Files in this item



application/pdfSHALABI-DISSERTATION-2020.pdf (3MB)Restricted Access
(no description provided)PDF


Title:Leveraging concurrency for performance and security
Author(s):Shalabi, Yasser
Director of Research:Torrellas, Josep
Doctoral Committee Chair(s):Torrellas, Josep
Doctoral Committee Member(s):Hwu, Wen-Mei; Fletcher, Christopher; Huang, Jian
Department / Program:Electrical & Computer Eng
Discipline:Electrical & Computer Engr
Degree Granting Institution:University of Illinois at Urbana-Champaign
record and replay
return oriented programming
side channel attack
prime and probe
Abstract:In this thesis we explore methods for exploiting concurrency to improve the security and performance of computing systems. We put forth four proposals: the Concurrency Accelerator (ConcAcl), Record-and-Replay Safe (RnRSafe), ReplayConfusion, and ReplayEndurance. With ConcAcl we accelerate concurrency management operations by creating a dedicated layer that is programmed by supervisor software (e.g. Operating System kernels or multi-threading runtimes). This layer is provisioned with dedicated compute and memory resources which are replicated across all cores in a multi-core processor. ConcAcl hosts procedures which are designed to exploit this unique arrangement to accelerate synchronization-heavy operations that are critical for concurrency. We use ConcAcl to offload functions related to event-synchronization, cross-core remote procedure calls, and task scheduling. In addition to improving concurrency management we also explore techniques which exploit concurrency to extract security benefits. The difficulty of implementing hardware-enforced security policies is exacerbated by a trade-off between implementation intrusiveness and completeness of methods. Methods which can guarantee detection will often require radical architectural changes. In addition, security systems need to be flexible, as security threats continuously evolve. To help address these requirements, we propose utilizing a novel framework where ``Record and Deterministic Replay" (RnR) is used to {\em complement} hardware security features. We call our approach RnRSafe. By recording non-deterministic behaviors concurrent replay can be used to investigate potential alarms. Thus, RnRSafe reduces the cost of security hardware by allowing it to be less precise at detecting attacks, potentially reporting false positives. We show how RnRSafe can be used to defend against Return Oriented Programming (ROP) attacks with minimal changes to the processor architecture. We also propose exploiting concurrent record and replay to enable the detection of otherwise undetectable covert channel attacks using two techniques -- ReplayConfusion and ReplayEndurance. %These techniques allow the detection of covert channels which flow across the Last Level Cache or across the speculative execution boundary. Covert channels encode secret values in sub-architectural features like caches and buffers. To detect covert channels we propose techniques similar to our RnR-Safe approach. First, the original instruction execution is recorded. Then, in either offline or online fashion, a replay is performed under a slightly altered configuration designed to alter sub-architectural behaviors. Thus, by comparing the original instruction execution to the modified replay-time execution, a signal can be extracted which measures the divergence between the recorded and replayed program in order to estimate the program's sensitivity to sub-architectural behaviors. With ReplayConfusion we alter parameters which organize the last-level cache and with ReplayEndurance we modify those which govern speculative execution. Altogether, this enables the construction of robust defenses against these attacks which can defend systems despite insecure hardware.
Issue Date:2020-03-09
Rights Information:Copyright 2020 Yasser Shalabi
Date Available in IDEALS:2020-08-27
Date Deposited:2020-05

This item appears in the following Collection(s)

Item Statistics