DOCSLIB.ORG

Systems Support for Emerging Memory Technologies

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Systems Support for Emerging Memory Technologies Systems Support for Emerging Memory Technologies Von der Carl-Friedrich-Gauß-Fakultat¨ der Technischen Universitat¨ Carolo-Wilhelmina zu Braunschweig zur Erlangung des Grades eines Doktoringenieurs (Dr.-Ing.) genehmigte Dissertation von Vasily Sartakov geboren am 25.09.1985 in Tscheljabinsk Eingereicht am: 21.12.2018 Disputation am: 03.05.2019 1. Referent: Prof. Dr. R ¨udigerKapitza 2. Referent: Prof. Dr. Christof Fetzer (2019) ii Kurzfassung Vertrauenswurdigkeit¨ und Skalierbarkeit sind die beiden maßgeblichen Faktoren, die die Verbreitung von Clouds behindern. Die Moglichkeit¨ privilegierter Zugriffe auf Kundendaten durch einen Cloudanbieter schrankt¨ die Nutzung von Clouds bei der Verarbeitung von sicherheitskritischen und vertraulichen Informationen ein. Clouddienste mit niedriger Latenz erfordern die Durchfuhrungen¨ von Berechnungen im Hauptspeicher und sind daher an Charakteristika von Dynamic RAM (DRAM) wie Kapazitat,¨ Dichte, Energieverbrauch und andere Aspekte gebunden. Zwei technologische Bereiche befassen sich mit diesen Faktoren: Etablierte Server Plattformen wie Intel Software Guard eXtensions (SGX) und AMD Secure Encrypted Virtualisation (SEV) stellen Erweiterungen fur¨ vertrauenswurdige¨ Ausfuhrung¨ in nicht vertrauenswurdigen¨ Umgebungen bereit. Verschiedene Technologien von nicht fluchtigem¨ Speicher bieten bessere Kapazitat¨ und Speicherdichte verglichen mit DRAM, und konnen¨ daher in Zukunft als Alternative zu DRAM herangezogen werden. Jedoch benotigen¨ diese Technologien und Erweiterungen neuartige Ansatze¨ und Systemunterstutzung¨ bei der Programmierung, da diese der Systemarchitektur neue Funktionalitat¨ hinzufugen:¨ Systemkomponenten (Intel SGX) und Persistenz (nicht-fluchtiger¨ Speicher). Diese Dissertation widmet sich der Programmierung und den Architekturaspekten von persistenten und vertrauenswurdigen¨ Systemen. Fur¨ vertrauenswurdige¨ Systeme wurde eine detaillierte Analyse der neuen Architekturerweiterungen durchgefuhrt.¨ Außerdem wurden das neuartige “EActors” Framework und die “STANlite” Datenbank entwickelt, um die neuen Moglichkeiten¨ von vertrauenswurdiger¨ Ausfuhrung¨ effektiv zu nutzen. Daruber¨ hinaus wurde fur¨ persistente Systeme eine detaillierte Analyse zukunftiger¨ Speichertechnologien, deren Merkmale und mogliche¨ Auswirkungen auf die Systemarchitektur durchgefuhrt.¨ Ferner wurde das neue Hypervisor-basierte Persistenzmodell entwickelt und mittels NV-Hypervisor ausgewertet, welches transparente Persistenz fur¨ alte und proprietare¨ Software, sowie Virtualisierung von persistentem Speicher ermoglicht.¨ iii iv Abstract Trust and scalability are the two significant factors which impede the dissemination of clouds. The possibility of privileged access to customer data by a cloud provider limits the usage of clouds for processing security-sensitive data. Low latency cloud services rely on in-memory computations, and thus, are limited by several characteristics of DRAM such as capacity, density, energy consumption, for example. Two technological areas address these factors. Mainstream server platforms, such as Intel Software Guard eXtensions (SGX) and AMD Secure Encrypted Virtualisation (SEV) offer extensions for trusted execution in untrusted environments. Various technologies of Non-Volatile RAM (NV-RAM) have better capacity and density compared to DRAM and thus can be considered as DRAM alternatives in the future. However, these technologies and extensions require new programming approaches and system support since they add features to the system architecture: new system components (Intel SGX) and data persistence (NV-RAM). This thesis