DOCSLIB.ORG

A Systematic Evaluation of Transient Execution Attacks and Defenses

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Systematic Evaluation of Transient Execution Attacks and Defenses A Systematic Evaluation of Transient Execution Attacks and Defenses Claudio Canella1, Jo Van Bulck2, Michael Schwarz1, Moritz Lipp1, Benjamin von Berg1, Philipp Ortner1, Frank Piessens2, Dmitry Evtyushkin3, Daniel Gruss1 1 Graz University of Technology, 2 imec-DistriNet, KU Leuven, 3 College of William and Mary Abstract instruction which has not been executed (and retired) yet. Hence, to keep the pipeline full at all times, it is essential to Research on transient execution attacks including Spectre predict the control flow, data dependencies, and possibly even and Meltdown showed that exception or branch mispredic- the actual data. Modern CPUs, therefore, rely on intricate mi- tion events might leave secret-dependent traces in the CPU’s croarchitectural optimizations to predict and sometimes even microarchitectural state. This observation led to a prolifera- re-order the instruction stream. Crucially, however, as these tion of new Spectre and Meltdown attack variants and even predictions may turn out to be wrong, pipeline flushes may be more ad-hoc defenses (e.g., microcode and software patches). necessary, and instruction results should always be committed Both the industry and academia are now focusing on finding according to the intended in-order instruction stream. Pipeline effective defenses for known issues. However, we only have flushes may occur even without prediction mechanisms, as on limited insight on residual attack surface and the completeness modern CPUs virtually any instruction can raise a fault (e.g., of the proposed defenses. page fault or general protection fault), requiring a roll-back In this paper, we present a systematization of transient of all operations following the faulting instruction. With pre- execution attacks. Our systematization uncovers 6 (new) tran- diction mechanisms, there are more situations when partial sient execution attacks that have been overlooked and not pipeline flushes are necessary, namely on every misprediction. been investigated so far: 2 new exploitable Meltdown ef- The pipeline flush discards any architectural effects of pend- fects: Meltdown-PK (Protection Key Bypass) on Intel, and ing instructions, ensuring functional correctness. Hence, the Meltdown-BND (Bounds Check Bypass) on Intel and AMD; instructions are executed transiently (first they are, and then and 4 new Spectre mistraining strategies. We evaluate the they vanish), i.e., we call this transient execution [50, 56, 85]. attacks in our classification tree through proof-of-concept im- plementations on 3 major CPU vendors (Intel, AMD, ARM). While the architectural effects and results of transient in- Our systematization yields a more complete picture of the structions are discarded, microarchitectural side effects re- attack surface and allows for a more systematic evaluation of main beyond the transient execution. This is the foundation defenses. Through this systematic evaluation, we discover that of Spectre [50], Meltdown [56], and Foreshadow [85]. These most defenses, including deployed ones, cannot fully mitigate attacks exploit transient execution to encode secrets through all attack variants. microarchitectural side effects (e.g., cache state) that can later arXiv:1811.05441v3 [cs.CR] 15 May 2019 be recovered by an attacker at the architectural level. The field of transient execution attacks emerged suddenly and pro- 1 Introduction liferated, leading to a situation where people are not aware of all variants and their implications. This is apparent from CPU performance over the last decades was continuously the confusing naming scheme that already led to an arguably improved by shrinking processing technology and increasing wrong classification of at least one attack [48]. Even more clock frequencies, but physical limitations are already hin- important, this confusion leads to misconceptions and wrong dering this approach. To still increase the performance, ven- assumptions for defenses. Many defenses