN Offloading auf die QoE und den Energieverbrauch von mobilem adaptivem Videostreaming

    Genomic epidemiology and antimicrobial resistance of Klebsiella pneumoniae in the Comunitat Valenciana

    Get PDF
    La resistencia antimicrobiana (RAM) es una importante amenaza para la salud pública a nivel mundial. El mal uso de los antibióticos ha llevado al surgimiento y propagación de infecciones resistentes a los antibióticos. Entre los patógenos que más muertes causan asociadas a la RAM bacteriana se encuentra Klebsiella pneumoniae, uno de los patógenos más preocupantes. DE hecho, en 2019, K. pneumoniae se clasificó como la segunda causa de muertes atribuible a la RAM. Entre las resistencias adquiridas en K. pneumoniae, las que mayor preocupación causan son las cepas que han desarrollado resistencia a cefalosporinas de tercera generación (3GC) y carbapenems (CRKp). En esta tesis se ha investigado la epidemiología de K. pneumoniae resistente a 3GC y carbapenems utilizando la información genómica recopilada en el proyecto Vigilancia de Klebsiella pneumoniae en la Comunitat Valenciana (SKPCV). Bajo el proyecto SKPCV, se recolectaron casi 2200 aislados de K. pneumoniae productores de ESBL y/o carbapenems durante 3 años (2017 - 2019) y posteriormente se secuenció el genoma completo utilizando tecnologías de segunda generación (Illumina) y tercera generación (Pacific Biosciences y Oxford Nanopore). Para proporcionar contexto y establecer una colección que nos permitiera dilucidar las relaciones entre los aislados de K. pneumoniae del SKPCV con los de hospitales españoles y a nivel mundial, incluimos aislados recogidos previamente en algunos hospitales del NLSAR, así como datos externos de tres bases de datos diferentes: RefSeq, GenBank y ENA. Utilizando estos datos, recogimos más de 13,000 genomas. Trabajar con conjuntos de datos grandes y garantizar la calidad de los datos puede ser un desafío, por lo tanto, creamos un filtro de control de calidad con pasos jerarquizados que evaluaron la asignación taxonómica y la contaminación interespecífica, la calidad del ensamblado, la contaminación intraespecífica y, finalmente, la similitud genómica de toda la colección. Utilizando este filtro de calidad, obtuvimos una gran colección con 1,604 genomas del SKPCV, 395 aislados retrospectivos recogidos en tres hospitales del NLSAR y más de 10,000 genomas globales disponibles en las bases de datos públicas. Finalmente, encontramos que las composiciones de linajes del SKPCV y NLSAR eran muy diversas, pero también similares a las de los genomas españoles depositados en las bases de datos. De hecho, la mayoría de los aislados de NLSAR estaban relacionados con aislados recogidos en otras regiones de España, lo que sugiere historias evolutivas similares. Nuestro análisis reveló que solo un linaje, ST307, fue responsable de la mayoría de las infecciones resistentes a 3GC y carbapenems, así como de las transmisiones interhospitalarias. También descubrimos que los determinantes de la resistencia a 3GC y carbapenems, junto con los linajes portadores correspondientes, se distribuían de manera distinta en los hospitales y que, excepto por ST307 que portaba blaCTX-M-15, la mayoría de los linajes y combinaciones de determinantes de AMR se limitaban mayormente a un solo hospital. De hecho, las poblaciones hospitalarias eran diferentes entre sí. Nuestros hallazgos sugieren que la carga de la RAM y K. pneumoniae en esta región fue el resultado de una diversidad de factores, que incluyen linajes únicos que probablemente se originaron en la comunidad o en la microbiota previa de los pacientes, así como una compleja interacción entre la transmisión de linajes entre hospitales y la proliferación local de clones problemáticos dentro de cada hospital. Nuestros hallazgos muestran que la aparición inicial de resistencia a carbapenems y la diseminación del grupo hospitalario universitario (HGUV) ocurrieron durante un corto período de un año y fue muy compleja. Encontramos seis linajes diferentes que comprendían la mayoría de la población de CRKp en el HGUV, diseminando diferentes mecanismos de resistencia (AmpC, OXA-48, NDM-1 y NDM-23) en diferentes variantes de plásmidos. Estos linajes experimentaron una expansión clonal local, con varios casos de posible transmisión directa dentro del hospital. Finalmente, utilizamos la epidemiología genómica para describir la aparición y diseminación en varios hospitales de un nuevo gen de resistencia a carbapenems, denominado blaNDM-23. Pudimos dilucidar el efecto fenotípico y el entorno genético del gen. El gen estaba contenido en un plásmido resistente a múltiples fármacos con 18 genes adicionales de resistencia a antibióticos, lo que produjo un fenotipo de resistencia a múltiples fármacos. El gen y el plásmido se encontraron en una cepa ST437. Descubrimos que el plásmido no era movilizable, por lo que la diseminación del blaNDM-23 se produjo a través de una expansión clonal. La diseminación de este linaje ST437 portador del blaNDM-23 afectó al menos a cuatro hospitales diferentes de la Comunitat Valenciana desde 2016 hasta al menos 2019, cuando concluyó nuestro muestreo