is devoted to the programming and architectural aspects of persistent and trusted systems. For trusted systems, an in-depth analysis of new architectural extensions was performed. A novel framework named EActors and a database engine named STANlite were developed to effectively use the capabilities of trusted execution. For persistent systems, an in-depth analysis of prospective memory technologies, their features and the possible impact on system architecture was performed. A new persistence model, called the hypervisor-based model of persistence, was developed and evaluated by the NV-Hypervisor. This offers transparent persistence for legacy and proprietary software, and supports virtualisation of persistent memory. v Table of Contents List of Abbreviations xi List of Figures xiv List of Tables xv 1 Introduction1 1.1 Main Contributions...............................6 1.2 Related publications..............................7 1.3 Organisation...................................7 2 Memory encryption and trusted execution9 2.1 Background................................... 10 2.1.1 Modern platforms for trusted execution in clouds......... 10 2.1.1.1 AMD Secure Encrypted Virtualisation.......... 10 2.1.1.2 Intel Software Guard eXtensions.............. 12 2.1.2 Challenges of SGX programming................... 16 2.1.2.1 Self-contained environment and high transition costs.. 16 2.1.2.2 EPC paging.......................... 18 2.1.3 Related works.............................. 19 2.1.3.1 Programming approaches................. 19 2.1.3.2 System support....................... 21 2.1.4 Conclusion............................... 23 2.2 EActors: an actor-based framework for trusted execution......... 25 2.2.1 General architecture and basic primitives.............. 27 2.2.1.1 EActors programming model............... 28 2.2.1.2 EActors runtime....................... 29 vii 2.2.1.3 Memory management and messaging.......... 31 2.2.2 Design and implementation of system components........ 31 2.2.2.1 Connectors and cargos................... 32 2.2.2.2 System actors......................... 36 2.2.2.3 Eactors Object Store..................... 37 2.2.3 Microbenchmark and use cases.................... 43 2.2.3.1 Microbenchmarking inter-enclave communication... 43 2.2.3.2 Secure multi-party computation service......... 44 2.2.3.3 XMPP instant messaging service.............. 46 2.2.4 Evaluation................................ 52 2.2.4.1 Inter-enclave communication............... 52 2.2.4.2 Secure multi-party computation service......... 53 2.2.4.3 XMPP instant message service............... 56 2.2.5 Related works.............................. 62 2.2.6 Summary................................ 64 2.3 STANlite: a database engine for secure data processing at rack-scale level 65 2.3.1 Towards an enclaved database with software-based paging... 66 2.3.1.1 Memory management in databases............ 66 2.3.2 Design.................................. 68 2.3.2.1 Threat model......................... 68 2.3.2.2 Communication layer.................... 69 2.3.2.3 Virtual Memory Engine................... 69 2.3.3 Implementation............................. 70 2.3.3.1 SQLite as a core part of STANlite............. 70 2.3.3.2 Glue code........................... 71 2.3.3.3 Virtual memory engine................... 71 2.3.3.4 Networking.......................... 77 2.3.3.5 Dynamic reconfiguration.................. 81 2.3.4 Evaluation................................ 81 2.3.4.1 Platform and configurations................ 82 2.3.4.2 Microbenchmark....................... 83 2.3.4.3 Speedtest1 benchmark................... 85 viii 2.3.4.4 TPC-C benchmark...................... 88 2.3.5 Related works.............................. 90 2.3.6 Summary................................ 