Hardware Architectures for Secure, Reliable, and Energy-Efficient Real-Time Systems
Total Page:16
File Type:pdf, Size:1020Kb
HARDWARE ARCHITECTURES FOR SECURE, RELIABLE, AND ENERGY-EFFICIENT REAL-TIME SYSTEMS A Dissertation Presented to the Faculty of the Graduate School of Cornell University in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy by Daniel Lo August 2015 c 2015 Daniel Lo ALL RIGHTS RESERVED HARDWARE ARCHITECTURES FOR SECURE, RELIABLE, AND ENERGY-EFFICIENT REAL-TIME SYSTEMS Daniel Lo, Ph.D. Cornell University 2015 The last decade has seen an increased ubiquity of computers with the widespread adoption of smartphones and tablets and the continued spread of embedded cyber-physical systems. With this integration into our environ- ments, it has become important to consider the real-world interactions of these computers rather than simply treating them as abstract computing machines. For example, cyber-physical systems typically have real-time constraints in or- der to ensure safe and correct physical interactions. Similarly, even mobile and desktop systems, which are not traditionally considered real-time systems, are inherently time-sensitive because of their interaction with users. Traditional techniques proposed for improving hardware architectures are not designed with these real-time constraints in mind. In this thesis, we explore some of the challenges and opportunities in hardware design for real-time systems. Specifi- cally, we study recent techniques for improving security, reliability, and energy- efficiency of computer systems. Run-time monitoring has been shown to be a promising technique for im- proving system security and reliability. Applying run-time monitoring to real- time systems introduces challenges due to the performance impact of monitor- ing. To address this, we first developed a technique for estimating the worst- case execution time impact of run-time monitoring, enabling it to be applied within existing real-time system design methodologies. Next, we developed hardware architectures that selectively enable and disable monitoring in order to meet real-time deadlines while still allowing a portion of the monitoring to be performed. We show architectures for hard and soft real-time systems, with different design decisions and trade-offs for each. Dynamic voltage and frequency scaling (DVFS) is commonly found in mod- ern processors as a way to dynamically trade off power and performance. In the presence of real-time deadlines, this presents an opportunity for improved energy-efficiency by slowing down jobs to reduce energy while still meeting deadline requirements. We developed a method for creating DVFS controllers that are able to predict the appropriate frequency level for tasks before they execute and show improved energy savings and reduced deadline misses com- pared to current state-of-the-art DVFS controllers. BIOGRAPHICAL SKETCH Daniel Lo received his Bachelor of Science (with Honors) degree in Electrical Engineering from the California Institute of Technology in 2009. At that time, he began doctoral studies at Cornell University in the department of Electrical and Computer Engineering. He has interned with the Jet Propulsion Labora- tory, Applied Minds, and Intel. His research lies at the intersection of computer architecture, computer security, and real-time systems. iii ACKNOWLEDGEMENTS First and foremost, I would like to thank my advisor, Ed Suh. Without Ed’s guidance, collaboration, and mentorship, this thesis would not have been pos- sible. I would also like to thank my other committee members, Rajit Manohar and Mark Campbell, for their guidance and advice throughout my Ph.D. career. The work in this thesis was not a solo effort. Special thanks to Tao Chen and Mohamed Ismail for their help on our work on secure and reliable real- time systems. Similarly, special thanks to Taejoon Song for his help on our work on energy-efficient real-time systems. I want to thank Rahul Mangharam for our early discussions that led us to pursue this research direction into real-time systems. I would also like to thank Franc¸ois Guimbretiere` for his feedback and insight on user interactions. The Suh Research Group and CSL have been a great academic, as well as social, community to be a part of. They have been a wonderful group of peo- ple to bounce ideas of, share knowledge, and to get lunch with. Thank you to Ray Huang for helping me get set up and started when I first arrived at Cor- nell. Thank you to KK Yu for always being there whenever I needed a favor. Thanks to Ji Kim for introducing to me to Dungeons and