SIMD-Swift: Improving Performance of Swift Fault Detection

The general tendency in modern hardware is an increase in fault rates, which is caused by the decreased operation voltages and feature sizes. Previously, the issue of hardware faults was mainly approached only in high-availability enterprise servers and in safety-critical applications, such as transport or aerospace domains. These fields generally have very tight requirements, but also higher budgets. However, as fault rates are increasing, fault tolerance solutions are starting to be also required in applications that have much smaller profit margins. This brings to the front the idea of software-implemented hardware fault tolerance, that is, the ability to detect and tolerate hardware faults using software-based techniques in commodity CPUs, which allows to get resilience almost for free. Current solutions, however, are lacking in performance, even though they show quite good fault tolerance results. This thesis explores the idea of using the Single Instruction Multiple Data (SIMD) technology for executing all program\'s operations on two copies of the same data. This idea is based on the observation that SIMD is ubiquitous in modern CPUs and is usually an underutilized resource. It allows us to detect bit-flips in hardware by a simple comparison of two copies under the assumption that only one copy is affected by a fault. We implemented this idea as a source-to-source compiler which performs hardening of a program on the source code level. The evaluation of our several implementations shows that it is beneficial to use it for applications that are dominated by arithmetic or logical operations, but those that have more control-flow or memory operations are actually performing better with the regular instruction replication. For example, we managed to get only 15% performance overhead on Fast Fourier Transformation benchmark, which is dominated by arithmetic instructions, but memory-access-dominated Dijkstra algorithm has shown a high overhead of 200%

Efficient Fault Tolerance using Intel MPX and TSX

International audienceHardware faults can cause data corruptions during computation, and they are especially harmful if these corruptions happen in data pointers. Existing solutions, however, incur high performance overheads, which is unacceptable for compute-intensive applications. In this work, we present an efficient fault-tolerance approach against hardware faults by exploiting the new extensions to the x86 architecture. In particular, we propose that Intel MPX can be effectively used to detect faults in data pointers, while Intel TSX can provide roll-back recovery against these corruptions. Our preliminary evaluation supports this hypothesis, and we estimate the average overhead to be roughly around 50%

Maintaining Security in the Era of Microarchitectural Attacks

Shared microarchitectural state is a target for side-channel attacks that leverage timing measurements to leak information across security domains. These attacks are further enhanced by speculative execution, which transiently distorts the control and data flow of applications, and by untrusted environments, where the attacker may have complete control over the victim program. Under these conditions, microarchitectural attacks can bypass software isolation mechanisms, and hence they threaten the security of virtually any application running in a shared environment. Numerous approaches have been proposed to defend against microarchitectural attacks, but we lack the means to test them and ensure their effectiveness. The users cannot test them manually because the effects of the defences are not visible to software. Testing the defences by attempting attacks is also suboptimal because the attacks are inherently unstable, and a failed attack is not always an indicator of a successful defence. Moreover, some classes of defences can be disabled at runtime. Hence, we need automated tools that would check the effectiveness of defences, both at design time and at runtime. Yet, as it is common in security, the existing solutions lag behind the developments in attacks. In this thesis, we propose three techniques that check the effectiveness of defences against modern microarchitectural attacks. Revizor is an approach to automatically detect microarchitectural information leakage in commercial black-box CPUs. SpecFuzz is a technique for dynamic testing of applications to find instances of speculative vulnerabilities. Varys is an approach to runtime monitoring of system defences against microarchitectural attacks. We show that with these techniques, we can successfully detect microarchitectural vulnerabilities in hardware and flaws in defences against them; find unpatched instances of speculative vulnerabilities in software; and detect attempts to invalidate system defences