91 3 Non-volatile memory and persistent systems 93 3.1 Background................................... 95 3.1.1 Candidate technologies of persistent memory........... 95 3.1.1.1 Battery-backed RAM.................... 95 3.1.1.2 Phase-Change RAM..................... 96 3.1.1.3 Ferroelectric RAM...................... 97 3.1.1.4 Magnetoresistive RAM................... 98 3.1.1.5 Comparison......................... 99 3.1.2 Related works: persistent systems.................. 100 3.1.2.1 Memory controllers..................... 100 3.1.2.2 Architectures of persistent systems............ 102 3.1.3 Conclusion............................... 106 3.2 NV-Hypervisor................................. 107 3.2.1 Design and Architecture........................ 109 3.2.1.1 System architecture..................... 109 3.2.2 Persistent Virtual Machines...................... 111 3.2.3 Implementation............................. 111 3.2.3.1 Core services......................... 112 3.2.3.2 Virtual Persistent Memory................. 112 3.2.4 Evaluation................................ 117 3.2.4.1 Time to fixate a pVM.................... 117 3.2.4.2 VPM microbenchmark................... 118 3.2.4.3 Recovery of a cloud service................. 120 3.2.5 Related works.............................. 122 3.2.6 Summary................................ 123 4 Conclusion 125 4.1 Future work: Toward encrypted persistent systems............ 127 ix x List of Abbreviations AEX Asynchronous Enclave Exit . 18 API Application Programming Interface . 26 BBRAM Battery-backed RAM . 95 CERB Client Encrypted Request Buffer. .78 CPRB Client Plain text Request Buffer. .78 DAX Direct Access. .102 DB Database . 66 CONF CONFiguration section . 115 DMA Direct Memory Access . 11 ECC Error-correcting code . 101 EDL Enclave Description Language . 19 ELRANGE Enclave Linear Address Range . 13 EOS Eactors Object Store. .31 EPCM Enclave Page Cache Map . 12 EPC Enclave Page Cache . 12 FeRAM Ferroelectric RAM . 95 HDD Hard Disk Drive . 93 HLE Hardware Lock Elision . 31 IaaS Infrastructure-as-a-Service . .9 JID JabberID . 48 KVS Key-Value Store . 38 LRU Least Recently Used . 72 MAC Message Authentication
Load more

Recommended publications
  • Wind River Vxworks Platforms 3.8
    Wind River VxWorks Platforms 3.8 The market for secure, intelligent, Table of Contents Build System ................................ 24 connected devices is constantly expand- Command-Line Project Platforms Available in ing. Embedded devices are becoming and Build System .......................... 24 VxWorks Edition .................................2 more complex to meet market demands. Workbench Debugger .................. 24 New in VxWorks Platforms 3.8 ............2 Internet connectivity allows new levels of VxWorks Simulator ....................... 24 remote management but also calls for VxWorks Platforms Features ...............3 Workbench VxWorks Source increased levels of security. VxWorks Real-Time Operating Build Configuration ...................... 25 System ...........................................3 More powerful processors are being VxWorks 6.x Kernel Compatibility .............................3 considered to drive intelligence and Configurator ................................. 25 higher functionality into devices. Because State-of-the-Art Memory Host Shell ..................................... 25 Protection ..................................3 real-time and performance requirements Kernel Shell .................................. 25 are nonnegotiable, manufacturers are VxBus Framework ......................4 Run-Time Analysis Tools ............... 26 cautious about incorporating new Core Dump File Generation technologies into proven systems. To and Analysis ...............................4 System Viewer ........................
