DOCSLIB.ORG

EDP" and EFT '~ F 'F SECURITY 1 '"

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
EDP If you have issues viewing or accessing this file, please contact us at NCJRS.gov. (,) ~\ .. 1.1 " r,' ' FDIPrf;lparf.)d by 'Pivisi,onof Man­ o '~!lement Svstem~ and, Finan- " clal Statistics/Federal Deposit f) Insl,mmce Corporation, Wash· ington, 0.t.20429 o o \), ! \' A GU~IDE, TO" EDP" AND EFT '~ f 'f SECURITY 1 '" ',I t o~BASED "ON '. o OCCUPATIONS fl, o o 'Z:) ------.----~~--------- A GUIDE TO EDP AND EFT SECURITY BASED ON OCCUPATIONS NOVEfviBER 1977 , , Prepared by: Division of Management Systems and Financial Statistics Federal Deposit Insurance Corporation Washington, D.C. 20429 Consultants: Don B. Parker and Russell Dewey SRI International TABLE OF CONTENTS I INTRODUCTION. .. 3 Pu rpose .................................. , ............ , ........ , 3 Limitations. .. 3 Applicability To Small Organizations. .. 3 II EXECUTIVE SUMMARY .............................. , . .. 5 III THE EDP AND EFT ENVIRONMENT.. ..... .. .. .. ........... 7 EFT Network (Figure 1). • . .. 8 Occupations by Employers (Figure 2) .................................. 10 IV BASIC SECURITY MEASURES ...............•..............•....... 11 V CLASSES OF VULNERABILITIES ...........................•....... 13 Class I - Physical ................................................. 13 Class II - Transactional. ........................................... , 13 Class III - Programming ........................................... , 13 Class IV - Electronic ............................................. , 13 Vulnerabilities by Occupation (Figure 3) ............................... 13 Vulnerabilities by EDP Controls and Audit Tools and Techniques (Figure 4) .... 14 VI EDP AUDIT TOOLS AND TECHNIQUES ..............•.......•....... 15 Introduction .............................................•....... 15 EDP Audit Tools and Techni'lues by Occupation Applicability (Figure 5) ...... 15 Ranking of Occupations by Number of Applicable Tools and Techniques. .• 15 Ranking of Tools and Techniques by Number of Occupations Affected ....... , 16 Page Listing of Audit Tools and Techniques Descriptions ................... 16 Descriptions of Audit Tools and Techniques .....................•....... 17 VII EDP CONTROLS .......•................................... '" ... 27 Introduction ..............•.............................. , . • . .. 27 EDP Controls by Occupation Applicability (Figure 6) ..................... 27 Ranking of Occupations by Number of Applicable Controls ...............• 27 Object of Controls ....................•..................•....... 27 Responsibility for Controls ................................•....... 27 Ranking of Controls by Number of Occupations Affected ............ , ..... 28 Page Listing of EDP Controls Descriptions .............................. 28 Types of EDP Controls ............................................. 29 VIII OCCUPATION VULNERABILITIES .................................. 33 Introduction ........................................ : . .. 33 Knowledge by EDP and EFT Occupations (Figure 7) ...................... 35 Skills by EDP and EFT Occupations (Figure 8) .••.......••....... , ....... 35 Physical Access by EDP and EFT Occupations (Figure 9) ................... 36 Functional Access by EDP and EFT Occupations (Figure 10) ................ 36 Page Listing of Occupation Descriptions ................................ 37 Descriptions of Occupations. .. 38 IX CONCLUSION ................................................... 79 Vulnerabilities .................................................... 79 Controls and Audits Tools and Techniques ................•............. 79 Occupational Access. • . • • . • . • . • • . .. 80 Skills and Knowledge .....................•........................ 80 I INTRODUCTION Purpose - This guide is part of a set of papers on • conclusion, including issues and problems the subject of Electronic Funds Transfer (EFT).* concerning the vulnerabilities and remedies The primary purpose of this guide is to supply all Other sections of this guide provide the fellow­ people charged with the safe use of E DP (whether ing: in traditional financial institutions or in EFT) with • a ')ummary for executives (Section II) a means of more effectively providing for and eval­ uating EDP and data communications security • a descri ption of the E DP and EFT environ­ from the source of vulnerabilities - people in EFT ment (Section III) and banking related EDP occupations. • general remedies which apply to EDP and Losses are growing from accidental and inten­ EFT personnel ~Section IV) tional acts involving computers and data communi­ • classification of vulnerabilities (Section V) cations in financial institutions. Current estimated • descriptions of applicable EDP audit tools and losses from credit card fraud alone are $500 mil­ techniques (Section VI) lion and could rise to $6-10 billion by 1986 (Frost • descriptions of EDP controls (Section VII) and Sullivan, as reported in Bank Systems and • concluding recommendations (Section IX) Equipment Journal, June 1977). Of even greater Tables are included throughout the guide which concern is the growing potential for single in­ cross-refer occupations with remedies. stances of massive loss through EF-T. As EFT grows, participants will become highly dependent limitations - No guide on vulnerability and secur­ on continuously available computer services in ity can completely and directly apply to each EDP which most of their assets are stored in electronic organization. Variations in job descriptions, system form. Fortunately, the use of automated systems configurations, organizations, environments, and offers a great potential for prevention, effective procedures require adaptation of the information detection, and recovery from such losses. This and advice presented. The occupations included are guide describes ways to put that potential to use. based on a depiction of the EDP and EFT environ­ Losses, whether intentional or accidental, can ments described in this guide (Section III). The only be caused by two sources: natural events. vulnerabilities (Section V) are based on four (such as storms) or people. This guide focuses on classes! physical, transactional, programming, and the people who have the skills, knowledge, and electronic. The audit tools and techniques and the necessary access to cause material losses. Exam­ EDP controls (Sections VI and VII) were selected iners, certified public accountants, internal audio from the Institute of Internal Auditors Systems tors, security special ists, and line managers need to Auditability and Control reports (1977). which understand the vulnerabilities caused by various describe the current state of the art of E DP audit­ groups of people. This understanding is essential in ing. providing adequate security from losses. To meet If the observed practices among EFT participant that objective, this guide identifies most of these organizations differ from those prescribed in this groups, describes the related vulnerabilities, and guide, the guide users should not immediately offers advice on protection. assume they have found weaknesses in the organi­ The principal section of this guide, Occupation zation. As there are few standards or generally Vulnerabilities (Section VIII), contains a vulner­ accepted practices in the computer field, many ability analysis and two-page description of each of variations and deviations from descriptions and twenty EDP related occupations in financial insti­ statements in this guide will be found. When differ­ tutions and EFT. Ea':!/l description includes the ent practices occur, the guide user should consider I' following information: the factors of the particular situation. The differ­ .. job functions ent practices may be as beneficial as the practices I. recommended in this guide. • probable EFT employers Applicability to Small Organizations - The small • knowledge, skills, and work area access EFT merchant or financial institution has serious needed in the occupation related to the posi­ vulnerabilities and often more difficult protection tion of trust problems than the large organization. Although the • vulnerabilities of an EDP system related to small organization has the same exposure as the accidental and intentional acts that might be large organization, it has less resources to Jevote to perpetrated by an individual in this position security. Assuming a network is only as safe as its • audit tools and tech niques and E DP controls which could reduce the identified vulnerabil­ *Other publications in the series are listed on the last page of this ities guide. 3 weakest link, the exposure of the small EFT mer­ chant or institution adds to the exposure of other EFT participants in the same network. Larger net­ work participants may resist interfacing their elec­ tronic functions with those of smaller EFT partic­ ipants until certain standards are met. 4 II EXECUTlVE SUMMARY This guide was written to help ensure the safe by programmers and engineers. Only computer use of computer and data communications tech­ center controls and application system develop­ nology. It was designed for bank examiners who ment controls were found to effectivelY apply to evaluate audit effectiveness, for auditors who eval­ programming and electronic classes of vulnerabil­ uate computer systems and networks security, and ities. Few apply to transaction and physical vu Iner­ for E DP managers who are responsible for the per­ abilities. formance of their employees. We face a problem today with the advancing use Guides to electronic data