SIMD-Swift: Improving Performance of Swift Fault Detection

The general tendency in modern hardware is an increase in fault rates, which is caused by the decreased operation voltages and feature sizes. Previously, the issue of hardware faults was mainly approached only in high-availability enterprise servers and in safety-critical applications, such as transport or aerospace domains. These fields generally have very tight requirements, but also higher budgets. However, as fault rates are increasing, fault tolerance solutions are starting to be also required in applications that have much smaller profit margins. This brings to the front the idea of software-implemented hardware fault tolerance, that is, the ability to detect and tolerate hardware faults using software-based techniques in commodity CPUs, which allows to get resilience almost for free. Current solutions, however, are lacking in performance, even though they show quite good fault tolerance results. This thesis explores the idea of using the Single Instruction Multiple Data (SIMD) technology for executing all program\'s operations on two copies of the same data. This idea is based on the observation that SIMD is ubiquitous in modern CPUs and is usually an underutilized resource. It allows us to detect bit-flips in hardware by a simple comparison of two copies under the assumption that only one copy is affected by a fault. We implemented this idea as a source-to-source compiler which performs hardening of a program on the source code level. The evaluation of our several implementations shows that it is beneficial to use it for applications that are dominated by arithmetic or logical operations, but those that have more control-flow or memory operations are actually performing better with the regular instruction replication. For example, we managed to get only 15% performance overhead on Fast Fourier Transformation benchmark, which is dominated by arithmetic instructions, but memory-access-dominated Dijkstra algorithm has shown a high overhead of 200%

Maintaining Security in the Era of Microarchitectural Attacks

Shared microarchitectural state is a target for side-channel attacks that leverage timing measurements to leak information across security domains. These attacks are further enhanced by speculative execution, which transiently distorts the control and data flow of applications, and by untrusted environments, where the attacker may have complete control over the victim program. Under these conditions, microarchitectural attacks can bypass software isolation mechanisms, and hence they threaten the security of virtually any application running in a shared environment. Numerous approaches have been proposed to defend against microarchitectural attacks, but we lack the means to test them and ensure their effectiveness. The users cannot test them manually because the effects of the defences are not visible to software. Testing the defences by attempting attacks is also suboptimal because the attacks are inherently unstable, and a failed attack is not always an indicator of a successful defence. Moreover, some classes of defences can be disabled at runtime. Hence, we need automated tools that would check the effectiveness of defences, both at design time and at runtime. Yet, as it is common in security, the existing solutions lag behind the developments in attacks. In this thesis, we propose three techniques that check the effectiveness of defences against modern microarchitectural attacks. Revizor is an approach to automatically detect microarchitectural information leakage in commercial black-box CPUs. SpecFuzz is a technique for dynamic testing of applications to find instances of speculative vulnerabilities. Varys is an approach to runtime monitoring of system defences against microarchitectural attacks. We show that with these techniques, we can successfully detect microarchitectural vulnerabilities in hardware and flaws in defences against them; find unpatched instances of speculative vulnerabilities in software; and detect attempts to invalidate system defences

SIMD-Swift: Improving Performance of Swift Fault Detection

The general tendency in modern hardware is an increase in fault rates, which is caused by the decreased operation voltages and feature sizes. Previously, the issue of hardware faults was mainly approached only in high-availability enterprise servers and in safety-critical applications, such as transport or aerospace domains. These fields generally have very tight requirements, but also higher budgets. However, as fault rates are increasing, fault tolerance solutions are starting to be also required in applications that have much smaller profit margins. This brings to the front the idea of software-implemented hardware fault tolerance, that is, the ability to detect and tolerate hardware faults using software-based techniques in commodity CPUs, which allows to get resilience almost for free. Current solutions, however, are lacking in performance, even though they show quite good fault tolerance results. This thesis explores the idea of using the Single Instruction Multiple Data (SIMD) technology for executing all program\'s operations on two copies of the same data. This idea is based on the observation that SIMD is ubiquitous in modern CPUs and is usually an underutilized resource. It allows us to detect bit-flips in hardware by a simple comparison of two copies under the assumption that only one copy is affected by a fault. We implemented this idea as a source-to-source compiler which performs hardening of a program on the source code level. The evaluation of our several implementations shows that it is beneficial to use it for applications that are dominated by arithmetic or logical operations, but those that have more control-flow or memory operations are actually performing better with the regular instruction replication. For example, we managed to get only 15% performance overhead on Fast Fourier Transformation benchmark, which is dominated by arithmetic instructions, but memory-access-dominated Dijkstra algorithm has shown a high overhead of 200%