    [Show full text]
  • Intel® Atom™ Processor E6x5c Series-Based Platform for Embedded Computing
    PlAtfOrm brief Intel® Atom™ Processor E6x5C Series Embedded Computing Intel® Atom™ Processor E6x5C Series-Based Platform for Embedded Computing Platform Overview Available with industrial and commercial The Intel® Atom™ processor E6x5C series temperature ranges, this processor series delivers, in a single package, the benefits of provides embedded lifecycle support and the Intel® Atom™ processor E6xx combined is supported by the broad Intel® archi- with a Field-Programmable Gate Array tecture ecosystem as well as standard (FPGA) from Altera. This series offers Altera development tools. Additionally, a exceptional flexibility to incorporate a compatible, dedicated Power Management wide range of standard and user-defined Integrated Circuit (PMIC) solution may be I/O interfaces, high-speed connectivity, obtained from leading PMIC suppliers to memory interfaces, and process accelera- help minimize platform part count and tion to meet the requirements of a variety reduce bill of material costs and design of embedded applications in industrial, medi- complexity. Options include separate PMIC cal, communication, vision systems, voice and clock generator chips (available from over Internet protocol (VoIP), military, high- ROHM Co., Ltd.) or a single-chip solution performance programmable logic control- that integrates the voltage regulator and lers (PLCs) and embedded computers. clock generator (available from Dialog Semiconductor). The Intel Atom processor E6x5C series is a multi-chip, single-package device that Product Highlights reduces board footprint, lowers compo- • Single-package: A compact 37.5 x nent count, and simplifies inventory 37.5 mm, 0.8 mm ball pitch, multi-chip control and manufacturing. This compact device internally connects the Intel Atom design offers single-vendor support while processor E6xx with a user-programma- providing Intel Atom processors for ble FPGA.
    [Show full text]
  • Intel Atom® Processor C2000 Product Family for Microservers
    Intel® Atom™ Processor C2000 Product Family for Microservers PRODUCT BRIEF Maximize Efficiency for Your Lightweight Scale-Out Workloads Extreme Density and Energy-Efficiency for Low-End, Scale-Out Workloads With a need to rapidly deliver new services, cope with massive data growth, and contain costs, cloud service providers and hosters seek increasingly efficient ways to handle the demands on their infrastructure. Today’s servers based on Intel® Xeon® processors provide leadership performance and performance per watt with the flexibility to handle a wide range of workloads and peak demands. 2nd generation 64-bit However, certain lightweight, scale-out workloads—such as basic dedicated hosting, low-end static Intel® Atom™ Processor web serving, and simple content delivery can sometimes be hosted more efficiently on larger C2000 Product Family numbers of smaller servers built for extreme power efficiency. for microservers To address this need, Intel worked with a broad giving you the flexibility to right-size your infra- • Up to 7x higher7 perfor- ecosystem of leading server manufacturers to structure without limiting software mobility and mance, up to 6x better8 develop and deliver a variety of extreme low-power interoperability as your applications evolve. systems to support an emerging server category— performance/watt Optimized Platform Support microservers. With up to a 1,000 nodes1 per Intel provides complete microserver platform 9 rack and shared power, cooling, and networking • 6-20 watt TDP solutions that simplify implementation, improve resources, microservers can help you improve data overall efficiency and enable higher node density. • Up to 1000+ server center efficiency by right-sizing infrastructure for New innovations include: 10 relatively light processing requirements.