focus exclusively dors shifted the focus to increasing the number of cores and on hindering exploitation of a specific covert channel, instead optimizing the instruction pipeline. Modern CPU pipelines of addressing the microarchitectural root cause of the leak- are massively parallelized allowing hardware logic in prior age [45,47,50,91]. Other defenses rely on recent CPU features pipeline stages to perform operations for subsequent instruc- that have not yet been evaluated from a transient security per- tions ahead of time or even out-of-order. Intuitively, pipelines spective [84]. We also debunk implicit assumptions including may stall when operations have a dependency on a previous that AMD or the latest Intel CPUs are completely immune to in-place (IP) vs., out-of-place (OP) PHT-CA-IP ⭑ Meltdown-type effects, or that serializing instructions miti- mistraining Cross-address-space PHT-CA-OP ⭑ gate Spectre Variant 1 on any CPU. strategy Same-address-space PHT-SA-IP [48, 50] Spectre-PHT In this paper, we present a systematization of transient PHT-SA-OP ⭑ microarchitec- Spectre-BTB i.e. tural buffer BTB-CA-IP [13, 50] execution attacks, , Spectre, Meltdown, Foreshadow, and Spectre-RSB Cross-address-space Spectre-type BTB-CA-OP [50] related attacks. Using our decision tree, transient execution Spectre-STL [29] Same-address-space attacks are accurately classified through an unambiguous nam- BTB-SA-IP ⭑ ing scheme (cf. Figure1). The hierarchical and extensible na- prediction Cross-address-space BTB-SA-OP [13] Transient Same-address-space RSB-CA-IP [52, 59] cause? ture of our taxonomy allows to easily identify residual attack RSB-CA-OP [52] Meltdown-NM [78] Meltdown-US [56] fault fault type surface, leading to 6 previously overlooked transient execu- RSB-SA-IP [59] Meltdown-AC ⭐ Meltdown-P [85, 90] RSB-SA-OP [52, 59] tion attacks (Spectre and Meltdown variants) first described in Meltdown-type Meltdown-DE ⭐ Meltdown-RW [48] this work. Two of the attacks are Meltdown-BND, exploiting Meltdown-PF Meltdown-PK ⭑ a Meltdown-type effect on the x86 bound instruction on Intel Meltdown-UD ⭐ Meltdown-XD ⭐ and AMD, and Meltdown-PK, exploiting a Meltdown-type Meltdown-SS ⭐ Meltdown-SM ⭐ effect on memory protection keys on Intel. The other 4 attacks Meltdown-BR Meltdown-MPX [40] Meltdown-GP [8, 35] Meltdown-BND ⭑ are previously overlooked mistraining strategies for Spectre- PHT and Spectre-BTB attacks. We demonstrate the attacks Figure 1: Transient execution attack classification tree with in our classification tree through practical proofs-of-concept demonstrated attacks (red, bold), negative results (green, with vulnerable code patterns evaluated on CPUs of Intel, dashed), some first explored in this work (⭑ / ⭐). ARM, and AMD. Next, we provide a systematization of the state-of-the-art a processor supports, the available registers, the addressing defenses. Based on this, we systematically evaluate defenses mode, and describes the execution model. Examples of dif- with practical experiments and theoretical arguments to show ferent ISAs are x86 and ARMv8. The microarchitecture then which work and which do not or cannot suffice. This sys- describes how the ISA is implemented in a processor in the tematic evaluation revealed that we can still mount transient form of pipeline depth, interconnection of elements, execution execution attacks that are supposed to be mitigated by rolled units, cache, branch prediction. The ISA and the microarchi- out patches. Finally, we discuss how defenses can be designed tecture are both stateful. In the ISA, this state includes, for to mitigate entire types of transient execution attacks. instance, data in registers or main memory after a success- Contributions. The contributions of this work are: ful computation. Therefore, the architectural state can be ob- 1. We systematize Spectre- and Meltdown-type attacks, ad- served by the developer. The microarchitectural state includes, vancing attack surface understanding, highlighting mis- for instance, entries in the cache and the translation lookaside classifications, and revealing new attacks. buffer (TLB), or the usage of the execution units. Those mi- 2. We provide a clear distinction between Meltdown/Spectre, croarchitectural elements are transparent to the programmer required for designing effective countermeasures. and can not be observed directly, only indirectly. 