    Vehicle as a Service (VaaS): Leverage Vehicles to Build Service Networks and Capabilities for Smart Cities

    Full text link
    Smart cities demand resources for rich immersive sensing, ubiquitous communications, powerful computing, large storage, and high intelligence (SCCSI) to support various kinds of applications, such as public safety, connected and autonomous driving, smart and connected health, and smart living. At the same time, it is widely recognized that vehicles such as autonomous cars, equipped with significantly powerful SCCSI capabilities, will become ubiquitous in future smart cities. By observing the convergence of these two trends, this article advocates the use of vehicles to build a cost-effective service network, called the Vehicle as a Service (VaaS) paradigm, where vehicles empowered with SCCSI capability form a web of mobile servers and communicators to provide SCCSI services in smart cities. Towards this direction, we first examine the potential use cases in smart cities and possible upgrades required for the transition from traditional vehicular ad hoc networks (VANETs) to VaaS. Then, we will introduce the system architecture of the VaaS paradigm and discuss how it can provide SCCSI services in future smart cities, respectively. At last, we identify the open problems of this paradigm and future research directions, including architectural design, service provisioning, incentive design, and security & privacy. We expect that this paper paves the way towards developing a cost-effective and sustainable approach for building smart cities.Comment: 32 pages, 11 figure

    Efficient and Side-Channel Resistant Implementations of Next-Generation Cryptography

    Get PDF
    The rapid development of emerging information technologies, such as quantum computing and the Internet of Things (IoT), will have or have already had a huge impact on the world. These technologies can not only improve industrial productivity but they could also bring more convenience to people’s daily lives. However, these techniques have “side effects” in the world of cryptography – they pose new difficulties and challenges from theory to practice. Specifically, when quantum computing capability (i.e., logical qubits) reaches a certain level, Shor’s algorithm will be able to break almost all public-key cryptosystems currently in use. On the other hand, a great number of devices deployed in IoT environments have very constrained computing and storage resources, so the current widely-used cryptographic algorithms may not run efficiently on those devices. A new generation of cryptography has thus emerged, including Post-Quantum Cryptography (PQC), which remains secure under both classical and quantum attacks, and LightWeight Cryptography (LWC), which is tailored for resource-constrained devices. Research on next-generation cryptography is of importance and utmost urgency, and the US National Institute of Standards and Technology in particular has initiated the standardization process for PQC and LWC in 2016 and in 2018 respectively. Since next-generation cryptography is in a premature state and has developed rapidly in recent years, its theoretical security and practical deployment are not very well explored and are in significant need of evaluation. This thesis aims to look into the engineering aspects of next-generation cryptography, i.e., the problems concerning implementation efficiency (e.g., execution time and memory consumption) and security (e.g., countermeasures against timing attacks and power side-channel attacks). In more detail, we first explore efficient software implementation approaches for lattice-based PQC on constrained devices. Then, we study how to speed up isogeny-based PQC on modern high-performance processors especially by using their powerful vector units. Moreover, we research how to design sophisticated yet low-area instruction set extensions to further accelerate software implementations of LWC and long-integer-arithmetic-based PQC. Finally, to address the threats from potential power side-channel attacks, we present a concept of using special leakage-aware instructions to eliminate overwriting leakage for masked software implementations (of next-generation cryptography)