    [Show full text]
  • Debuggers, Programmers and Erasers Products May Be Rohs Compliant
    Debuggers, Programmers and Erasers Products may be RoHS compliant. Check mouser.com for RoHS status. USB2Wiggler Features: DEVELOPMENT PROGRAMMERS • Universal Serial Bus interface for JTAG and BDM debugging TopMaxII Programmer • Faster than the classic parallel port Wiggler • Fully compatible with all Macraigor Systems software Features: • Operates up to Hi-Speed USB rates (480Mb/s) • High speed device programmer and TTL/LOGIC/DRAM tester • One side interfaces to USB port of host IBM compatible PC, other • PC driven: USB 2.0 interface side connects to OCD (On-Chip Debug) port of target system • Device libraries > 18000 • Port may be JTAG, E-JTAG, OnCE, COP, BDM, or any of several • Standard 48-pin DIL ZIF socket other types of connections • Supported devices: EPROM, EEPROM, FLASH (NOR/NAND) Programmers memory, PLD, FPGA, Serial PROM, Parallel PROM, CMOS USB2Demon Features: PROM, PIC and microcontrollers • Interfaces to USB 1.1 or USB 2.0 port of host PC on one side, other • B/P/V takes 65 sec. for 64Mbit flash memory • External start key for auto programming mode side connects to OCD (On-Chip Debug) port on target system • All socket adapters are available in stock (USA): PLCC, SOP, • Win 95/98/NT/2000/XP/Vista/Windows 7 • Simultaneously debugs up to 255 devices on a single scan chain SOIC, QFP, TSOP, SON, BGA, TSSOP, and TSOPII • Approved by CE • Supports configurable JTAG/BDM clock rates up to 20MHz • Supported low-voltages: 1.8/2.0/2.7/3.0/3.3/5.0 volt • Made in USA • Compatible with Windows and Linux hosts • Built-in AC (110-240) power supply • Free software update for lifetime • Supported versions of Linux: Red Hat 7.2-9 and Fedora Core 2 For quantities greater than listed, call for quote.
    [Show full text]
  • Intel Atom® Processor C3000 Series for Embedded and Iot Applications: Product Brief
    Product brief Internet of Things Intel Atom® Processor C3000 Series Expanding Intelligence and Flexibility at the Edge Scalable, dense-compute SoC for demanding IoT workloads From the factory foor to the energy grid, airplanes to supply chains, the sensors, controls, gateways, and other connected devices of Internet of Things (IoT) are driving the next industrial revolution. As IoT continues its explosive growth, the need for intelligent devices for more specialized applications is also growing exponentially. Industrial, energy, aerospace, robotics, public sector, and other customers with demanding IoT workloads want new ways to easily extract value from their data, reduce their time to market, and innovate connected technologies quickly and efciently. Moreover, they increasingly require reliable IoT solutions that bring maximum performance and greater capabilities to an ever-expanding array of challenging locations and operating conditions. The Intel Atom® processor C3000 series extends low-power Intel® architecture into new segments and accelerates IoT innovation across a wide range of demanding environments and use cases. With high performance per watt, low thermal design power (TDP) of 9.5W, and up to 20 confgurable high-speed input/output (HSIO) lanes, and pin-to-pin compatibility, this new system-on-a-chip (SoC) family delivers next-generation, multicore performance and scalability for a broad variety of low-power, high-density, and fanless designs. Multicore scalability With the Intel Atom processor C3000 series, customers are able to scale performance and achieve workload consolidation in situations and use cases that uP to require very low power, high density, and high I/O integration. Designed in an FCBGA 34mm x 28mm compact form factor, this SoC-based CPU is manufactured on Intel’s optimized 14nm process technology, available from 2 to 12 cores from 2.3X 1.6 to 2.0 GHz, and includes up to 256 GB DDR4 2133 MHz ECC (SODIMM, UDIMM, better PerforMANce or RDIMM) of addressable memory.