3. We categorize defenses and show that most, including Out-of-Order Execution. On modern CPUs, individual in- deployed ones, cannot fully mitigate all attack variants. structions of a complex instruction set are first decoded and 4. We describe new branch mistraining strategies, highlight- split-up into simpler micro-operations (µOPs) that are then ing the difficulty of eradicating Spectre-type attacks. processed. This design decision allows for superscalar op- We responsibly disclosed the work to Intel, ARM, and AMD. timizations and to extend or modify the implementation of Experimental Setup. Unless noted otherwise, the experi- specific instructions through so-called microcode updates. mental results reported were performed on recent Intel Sky- Furthermore, to increase performance, CPU’s usually imple- lake i5-6200U, Coffee Lake i7-8700K, and Whiskey Lake i7- ment a so-called out-of-order design. This allows the CPU 8565U CPUs. Our AMD test machines were a Ryzen 1950X to execute µOPs not only in the sequential order provided by and a Ryzen Threadripper 1920X. For experiments on ARM, the instruction stream but to dispatch them in parallel, utiliz- an NVIDIA Jetson TX1 has been used. ing the CPU’s
Load more

Recommended publications
  • What Is an Operating System III 2.1 Compnents II an Operating System
    Page 1 of 6 What is an Operating System III 2.1 Compnents II An operating system (OS) is software that manages computer hardware and software resources and provides common services for computer programs. The operating system is an essential component of the system software in a computer system. Application programs usually require an operating system to function. Memory management Among other things, a multiprogramming operating system kernel must be responsible for managing all system memory which is currently in use by programs. This ensures that a program does not interfere with memory already in use by another program. Since programs time share, each program must have independent access to memory. Cooperative memory management, used by many early operating systems, assumes that all programs make voluntary use of the kernel's memory manager, and do not exceed their allocated memory. This system of memory management is almost never seen any more, since programs often contain bugs which can cause them to exceed their allocated memory. If a program fails, it may cause memory used by one or more other programs to be affected or overwritten. Malicious programs or viruses may purposefully alter another program's memory, or may affect the operation of the operating system itself. With cooperative memory management, it takes only one misbehaved program to crash the system. Memory protection enables the kernel to limit a process' access to the computer's memory. Various methods of memory protection exist, including memory segmentation and paging. All methods require some level of hardware support (such as the 80286 MMU), which doesn't exist in all computers.
    [Show full text]
  • Irmx® 286/Irmx® II Troubleshooting Guide
    iRMX® 286/iRMX® II Troubleshooting Guide Q1/1990 Order Number: 273472-001 inter iRMX® 286/iRMX® II Troubleshooting Guide Q1/1990 Order Number: 273472-001 Intel Corporation 2402 W. Beardsley Road Phoenix, Arizona Mailstop DV2-42 Intel Corporation (UK) Ltd. Pipers Way Swindon, Wiltshire SN3 1 RJ United Kingdom Intel Japan KK 5-6 Tokodai, Toyosato-machi Tsukuba-gun Ibaragi-Pref. 300-26 An Intel Technical Report from Technical Support Operations Copyright ©1990, Intel Corporation Copyright ©1990, Intel Corporation The information in this document is subject to change without notice. Intel Corporation makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Intel Corporation assumes no responsibility for any errors that ~ay :!ppe3r in this d~ur:::ent. Intel Corpomtion make:; nc ccmmitmcut tv update nor to keep C"l..iiTeilt thc information contained in this document. Intel Corporation assUmes no responsibility for the use of any circuitry other than circuitry embodied in an Intel product. No other circuit patent licenses are implied. Intel software products are copyrighted by and shall remain the property of Intel Corporation. Use, duplication or disclosure is subject to restrictions stated in Intel's software license, or as defined in FAR 52.227-7013. No part of this document may be copied or reproduced in any form or by any means without the prior written consent of Intel Corporation. The following are trademarks of Intel Corporation