Load more

Recommended publications
  • Software Process Validation: Quantitatively Measuring the Correspondence of a Process to a Model
    Software Process Validation: Quantitatively Measuring the Correspondence of a Process to a Model JONATHAN E. COOK New Mexico State University and ALEXANDER L. WOLF University of Colorado To a great extent, the usefulness of a formal model of a software process lies in its ability to accurately predict the behavior of the executing process. Similarly, the usefulness of an executing process lies largely in its ability to fulfill the requirements embodied in a formal model of the process. When process models and process executions diverge, something significant is happening. We have developed techniques for uncovering and measuring the discrepancies between models and executions, which we call process validation. Process validation takes a process execution and a process model, and measures the level of correspon- dence between the two. Our metrics are tailorable and give process engineers control over determining the severity of different types of discrepancies. The techniques provide detailed information once a high-level measurement indicates the presence of a problem. We have applied our process validation methods in an industrial case study, of which a portion is described in this article. Categories and Subject Descriptors: D.2.6 [Software Engineering]: Programming Environ- ments; K.6.3 [Management of Computing and Information Systems]: Software Manage- ment—software development; software maintenance General Terms: Management Additional Key Words and Phrases: Balboa, process validation, software process, tools This work was supported in part by the National Science Foundation under grants CCR-93- 02739 and CCR-9804067, and the Air Force Materiel Command, Rome Laboratory, and the Defense Advanced Research Projects Agency under Contract Number F30602-94-C-0253.
    [Show full text]
  • Oracle® Developer Studio 12.5
    ® Oracle Developer Studio 12.5: C User's Guide Part No: E60745 June 2017 Oracle Developer Studio 12.5: C User's Guide Part No: E60745 Copyright © 2016, 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.
    [Show full text]
  • Software Analysis Handbook: Software Complexity Analysis and Software Reliability Estimation and Prediction
    Technical Memorandum 104799 Software Analysis Handbook: Software Complexity Analysis and Software Reliability Estimation and Prediction Alice T. Lee Todd Gunn (NASA-TM-I04799) SOFTWARE ANALYSIS N95-I1914 Tuan Pham HANDBOOK: SOFTWARE COMPLEXITY Ron Ricaldi ANALYSIS AND SOFTWARE RELIABILITY ESTIMATION AND PREDICTION (NASA. Unclas Johnson Space Center) 96 p G3159 0023056 August 1994 ..0 National Aeronautics and Space Administration Technical Memorandum 104799 Software Analysis Handbook: Software Complexity Analysis and Software Reliability Estimation and Prediction Alice T. Lee Safety, Reliability, & Quaflty Assurance Office Lyndon B. Johnson Space Center Houston, Texas Todd Gunn, Tuan Pham, and Ron Ricaldi Loral Space Information Systems Houston, Texas National Aeronautics and Space Administration Thispublication is available from the NASA Center for AeroSpace Information, 800 Elkridge Landing Road, Linthicum Heights, MD 21090-2934, (301) 621-0390. Summary The purpose of this handbook is to document the software analysis process as it is performed by the Analysis and Risk Assessment Branch of the Safety, Reliability, and Quality Assurance Office at the Johnson Space Center. The handbook also provides a summary of the tools and methodologies used to perform software analysis. This handbook is comprised of two sepa- rate sections describing aspects of software complexity and software reliability estimation and prediction. The body of this document will delineate the background, theories, tools, and analysis procedures of these approaches. Software complexity analysis can provide quantitative information on code to the designing, testing, and maintenance organizations throughout the software life cycle. Diverse information on code structure, critical components, risk areas, testing deficiencies, and opportunities for improvement can be obtained using software complexity analysis.
    [Show full text]
  • Oracle® Developer Studio 12.6
    ® Oracle Developer Studio 12.6: C++ User's Guide Part No: E77789 July 2017 Oracle Developer Studio 12.6: C++ User's Guide Part No: E77789 Copyright © 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.