    [Show full text]
  • Designed to Engage Students and Empower Educators
    PRODUCT BRIEF Intel® classmate PC – Convertible Intel® Celeron® Processors 847/NM70 (dual-core) Part of Intel® Education Solutions Designed to Engage Students and Empower Educators Designed to make learning more fun, creative, and engaging, the Intel® classmate PC – convertible brings together the best of Windows* 8 touch and keyboard experiences, the amazing performance of Intel® Celeron® processors, and Intel® Education Software. The new Intel classmate PC – convertible keeps students excited about learning. With the flip of the display, it quickly transforms from a full-featured PC to convenient tablet—with pen— making it easy to adapt the device to the teaching method and learning task at hand. Whether gathering field data with the HD camera and notating it with the pen, or analyzing, interpreting, and reporting results using collaborative Intel Education Software, the convertible classmate “The Intel classmate PC – convertible PC is designed for education and engineered for students to develop the 21st century skills needed to succeed in today’s global economy. creates an ecosystem of digital learning which encompasses 1:1 Highlights: technologies, independent learning, • Two devices in one: tablet and full-feature PC digital creativity, device management, • Supports both Windows 8 desktop and touch modes and learning beyond school. It is truly • Together with Intel Education Software, the convertible classmate PC is part of Intel Education Solutions versatile, easily catering for the • High Definition LCD display produces vivid
    [Show full text]
  • Intel Atom® P5900 Processors for 5G Network Edge Acceleration
    PRODUCT BRIEF | Intel Atom® P5900 Processors ADVANCED PERFORMANCE FOR 5G WIRELESS BASE STATIONS As the radio access network (RAN) infrastructure of wireless carriers evolves to meet the intense demands of 5G, additional compute is required at the edge of the network. Careful consideration is critical across the board—from overarching design down to the selection of key components in base transceiver station equipment—for 5G networks to reliably meet the demands of next-generation service opportunities with lower latencies, higher bandwidth, and increased network capacity. RAN INFRASTRUCTURE EVOLUTION Intel has never had a stronger or more comprehensive portfolio of solutions to enable the RAN. From Intel® Xeon® Scalable processors to Intel Atom® processors, FPGAs, ASICS, and more, Intel continues to deliver cutting-edge hardware for 5G infrastructure. Even so, it’s our significant investments in software that enable service providers to make the most of our hardware, from drivers and operating systems up through entire production-quality software stacks. This interconnected platform of hardware and software allows service providers to get to market quickly while still offering the flexibility needed to address various deployment scenarios. Furthermore, with the increasing adoption of innovations found in cloud deployments, service providers are realizing the benefits of extending a platform combining common cloud software with Intel® architecture-based hardware from the core to the edge. A common software ecosystem for platform virtualization and customer applications—using a common Intel instruction set architecture across the infrastructure—enables faster deployment of new software and features while also making new service offerings and revenue models possible. PRODUCT BRIEF | Intel Atom® P5900 Processors AN EXCITING NEW CLASS OF EDGE PROCESSORS Intel Atom P5900 processors are the first of an all-new class of high-throughput, low-latency Intel Atom P processors for high-density network edge and security solutions.
    [Show full text]
  • Intel® Embedded Software Development Tool Suite for Intel® Atom™ Processor
    Intel® Embedded Software Development Tool Suite For Intel® Atom™ processor Turbocharge your code for Intel® Atom™ processor-based Product Brief embedded systems Intel® Embedded Software High Performance Data, Media and Signal Powerful Application and JTAG-based Development Tool Suite Processing Libraries Debug for Intel® Atom™ processor High Performance C/C++ Compiler Advanced Performance Analysis Tool Benefit from a comprehensive software development tools solution for your Intel® Atom™ processor- based embedded system designs and application software development. Coding, compiling, debugging and performance tuning made simple. The Intel® Embedded Software Development Tool Suite for Intel® Atom™ processor is a complete solution that addresses embedded software development requirements for Intel® Atom™ processor- powered platforms such as embedded systems, tablets, netbooks, smartphones, IVI and other CE devices. The Embedded Software Development Tool Suite covers the entire software development cycle: coding, compiling, debugging, and analyzing performance. All included tools are Linux* hosted, are compatible with GNU tools, and support multiple Linux* OS based targets. Intel® C++ Compiler for Linux* Intel® Integrated Performance Primitives for Linux* Intel® Application Debugger for Intel® Atom™ processor Intel® JTAG Debugger for Intel® Atom™ processor Intel® VTune™ Amplifier XE for Linux* Compatibility and support for Linux* based targets e.g. Yocto Project* Features and Benefits Feature Benefits Intel® C++ Compiler Boost
    [Show full text]
  • Intel® Quark™ SE Microcontroller
    Bringing intelligence to the internet of things Introducing the Intel® Quark™ SE Microcontroller John Moore Intel IoT Application Engineer 2nd Nov 2016 Legal Disclaimers You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty- free license to any patent claim thereafter drafted which includes subject matter disclosed herein No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Copies of documents which have an order number and are referenced in this document may be obtained by calling 1-800-548-4725 or by visiting: http://www.intel.com/design/literature.htm Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/performance. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com.