    [Show full text]
  • CS 151: Introduction to Computers
    Information Technology: Introduction to Computers Handout One Computer Hardware 1. Components a. System board, Main board, Motherboard b. Central Processing Unit (CPU) c. RAM (Random Access Memory) SDRAM. DDR-RAM, RAMBUS d. Expansion cards i. ISA - Industry Standard Architecture ii. PCI - Peripheral Component Interconnect iii. PCMCIA - Personal Computer Memory Card International Association iv. AGP – Accelerated Graphics Port e. Sound f. Network Interface Card (NIC) g. Modem h. Graphics Card (AGP – accelerated graphics port) i. Disk drives (A:\ floppy diskette; B:\ obsolete 5.25” floppy diskette; C:\Internal Hard Disk; D:\CD-ROM, CD-R/RW, DVD-ROM/R/RW (Compact Disk-Read Only Memory) 2. Peripherals a. Monitor b. Printer c. Keyboard d. Mouse e. Joystick f. Scanner g. Web cam Operating system – a collection of files and small programs that enables input and output. The operating system transforms the computer into a productive entity for human use. BIOS (Basic Input Output System) date, time, language, DOS – Disk Operating System Windows (Dual, parallel development for home and industry) Windows 3.1 Windows 3.11 (Windows for Workgroups) Windows 95 Windows N. T. (Network Technology) Windows 98 Windows N. T. 4.0 Windows Me Windows 2000 Windows XP Home Windows XP Professional The Evolution of Windows Early 80's IBM introduced the Personal PC using the Intel 8088 processor and Microsoft's Disk Operating System (DOS). This was a scaled down computer aimed at business which allowed a single user to execute a single program. Many changes have been introduced over the last 20 years to bring us to where we are now.
    [Show full text]
  • Parallel Architectures
    Parallel architectures Denis Barthou [email protected] 1 Parallel architectures 2014-2015 D. Barthou 1- Objectives of this lecture ● Analyze and understand how parallel machines work ● Study modern parallel architectures ● Use this knowledge to write better code 2 Parallel architectures 2014-2015 D. Barthou Outline 1. Introduction 2. Unicore architecture Pipeline, OoO, superscalar, VLIW, branch prediction, ILP limit 3. Vectors Definition, vectorization 4. Memory and caches Principle, caches, multicores and optimization 5. New architectures and accelerators 3 Parallel architectures 2014-2015 D. Barthou 1- Parallelism Many services and machines are already parallel ● Internet and server infrastructures ● Data bases ● Games ● Sensor networks (cars, embedded equipment, …) ● ... What's new ? 4 Parallel architectures 2014-2015 D. Barthou 1- Parallelism Many services and machines are already parallel ● Internet and server infrastructures ● Data bases ● Games ● Sensor networks (cars, embedded equipment, …) ● ... What's new ? ● Parallelism everywhere ● Dramatic increase of parallelism inside a compute node 5 Parallel architectures 2014-2015 D. Barthou 1- Multicore/manycore Many core already there Nvidia Kepler: 192 cores Intel Tera chip, 2007 7,1 billion of transistors (80 cores) Intel SCC, 2010 (48 cores) Many Integrated Chips ou Xeon Phi (60 cores) 6 Parallel architectures 2014-2015 D. Barthou 1- Why so many cores ? Moore's law Every 18 mois, the number of transistors double, with the same cost (1965) Exponential law applies on: ● Processor performance, ● Memory & disk capacity ● Size of the wire ● Heat dissipated 7 Parallel architectures 2014-2015 D. Barthou 1- Moore's law, limiting factor: W W = CV2f 8 Parallel architectures 2014-2015 D. Barthou 1- Impacts ● No more increase in frequency ● Increase in core number 9 Parallel architectures 2014-2015 D.