    [Show full text]
  • Programming by Brian W
    6sun® • microsystems PrograInIning Utilities for the Sun Workstation® Sun Microsystems, Inc. • 2550 Garcia Avenue • Mountain View, CA 94043 • 415-960-1300 Credits and Acknowledgements The chapters of this manual were originally derived from the work of many people at Bell Laboratories, the Univer­ sity of California at Berkeley', and other noble institutions. Their names and the titles of the original works appear here. UNIX Programming by Brian W. Kernighan and Dennis M. Ritchie, Bell Laboratories, Murray Hill, New Jersey. Lint, a C Program Checker by S. C. Johnson, Bell Laboratories, Murray Hill, New Jersey. Make -A Program for Maintaining Computer Programs by S. I. Feldman, Bell Laboratories, Murray Hill, New Jersey. The M4 Macro Processor by Brian W. Kernighan and Dennis M. Ritchie, Bell Laboratories, Murray Hill, New Jersey. Lex - A Lexical Analyzer Generator by M. E. Lesk and E. Schmidt, Bell Laboratories, Murray Hill, New Jersey. Yacc - Yet Another Compiler-Compiler by Stephen C. Johnson, Bell Laboratories, Murray Hill, New Jersey. Source Code Control System User's Guide by L. E. Bonanni and C. A. Salemi, Bell Laboratories, Piscataway, New Jersey. Source Code Control System by Eric Allman, Formerly of Project Ingres, University of California at Berkeley. Trademarks Multibus is a trademark of Intel Corporation. Sun Workstation is a trademark of Sun Microsystems Incorporated. UNIX is a trademark of Bell Laboratories. Copyright © 1983, 1984, 1985, by Sun Microsystems. This publication is protected by Federal Copyright Law, with all rights reserved. No part of this publica­ tion may be reproduced, stored in a retrieval system, translated, transcribed, or transmitted, in any form, or by any means manual, electric, electronic, electro-magnetic, mechanical, chemical, optical, or otherwise, without prior explicit written permission from Sun Microsystems.
    [Show full text]
  • Fortran Programming Guide
    Sun Studio 12: Fortran Programming Guide Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 819–5262 Copyright 2007 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries. U.S. Government Rights – Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. This distribution may include materials developed by third parties. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, the Solaris logo, the Java Coffee Cup logo, docs.sun.com, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. The OPEN LOOK and SunTM Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry.
    [Show full text]
  • C Programmer's Guide
    C Programmer's Guide Part Number: 800-3844-10 Revision A of 27 March, 1990 Trademarks Sun Workstation® is a trademark of Sun Microsystems, Incorporated. SunOS1M is a trademark of Sun Microsystems, Incorporated. Copyright © 1989 Sun Microsystems, Inc. - Printed in U.S.A. All rights reserved. No part of this work covered by copyright hereon may be reproduced in any fonn or by any means - graphic, electronic, or mechanical - including photocopying, recording, taping, or storage in an infonnation retrieval system, without the prior written permission of the copyright owner. Restricted rights legend: use, duplication, or disclosure by the U.S. government is subject to restrictions set forth in subparagraph (c)(I)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 52.227-7013 and in similar clauses in the FAR and NASA FAR Supplement. The Sun Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun ack­ nowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user inter­ faces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun's licensees. This product is protected by one or more of the following U.S. patents: 4,777,485 4,688,190 4,527,232 4,745,407 4,679,0144,435,7924,719,5694,550,368 in addition to foreign patents and applications pending. • eo: Contents Chapter 1 U sing The Sun C Compiler ...................................................................... 1 1.1. Basics - Compiling and Running C Programs ...........................................