    [Show full text]
  • Operating System Platforms
    Wind River Embraces IOT Zuo Yun: [email protected] © 2014 Wind River All rights reserved Wind River at a glance Aerospace & Defense Automotive Network Equipment Industrial & Medical Mobile & Consumer Applied Signal AWTC Europe Alcatel-Lucent ABB Canon BAE Systems BMW ARRIS Agilent Dell Boeing Bosch Avaya AREVA Epson EADS Clarion Ciena Bombardier Fuji-Xerox Elbit Group Continental Dialogic Emerson Electric IBM Finmeccanica Daimler Ericsson General Electric Intel General Dynamics Delphi Fujitsu Hitachi Medical Konica Minolta General Electric Fiat GENBAND Intel LG Electronics Harris Fujitsu Hitachi Invensys NEC Honeywell General Motors Huawei KUKA Oki ITT Harmann Hypercom Mitsubishi Industrial Prima Cinema L3 Communications HKMC Intel Mitsubishi Electric Qualcomm Lockheed Honda Kapsch Nikon Ricoh NASA Johnson Controls Kyocera Panasonic Samsung Northrop Grumman Mobis Motorola Philips Medical Sharp Orbital Sciences Nissan NEC Rockwell Automation SK Telecom Raytheon PSA Peugeot Citroen Nokia Schneider Electric Sony Rockwell Collins Renault Samsung Siemens Texas Instruments Thales Toyota Tellabs Sirona Dental Systems Toshiba U.S. Navy Valeo Group ZTE Toshiba Xerox Network Transformation App App “The Cloud” Private Cloud NFV Communications INTERNET Embedded Cloud SDN Data Center Big Data GATEWAY Cost Reductive LAN IoT Devices The Drive to 50 Billion Devices Intelligent Intelligent Devices Intelligent Systems Decision Making Cloud Networks Intelligent
    [Show full text]
  • Intel® SGX Trusted Computing Base (TCB) Recovery
    White Paper Intel® Software Guard Extensions (Intel® SGX) Intel® SGX Trusted Computing Base (TCB) Recovery Scope We designed Intel® Software Guard Extensions (Intel® SGX) with the ability to update it in order to address any issues that might arise in the future. Merely providing this update mechanism, however, is not sufficient for a secure service infrastructure: if a client’s update is voluntary, then the remote service could be communicating with a client that is out of date and subject to security vulnerabilities. To address this issue, Intel SGX was also given the means to cryptographically prove, via remote attestation, that the client update has taken place. The mechanics of this process have been outlined in the whitepaper titled “Intel® Software Guard Extensions: EPID Attestation and Services”[1]. Until now, Intel has not fully described the effects of performing an Intel SGX Trusted Computing Base (TCB) recovery on the end-user and developer community. This paper is intended to close this gap. Intel SGX Attestation Review Attestation is the process of demonstrating that a software executable has been properly instantiated on a platform. Intel SGX Attestation allows a remote party to gain confidence that the intended software is securely running within an enclave on a fully patched, Intel SGX enabled platform. The attestation conveys the following information in an assertion: The identities of software being attested. The details of unmeasured state (e.g., the mode software is running in). Data that the software associates with itself. Intel SGX uses an asymmetric attestation key, representing the Intel SGX Trusted Computing Base, to sign an assertion with the above information.