    Flexible Hardware-based Security-aware Mechanisms and Architectures

    Get PDF
    For decades, software security has been the primary focus in securing our computing platforms. Hardware was always assumed trusted, and inherently served as the foundation, and thus the root of trust, of our systems. This has been further leveraged in developing hardware-based dedicated security extensions and architectures to protect software from attacks exploiting software vulnerabilities such as memory corruption. However, the recent outbreak of microarchitectural attacks has shaken these long-established trust assumptions in hardware entirely, thereby threatening the security of all of our computing platforms and bringing hardware and microarchitectural security under scrutiny. These attacks have undeniably revealed the grave consequences of hardware/microarchitecture security flaws to the entire platform security, and how they can even subvert the security guarantees promised by dedicated security architectures. Furthermore, they shed light on the sophisticated challenges particular to hardware/microarchitectural security; it is more critical (and more challenging) to extensively analyze the hardware for security flaws prior to production, since hardware, unlike software, cannot be patched/updated once fabricated. Hardware cannot reliably serve as the root of trust anymore, unless we develop and adopt new design paradigms where security is proactively addressed and scrutinized across the full stack of our computing platforms, at all hardware design and implementation layers. Furthermore, novel flexible security-aware design mechanisms are required to be incorporated in processor microarchitecture and hardware-assisted security architectures, that can practically address the inherent conflict between performance and security by allowing that the trade-off is configured to adapt to the desired requirements. In this thesis, we investigate the prospects and implications at the intersection of hardware and security that emerge across the full stack of our computing platforms and System-on-Chips (SoCs). On one front, we investigate how we can leverage hardware and its advantages, in contrast to software, to build more efficient and effective security extensions that serve security architectures, e.g., by providing execution attestation and enforcement, to protect the software from attacks exploiting software vulnerabilities. We further propose that they are microarchitecturally configured at runtime to provide different types of security services, thus adapting flexibly to different deployment requirements. On another front, we investigate how we can protect these hardware-assisted security architectures and extensions themselves from microarchitectural and software attacks that exploit design flaws that originate in the hardware, e.g., insecure resource sharing in SoCs. More particularly, we focus in this thesis on cache-based side-channel attacks, where we propose sophisticated cache designs, that fundamentally mitigate these attacks, while still preserving performance by enabling that the performance security trade-off is configured by design. We also investigate how these can be incorporated into flexible and customizable security architectures, thus complementing them to further support a wide spectrum of emerging applications with different performance/security requirements. Lastly, we inspect our computing platforms further beneath the design layer, by scrutinizing how the actual implementation of these mechanisms is yet another potential attack surface. We explore how the security of hardware designs and implementations is currently analyzed prior to fabrication, while shedding light on how state-of-the-art hardware security analysis techniques are fundamentally limited, and the potential for improved and scalable approaches

    LIPIcs, Volume 274, ESA 2023, Complete Volume

    Get PDF
    LIPIcs, Volume 274, ESA 2023, Complete Volum

    A survey on the (in)security of trusted execution environments

    Get PDF
    As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.Funding for open access charge: Universidad de Málaga / CBUA This work has been partially supported by the Spanish Ministry of Science and Innovation through the SecureEDGE project (PID2019-110565RB-I00), and by the by the Andalusian FEDER 2014–2020 Program through the SAVE project (PY18-3724)
    corecore