    [Show full text]
  • BCIS 1305 Business Computer Applications
    BCIS 1305 Business Computer Applications BCIS 1305 Business Computer Applications San Jacinto College This course was developed from generally available open educational resources (OER) in use at multiple institutions, drawing mostly from a primary work curated by the Extended Learning Institute (ELI) at Northern Virginia Community College (NOVA), but also including additional open works from various sources as noted in attributions on each page of materials. Cover Image: “Keyboard” by John Ward from https://flic.kr/p/tFuRZ licensed under a Creative Commons Attribution License. BCIS 1305 Business Computer Applications by Extended Learning Institute (ELI) at NOVA is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted. CONTENTS Module 1: Introduction to Computers ..........................................................................................1 • Reading: File systems ....................................................................................................................................... 1 • Reading: Basic Computer Skills ........................................................................................................................ 1 • Reading: Computer Concepts ........................................................................................................................... 1 • Tutorials: Computer Basics................................................................................................................................ 1 Module 2: Computer
    [Show full text]
  • "LISARM: Embedded ARM Platform Design and Optimization" Thesis
    POLITECNICO DI TORINO III Facolt`adi Ingegneria Corso di Laurea in Ingegneria Elettronica Tesi di Laurea LISARM: embedded ARM platform design and optimization Relatori: Prof. Guido Masera Ing. Maurizio Martina Ing. Fabrizio Vacca Candidato: Carlo Ceriani Aprile 2007 A mia madre, a mio padre e . a chi ha avuto ¯ducia in me I Acknowledgements Il primo e pi`ugrande ringraziamento va a mia madre, per il fondamentale supporto datomi in questi lunghi anni di studi, per non avermi mai fatto mancare la propria ¯ducia ed avermi saputo dare i giusti stimoli, soprattutto nei momenti pi`udi±cili. In queste righe non posso non ricordare mio padre, in particolare per avermi insegnato che, rimboccandosi le maniche ed avendo ¯ducia nelle proprie capacit`a,ci si pu`o sempre spingere oltre, allargando i propri orizzonti. Ringrazio il mio relatore, prof. Guido Masera, ed i miei corelatori, Maurizio Martina e Fabrizio Vacca, per le essenziali consulenze, per avermi saputo indirizzare negli snodi cruciali del mio lavoro e per avermi messo a disposizione le risorse di cui necessitavo. Ringrazio gli altri componenti del VLSILab, con i quali ho avuto il piacere di condividere questa esperienza, per essersi sempre dimostrati disponibili a risolvere una moltitudine di ordinari problemi presentatisi. Un particolare ringraziamento va a Federico Quaglio, per l'aiuto che mi ha dato sia nella fase di ricerca e sviluppo del progetto, che in quella di stesura di questo elaborato. Trattandosi dell'atto conclusivo di un lungo percorso di studi, ma anche e soprat- tutto per suggellare un tratto importante della mia vita, ringrazio tutti coloro che in questo cammino hanno saputo arricchire la mia vita di conoscenza, di esperienza, ma anche semplicemente di piacevoli momenti di svago.
    [Show full text]
  • How Can I Test My Memory
    How can I test my memory A defective memory module(s) can cause various issues on your computer. These are just a few of the possible issues you may encounter. It is important to remember the issues below can also be caused by more than just defective memory. 1. Computer doesn't boot and/or you get a beep code. Check your motherboard manual for the error code if you are unsure what it means. 2. Random computer crashes including BSOD (Blue Screen of Death), General Protection Fault error messages, Illegal Operations, Fatal Exceptions, etc. 3. Random Reboots. 4. OS or other application installation failure. How can we be sure that the memory is defective before starting the RMA exchange process? There are programs available that are designed to test the computer's memory. We recommend Memtest86+ to test your computer's memory. Please visit this link to download and install Memtest86+ for an ISO image or USB Drive: Link To make a bootable Floppy from with in Windows, First you would download the memtest utility to your HDD, then using www.winzip.com extract it to the same directory. Please then get a floppy and do a fresh full format on it, and if there are any bad sectors just throw it away and get a new one. Then click on the install.bat file in the directory where you downloaded and extracted the files and follow the on screen prompts. To make a Bootable CD from within windows you would download the ISO image that has a .zip extension.