Dragons and a myriad of new board games. Thanks to Andrew Ferraiuolo for always being free when I needed to take a break and thanks to Shreesha Srinath for showing me some great places to eat in Ithaca. My time at Cornell would not have been as enjoyable without all the friends that I have made here. Thank you to Nata Saslafsy, Koyuki Nakamura, Harri- son Ko, and Scott Johnson for some great skate sessions and for teaching me to snowboard. Thanks to Crystal Lu for showing me that there’s more to life than work. Thanks to Carissa Kang, Elizabeth Wijaya, Lynette Saw, Bryan Chong, iv and Mairin Ng for teaching me Singlish over Mahjong. I also want to thank the Cornell Longboarding Club, Libe Slope FC, Mystery Machine, the Cayuga Windsurfing Club, the Cornell Cube Clube, the Glen Region SCCA, and the En- chanted Badger. These communities have helped me make Ithaca a place to call home for these six years. Finally, I would like to thank my parents for teaching me the value of hard work and discipline. I would not have been able to complete this journey with- out their continued support. v TABLE OF CONTENTS Biographical Sketch . iii Acknowledgements . iv Table of Contents . vi List of Tables . ix List of Figures . .x 1 Introduction 1 1.1 Secure and Reliable Real-Time Systems . .3 1.2 Energy-Efficient Real-Time Systems . .4 1.3 Organization . .5 2 Background 6 2.1 Real-Time Systems . .6 2.2 Run-Time Monitoring . .8 2.2.1 Overview . .8 2.2.2 Hardware Architecture . .8 2.2.3 Example: Array Bounds Check . 12 3 WCET Analysis of Run-Time Monitoring 15 3.1 Introduction . 15 3.2 WCET Analysis . 16 3.2.1 Analysis Assumptions . 16 3.2.2 Implicit Path Enumeration . 16 3.2.3 Sequential Monitoring Bound . 18 3.2.4 FIFO Model . 18 3.2.5 MILP Formulation . 23 3.3 Example MILP Formulation . 26 3.3.1 Example Setup . 26 3.3.2 Creating the MFG . 28 3.3.3 Calculating the Monitoring Load . 28 3.3.4 MILP Optimization . 33 3.4 Evaluation . 33 3.4.1 Experimental Setup . 33 3.4.2 WCET Results . 36 3.4.3 Time to Solve Linear Programming Problem . 38 4 Run-Time Monitoring for Hard Real-Time Systems 40 4.1 Introduction . 40 4.2 Opportunistic Monitoring . 42 4.2.1 Measuring Slack . 42 4.2.2 Dropping Tasks . 45 4.3 Hardware-Based Dropping Architecture . 47 vi 4.3.1 Slack Tracking . 48 4.3.2 Metadata Invalidation Module . 49 4.3.3 Filtering Invalid Metadata . 52 4.3.4 Full Architecture . 53 4.4 Monitoring Extensions . 54 4.4.1 Uninitialized Memory Check . 56 4.4.2 Return Address Check . 56 4.4.3 Dynamic Information Flow Tracking . 58 4.5 Evaluation . 59 4.5.1 Methodology . 59 4.5.2 Amount of Monitoring Performed . 60 4.5.3 FPGA-based Monitor . 64 4.5.4 Area and Power Overheads . 68 5 Run-Time Monitoring for Soft Real-Time Systems 70 5.1 Introduction . 70 5.2 Partial Run-Time Monitoring . 71 5.2.1 Overhead of Run-Time Monitoring . 71 5.2.2 Partial Monitoring for Adjustable Overhead . 73 5.2.3 Applications and Metrics . 73 5.2.4 Design Challenges . 75 5.3 Architecture for Partial Monitoring . 76 5.3.1 Effects of Dropping Monitoring . 77 5.3.2 Invalidation for Preventing False Positives . 78 5.3.3 Dataflow Engine for Preventing False Positives . 79 5.3.4 Filtering Null Metadata . 81 5.4 Dropping Policies . 83 5.4.1 Deciding When to Drop . 83 5.4.2 Deciding Which Events to Drop . 85 5.5 Evaluation . 89 5.5.1 Experimental Setup . 89 5.5.2 Baseline Monitoring Overhead . 91 5.5.3 Coverage with Adjustable Partial Monitoring . 92 5.5.4 FPGA-based Monitor . 95 5.5.5 Comparing Dropping Policies . 97 5.5.6 Multiple-Run Coverage . 99 5.5.7 Area and Power Overheads . 100 6 DVFS Control for Soft Real-Time Systems 103 6.1 Introduction . 103 6.2 Execution Time Variation in Interactive Applications . 105 6.2.1 Variations in Execution Time . 105 6.2.2 Existing DVFS Controllers . 106 6.2.3 Prediction-Based Control . 108 vii 6.3 Execution Time Prediction for Energy-Efficiency . 110 6.3.1 Overview . 110 6.3.2 Program Features . 111 6.3.3 Execution Time Prediction Model . 114 6.3.4 DVFS Model . 116 6.3.5 Alternate Prediction Models . 119 6.4 System-Level Framework . 120 6.4.1 Programmer Annotation . 120 6.4.2 Off-line Analysis . 121 6.4.3 Run-time Prediction . 124 6.5 Evaluation . 125 6.5.1 Experimental Setup . 125 6.5.2 Energy Savings and Deadline Misses . 127 6.5.3 Analysis of Overheads and Error . 130 6.5.4 Under-prediction Trade-off . 133 6.5.5 Race to Idle . 134 6.5.6 Heterogeneous Cores . 136 7 Related Work 146 7.1 Real-Time Systems . 146 7.1.1 Hardware Architectures for Real-Time Systems . 146 7.1.2 Worst-Case Execution Time Analysis . 147 7.2 Security and Reliability . 148 7.2.1 Run-Time Monitoring .