Micro-Viruses for Fast and Accurate Characterization of Voltage Margins and Variations in Multicore Cpus
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
End-To-End Verification of Memory Isolation
Secure System Virtualization: End-to-End Verification of Memory Isolation HAMED NEMATI Doctoral Thesis Stockholm, Sweden 2017 TRITA-CSC-A-2017:18 KTH Royal Institute of Technology ISSN 1653-5723 School of Computer Science and Communication ISRN-KTH/CSC/A--17/18-SE SE-100 44 Stockholm ISBN 978-91-7729-478-8 SWEDEN Akademisk avhandling som med tillstånd av Kungl Tekniska högskolan framlägges till offentlig granskning för avläggande av teknologie doktorsexamen i datalogi fre- dagen den 20 oktober 2017 klockan 14.00 i Kollegiesalen, Kungl Tekniska högskolan, Brinellvägen 8, Stockholm. © Hamed Nemati, October 2017 Tryck: Universitetsservice US AB iii Abstract Over the last years, security kernels have played a promising role in re- shaping the landscape of platform security on today’s ubiquitous embedded devices. Security kernels, such as separation kernels, enable constructing high-assurance mixed-criticality execution platforms. They reduce the soft- ware portion of the system’s trusted computing base to a thin layer, which enforces isolation between low- and high-criticality components. The reduced trusted computing base minimizes the system attack surface and facilitates the use of formal methods to ensure functional correctness and security of the kernel. In this thesis, we explore various aspects of building a provably secure separation kernel using virtualization technology. In particular, we examine techniques related to the appropriate management of the memory subsystem. Once these techniques were implemented and functionally verified, they pro- vide reliable a foundation for application scenarios that require strong guar- antees of isolation and facilitate formal reasoning about the system’s overall security. We show how the memory management subsystem can be virtualized to enforce isolation of system components. -
UNIVERSITY of CALIFORNIA, SAN DIEGO Beneath
UNIVERSITY OF CALIFORNIA, SAN DIEGO Beneath the Attack Surface A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science by Keaton Mowery Committee in charge: Professor Hovav Shacham, Chair Professor Sorin Lerner Professor George Papen Professor Stefan Savage Professor Geoffrey M. Voelker 2015 Copyright Keaton Mowery, 2015 All rights reserved. The Dissertation of Keaton Mowery is approved and is acceptable in quality and form for publication on microfilm and electronically: Chair University of California, San Diego 2015 iii EPIGRAPH “Time forks perpetually toward innumerable futures. In one of them I am your enemy.” —JORGE LUIS BORGES (1941) Marco Polo imagined answering (or Kublai Khan imagined his answer) that the more one was lost in unfamiliar quarters of distant cities, the more one understood the other cities he had crossed to arrive there —ITALO CALVINO (1972) iv TABLE OF CONTENTS Signature Page . iii Epigraph . ........... iv Table of Contents . v List of Figures . viii List of Tables . xi Acknowledgements . xii Vita................................................. xiv Abstract of the Dissertation . xvi Introduction . 1 Chapter 1 Fingerprinting Information in JavaScript Implementations . 3 1.1 Introduction . 4 1.2 JavaScript Performance Fingerprinting . 8 1.2.1 Methodology . 8 1.2.2 Data Collection . 10 1.2.3 Results . 13 1.2.4 JavaScript Test Selection . 21 1.3 NoScript Whitelist Fingerprinting . 22 1.3.1 Attack Methodology . 23 1.3.2 Prevalence of Testable JavaScript . 26 1.3.3 Fingerprinting Speed . 28 1.4 Conclusions . 32 Chapter 2 Pixel Perfect: Fingerprinting Canvas in HTML5 . 34 2.1 Introduction . 34 2.2 HTML5 and CSS3 . -
Linux Kernel Versions the Linux Kernel Development Community Before We Begin Chapter 2
Table of Contents Linux Kernel Development Second Edition By Robert Love Publisher: Sams Publishing Pub Date: January 12, 2005 ISBN: 0-672-32720-1 Table of Pages: 432 • Contents • Index Copyright Foreword Preface So Here We Are Kernel Version Audience Book Website Second Edition Acknowledgments About the Author We Want to Hear from You! Reader Services Chapter 1. Introduction to the Linux Kernel Along Came Linus: Introduction to Linux Overview of Operating Systems and Kernels Linux Versus Classic Unix Kernels Linux Kernel Versions The Linux Kernel Development Community Before We Begin Chapter 2. Getting Started with the Kernel Obtaining the Kernel Source The Kernel Source Tree Building the Kernel A Beast of a Different Nature So Here We Are file:///D|/LKD/0672327201/toc.html (1 of 7)2005-5-26 9:47:02 Table of Contents Chapter 3. Process Management Process Descriptor and the Task Structure Process Creation The Linux Implementation of Threads Process Termination Process Wrap Up Chapter 4. Process Scheduling Policy The Linux Scheduling Algorithm Preemption and Context Switching Real-Time Scheduler-Related System Calls Scheduler Finale Chapter 5. System Calls APIs, POSIX, and the C Library Syscalls System Call Handler System Call Implementation System Call Context System Calls in Conclusion Chapter 6. Interrupts and Interrupt Handlers Interrupts Interrupt Handlers Registering an Interrupt Handler Writing an Interrupt Handler Interrupt Context Implementation of Interrupt Handling Interrupt Control Don't Interrupt Me; We're Almost Done! Chapter 7. Bottom Halves and Deferring Work Bottom Halves Softirqs Tasklets Work Queues Which Bottom Half Should I Use? Locking Between the Bottom Halves file:///D|/LKD/0672327201/toc.html (2 of 7)2005-5-26 9:47:02 Table of Contents The Bottom of Bottom-Half Processing Endnotes Chapter 8. -