    [Show full text]
  • Fortran Programmer's Guide
    Fortran Programmer’s Guide Fortran 77 4.2 Fortran 90 1.2 SunSoft, Inc. A Sun Microsystems, Inc. Business 2550 Garcia Avenue Mountain View, CA 94043 USA 415 960-1300 fax 415 969-9131 Part No.: 802-5664-10 Revision A, December 1996 Copyright 1996 Sun Microsystems, Inc., 2550 Garcia Avenue, Mountain View, California 94043-1100 U.S.A. All rights reserved. This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Portions of this product may be derived from the UNIX® system, licensed from Novell, Inc., and from the Berkeley 4.3 BSD system, licensed from the University of California. UNIX is a registered trademark in the United States and other countries and is exclusively licensed by X/Open Company Ltd. Third-party software, including font technology in this product, is protected by copyright and licensed from Sun’s suppliers. RESTRICTED RIGHTS: Use, duplication, or disclosure by the U.S. Government is subject to restrictions of FAR 52.227- 14(g)(2)(6/87) and FAR 52.227-19(6/87), or DFAR 252.227-7015(b)(6/95) and DFAR 227.7202-3(a). Sun, Sun Microsystems, the Sun logo, Solaris, SunSoft, Sun WorkShop, Sun Performance WorkShop and Sun Performance Library are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc.
    [Show full text]
  • Oracle® Solaris 11.3 Linkers and Libraries Guide
    ® Oracle Solaris 11.3 Linkers and Libraries Guide Part No: E54813 March 2018 Oracle Solaris 11.3 Linkers and Libraries Guide Part No: E54813 Copyright © 1993, 2018, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S.
    [Show full text]
  • HP-UX to Oracle Solaris Porting Guide Getting Started on the Move to Oracle Solaris
    An Oracle White Paper October 2011 HP-UX to Oracle Solaris Porting Guide Getting Started on the Move to Oracle Solaris HP-UX to Oracle Solaris Porting Guide Chapter 1 Introduction...................................................................... 1 Oracle Solaris ................................................................................. 1 The Advantages of Porting to Oracle Solaris.................................. 2 Chapter 2 The Porting Process........................................................ 4 Infrastructure and Application Porting Assessment ........................ 4 Build Environment Deployment....................................................... 5 Data Integration .............................................................................. 5 Source Code Porting....................................................................... 6 Application Verification.................................................................... 6 Commercial Applications and Third-Party Products ....................... 6 Chapter 3 Operating System Considerations................................... 7 Processor Endianness .................................................................... 7 Data Alignment ............................................................................... 7 Read/Write Structures..................................................................... 8 Storage Order and Alignment ......................................................... 8 64-Bit Data Models ........................................................................
    [Show full text]
  • Oracle® Solaris Studio 12.4: Fortran User's Guide
    ® Oracle Solaris Studio 12.4: Fortran User's Guide Part No: E37076 March 2015 Copyright © 1991, 2015, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications.
    [Show full text]
  • Code Positioning in LLVM
    Code Positioning in LLVM Henrik Lehtonen Klas Sonesson September 22, 2017 Master’s thesis work carried out at the Department of Computer Science, Lund University. Supervisor: Jonas Skeppstedt, [email protected] Examiner: Krzysztof Kuchcinski, [email protected] Abstract Given the increasing performance disparity between processor speeds and memory latency, making efficient use of cache memory is more important than ever to achieve good performance in memory-bound workloads. Many modern first-level caches store instructions separately from data, making code layout and code size an important factor in the cache behavior of a program. This work investigates two methods that attempt to improve code locality, namely procedure splitting and procedure positioning, previously investigated by Pettis and Hansen. They are implemented in the open-source compiler framework LLVM to evaluate their effect on the SPEC CPU2000 benchmark suite and a benchmark run of the PostgreSQL database system. We found that our implementation is highly situational, but can be beneficial, reducing execution time by up to 3% on suitable SPEC benchmarks and an increase of 3% in average transactions per second on PostgreSQL. Keywords: Compiler optimization, Instruction caches, TLBs, LLVM, Code locality 2 Acknowledgements We would like to thank our supervisor Jonas Skeppstedt for his guidance, providing many tips and interesting discussions along the way. We would also like to thank our examiner Krzysztof Kuchcinski for his useful comments on the report. 3 4 Contents 1 Introduction 7 2 Background 9 2.1 Memory . .9 2.1.1 Caches . .9 2.1.2 Virtual memory and paging . 10 2.2 Program profiling .
    [Show full text]