    [Show full text]
  • Energy Efficient Branch Prediction
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of Hertfordshire Research Archive Energy Efficient Branch Prediction Michael Andrew Hicks A thesis submitted in partial fulfilment of the requirements of the University of Hertfordshire for the degree of Doctor of Philosophy December 2007 To my family and friends. Contents 1 Introduction 1 1.1 Thesis Statement . 1 1.2 Motivation and Energy Efficiency . 1 1.3 Branch Prediction . 3 1.4 Contributions . 4 1.5 Dissertation Structure . 5 2 Energy Efficiency in Modern Processor Design 7 2.1 Transistor Level Power Dissipation . 7 2.1.1 Static Dissipation . 8 2.1.2 Dynamic Dissipation . 9 2.1.3 Energy Efficiency Metrics . 9 2.2 Transistor Level Energy Efficiency Techniques . 10 2.2.1 Clock Gating and Vdd Gating . 10 2.2.2 Technology Scaling . 11 2.2.3 Voltage Scaling . 11 2.2.4 Logic Optimisation . 11 2.3 Architecture & Software Level Efficiency Techniques . 11 2.3.1 Activity Factor Reduction . 12 2.3.2 Delay Reduction . 12 2.3.3 Low Power Scheduling . 12 2.3.4 Frequency Scaling . 13 2.4 Branch Prediction . 13 2.4.1 The Branch Problem . 13 2.4.2 Dynamic and Static Prediction . 14 2.4.3 Dynamic Predictors . 15 2.4.4 Power Consumption . 18 2.5 Summary . 18 3 Related Techniques 20 3.1 The Prediction Probe Detector (Hardware) . 20 3.1.1 Implementation . 20 3.1.2 Pipeline Gating . 22 i 3.2 Software Based Approaches . 23 3.2.1 Hinting and Hint Instructions .
    [Show full text]
  • CS5460/6460: Operating Systems Lecture 6: Interrupts and Exceptions
    CS5460/6460: Operating Systems Lecture 6: Interrupts and Exceptions Several slides in this lecture use slides developed by Don Porter Anton Burtsev January, 2014 Why do we need interrupts? Remember: hardware interface is designed to help OS Why do we need interrupts? ● Fix an abnormal condition ● Page not mapped in memory ● Notifications from external devices ● Network packet received ● Preemptive scheduling ● Timer interrupt ● Secure interface between OS and applications ● System calls Two types Synchronous ● Exceptions – react to an abnormal condition ● Map the swapped out page back to memory ● Invoke a system call ● Intel distinguishes 3 types: faults, traps, aborts Asynchronous ● Interrupts – preempt normal execution ● Notify that something has happened (new packet, disk I/O completed, timer tick, notification from another CPU) Handling interrupts and exceptions ● Same procedure ● Stop execution of the current program ● Start execution of a handler ● Processor accesses the handler through an entry in the Interrupt Descriptor Table (IDT) ● Each interrupt is defined by a number ● E.g., 14 is pagefault, 3 debug ● This number is an index into the interrupt table (IDT) CPU Memory Interrupt descriptor Interrupt descriptor Interrupt descriptor ● Interrupt gate disables interrupts ● Clears the IF flag in EFLAGS register ● Trap gate doesn't ● IF flag is unchanged x86 interrupt table Device IRQs 128 = Linux System Call … … … 0 31 47 255 Software Configurable Reserved for the CPU Interrupts ● Each type of interrupt is assigned an index from
    [Show full text]
  • Constant-Time Foundations for the New Spectre Era
    Constant-Time Foundations for the New Spectre Era Sunjay Cauligiy Craig Disselkoeny Klaus v. Gleissenthally Dean Tullseny Deian Stefany Tamara Rezk¢ Gilles Barthe♠| yUC San Diego, USA ¢INRIA Sophia Antipolis, France ♠MPI for Security and Privacy, Germany |IMDEA Software Institute, Spain Abstract 1 Introduction The constant-time discipline is a software-based countermea- Protecting secrets in software is hard. Security and cryptog- sure used for protecting high assurance cryptographic imple- raphy engineers must write programs that protect secrets, mentations against timing side-channel attacks. Constant- both at the source level and when they execute on real hard- time is effective (it protects against many known attacks), ware. Unfortunately, hardware too easily divulges informa- rigorous (it can be formalized using program semantics), and tion about a program’s execution via timing side-channels— amenable to automated verification. Yet, the advent of micro- e.g., an attacker can learn secrets by simply observing (via architectural attacks makes constant-time as it exists today timing) the effects of a program on the hardware cache[16]. far less useful. The most robust way to deal with timing side-channels This paper lays foundations for constant-time program- is via constant-time programming—the paradigm used to im- ming in the presence of speculative and out-of-order exe- plement almost all modern cryptography [2, 11, 12, 26, 27]. cution. We present an operational semantics and a formal Constant-time programs can neither branch on secrets nor definition of constant-time programs in this extended setting. access memory based on secret data.1 These restrictions Our semantics eschews formalization of microarchitectural ensure that programs do not leak secrets via timing side- features (that are instead assumed under adversary control), channels on hardware without microarchitectural features.