Magazines and Vmem: Extending the Slab Allocator to Many Cpus and Arbitrary Resources
Magazines and Vmem: Extending the Slab Allocator to Many CPUs and Arbitrary Resources Jeff Bonwick, Sun Microsystems Jonathan Adams, California Institute of Technology Abstract The slab allocator [Bonwick94] provides efficient object caching but has two significant limitations: its global locking doesn’t scale to many CPUs, and the allocator can’t manage resources other than kernel memory. To provide scalability we introduce a per−processor caching scheme called the magazine layer that provides linear scaling to any number of CPUs. To support more general resource allocation we introduce a new virtual memory allocator, vmem, which acts as a universal backing store for the slab allocator. Vmem is a complete general−purpose resource allocator in its own right, providing several important new services; it also appears to be the first resource allocator that can satisfy arbitrary−size allocations in constant time. Magazines and vmem have yielded performance gains exceeding 50% on system−level benchmarks like LADDIS and SPECweb99. We ported these technologies from kernel to user context and found that the resulting libumem outperforms the current best−of−breed user−level memory allocators. libumem also provides a richer programming model and can be used to manage other user−level resources. 1. Introduction §4. Vmem: Fast, General Resource Allocation. The slab allocator caches relatively small objects and relies The slab allocator [Bonwick94] has taken on a life of on a more general−purpose backing store to provide its own since its introduction in these pages seven slabs and satisfy large allocations. We describe a new years ago. Initially deployed in Solaris 2.4, it has resource allocator, vmem, that can manage arbitrary since been adopted in whole or in part by several other sets of integers − anything from virtual memory operating systems including Linux, FreeBSD, addresses to minor device numbers to process IDs. -
Arxiv:2005.02605V1 [Cs.CR] 6 May 2020
Secure System Virtualization: End-to-End Verification of Memory Isolation HAMED NEMATI arXiv:2005.02605v1 [cs.CR] 6 May 2020 Doctoral Thesis Stockholm, Sweden 2017 TRITA-CSC-A-2017:18 KTH Royal Institute of Technology ISSN 1653-5723 School of Computer Science and Communication ISRN-KTH/CSC/A--17/18-SE SE-100 44 Stockholm ISBN 978-91-7729-478-8 SWEDEN Akademisk avhandling som med tillstånd av Kungl Tekniska högskolan framlägges till offentlig granskning för avläggande av teknologie doktorsexamen i datalogi fre- dagen den 20 oktober 2017 klockan 14.00 i Kollegiesalen, Kungl Tekniska högskolan, Brinellvägen 8, Stockholm. © Hamed Nemati, October 2017 Tryck: Universitetsservice US AB iii Abstract Over the last years, security kernels have played a promising role in re- shaping the landscape of platform security on today’s ubiquitous embedded devices. Security kernels, such as separation kernels, enable constructing high-assurance mixed-criticality execution platforms. They reduce the soft- ware portion of the system’s trusted computing base to a thin layer, which enforces isolation between low- and high-criticality components. The reduced trusted computing base minimizes the system attack surface and facilitates the use of formal methods to ensure functional correctness and security of the kernel. In this thesis, we explore various aspects of building a provably secure separation kernel using virtualization technology. In particular, we examine techniques related to the appropriate management of the memory subsystem. Once these techniques were implemented and functionally verified, they pro- vide reliable a foundation for application scenarios that require strong guar- antees of isolation and facilitate formal reasoning about the system’s overall security. -
Proceedings of the 2001 USENIX Annual Technical Conference
USENIX Association Proceedings of the 2001 USENIX Annual Technical Conference Boston, Massachusetts, USA June 25–30, 2001 THE ADVANCED COMPUTING SYSTEMS ASSOCIATION © 2001 by The USENIX Association All Rights Reserved For more information about the USENIX Association: Phone: 1 510 528 8649 FAX: 1 510 548 5738 Email: [email protected] WWW: http://www.usenix.org Rights to individual papers remain with the author or the author's employer. Permission is granted for noncommercial reproduction of the work for educational or research purposes. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Magazines and Vmem: Extending the Slab Allocator to Many CPUs and Arbitrary Resources Jeff Bonwick, Sun Microsystems Jonathan Adams, California Institute of Technology Abstract The slab allocator [Bonwick94] provides efficient object caching but has two significant limitations: its global locking doesn’t scale to many CPUs, and the allocator can’t manage resources other than kernel memory. To provide scalability we introduce a per−processor caching scheme called the magazine layer that provides linear scaling to any number of CPUs. To support more general resource allocation we introduce a new virtual memory allocator, vmem, which acts as a universal backing store for the slab allocator. Vmem is a complete general−purpose resource allocator in its own right, providing several important new services; it also appears to be the first resource allocator that can satisfy arbitrary−size allocations in constant time. Magazines and vmem have yielded performance gains exceeding 50% on system−level benchmarks like LADDIS and SPECweb99. We ported these technologies from kernel to user context and found that the resulting libumem outperforms the current best−of−breed user−level memory allocators.