    [Show full text]
  • CS152: Computer Systems Architecture Virtual Memory
    CS152: Computer Systems Architecture Virtual Memory Sang-Woo Jun Winter 2019 Large amount of material adapted from MIT 6.004, “Computation Structures”, Morgan Kaufmann “Computer Organization and Design: The Hardware/Software Interface: RISC-V Edition”, and CS 152 Slides by Isaac Scherson So far… Operating System goals: o Protection and privacy: Processes cannot access each other’s data o Abstraction: OS hides details of underlying hardware • e.g., processes open and access files instead of issuing raw commands to disk o Resource management: OS controls how processes share hardware resources (CPU, memory, disk, etc.) Key enabling technologies: o User mode + supervisor mode w/ privileged instructions o Exceptions to safely transition into supervisor mode o Virtual memory to provide private address spaces and abstract the machine’s storage resources (today!) Remember context switching All running processes still share the same memory space o Does not support isolation between processes o e.g., If process 1 uses too much stack space, it will overrun process 2’s stack space o e.g., If process 1 maliciously writes to random address regions, it can overwrite process 2’s stack space Stack Stack Stack Timer Jump to Process 1 Process 1 Process 1 Stack pointer interrupt Proc1’s register values process 2 Proc1’s register values Stack pointer Process 2 Process 2 Proc2’s register values Stack pointer Isolation solution: Virtual Memory Illusion of a large, private, uniform store Virtual address o Address generated by a process (given to LW, SW,
    [Show full text]
  • ARM Cortex-A Series Programmer's Guide
    ARM® Cortex™-A Series Version: 4.0 Programmer’s Guide Copyright © 2011 – 2013 ARM. All rights reserved. ARM DEN0013D (ID012214) ARM Cortex-A Series Programmer’s Guide Copyright © 2011 – 2013 ARM. All rights reserved. Release Information The following changes have been made to this book. Change history Date Issue Confidentiality Change 25 March 2011 A Non-Confidential First release 10 August 2011 B Non-Confidential Second release. Updated to include Virtualization, Cortex-A15 processor, and LPAE. Corrected and revised throughout 25 June 2012 C Non-Confidential Updated to include Cortex-A7 processor, and big.LITTLE. Index added. Corrected and revised throughout. 22 January 2014 D Non-Confidential Updated to include Cortex-A12 processor, Cache Coherent Interconnect, expanded GIC coverage, Multi-core processors, Corrected and revised throughout. Proprietary Notice This Cortex-A Series Programmer’s Guide is protected by copyright and the practice or implementation of the information herein may be protected by one or more patents or pending applications. No part of this Cortex-A Series Programmer’s Guide may be reproduced in any form by any means without the express prior written permission of ARM. No license, express or implied, by estoppel or otherwise to any intellectual property rights is granted by this Cortex-A Series Programmer’s Guide. Your access to the information in this Cortex-A Series Programmer’s Guide is conditional upon your acceptance that you will not use or permit others to use the information for the purposes of determining whether implementations of the information herein infringe any third party patents. This Cortex-A Series Programmer’s Guide is provided “as is”.
    [Show full text]