    [Show full text]
  • Intel® Atom™ Processor E3800 the Latest Low Power Platform E3800 Family Platform for Intelligent Systems
    Intel® Atom™ Processor E3800 The Latest Low Power Platform E3800 Family Platform for Intelligent Systems tŚŝůĞĚĞƐŝŐŶĞĚƚŽďĞĂƚƌƵĞƚĞƐƚŽĨ/ŶƚĞů͛ƐƉĞƌĨŽƌŵĂŶĐĞŝŶƚŚĞƵůƚƌĂŵŽďŝůĞƐƉĂĐĞ͕^ŝůǀĞƌŵŽŶƚŝƐƚŚĞĮƌƐƚƚƌƵĞĂƌĐŚŝƚĞĐƚƵƌĞ ƵƉĚĂƚĞƚŽ/ŶƚĞů͛ƐƚŽŵƉƌŽĐĞƐƐŽƌƐŝŶĐĞŝƚƐŝŶƚƌŽĚƵĐƟŽŶŝŶϮϬϬϴ͘>ĞǀĞƌĂŐŝŶŐ/ŶƚĞů͛ƐĮƌƐƚϮϮŶŵƉƌŽĐĞƐƐĂŶĚĂǀĞƌLJůŽǁƉŽǁĞƌͲ ŵŝĐƌŽĂƌĐŚŝƚĞĐƚƵƌĞ͕^ŝůǀĞƌŵŽŶƚĂŝŵƐƐƋƵĂƌĞůLJĂƚƚŚĞůĂƚĞƐƚ<ƌĂŝƚĐŽƌĞƐĨƌŽŵYƵĂůĐŽŵŵĂŶĚZD͛ƐŽƌƚĞdžϭϱ͘ĂƐĞĚŽŶ ^ŝůǀĞƌŵŽŶƚ͕/ŶƚĞůΠŝŶƚƌŽĚƵĐĞƐϯϴϬϬƉƌŽĚƵĐƚĨĂŵŝůLJ͕ĂƐĞƌŝĞƐŽĨƐLJƐƚĞŵŽŶĐŚŝƉ;^ŽͿĚĞƐŝŐŶĞĚĨŽƌůŽǁͲƉŽǁĞƌ͕ĨĞĂƚƵƌĞͲƌŝĐŚ ĂŶĚŚŝŐŚůLJͲĐĂƉĂďůĞĂƉƉůŝĐĂƟŽŶƐ͘ ϯϴϬϬƉƌŽĚƵĐƚĨĂŵŝůLJƚĂŬĞƐƵƉƚŽĨŽƵƌ^ŝůǀĞƌŵŽŶƚĐŽƌĞƐ͕ĂŶĚĨŽƌƚŚĞĮƌƐƚƟŵĞŝŶĂŶƵůƚƌĂŵŽďŝůĞ/ŶƚĞů^Ž͕ŝƐƉĂŝƌĞĚǁŝƚŚ /ŶƚĞů͛ƐŽǁŶŐƌĂƉŚŝĐƐ/W͘/ŶŽƚŚĞƌǁŽƌĚƐ͕ƌĂƚŚĞƌƚŚĂŶƵƐŝŶŐĂ'WhďůŽĐŬĨƌŽŵ/ŵĂŐŝŶĂƟŽŶdĞĐŚŶŽůŽŐŝĞƐ͕E3800 product family leverages the same GPU architecture as the 3rdŐĞŶĞƌĂƟŽŶ/ŶƚĞůŽƌĞƉƌŽĐĞƐƐŽƌƐ;ĐŽĚĞŶĂŵĞĚ/ǀLJƌŝĚŐĞͿ͘ Silvermont Core Highlights Better Performance Better Power Efficiency 22nm Architecture 200 250 150 300 100 350 50 400 0 450 500 Out-of-order execuon engine Wider dynamic operang range 3D Tri-gate transistors tuned for New mul-core and system fabric Enhanced acve and idle power SoC products architecture management Architecture and design co-opmized with the process New IA instrucons extensions (Intel Core Westmere Level) Bay Trail: Not just for Atoms anymore E3800 product family combines a CPU based on Intel’s new Silver- mont architecture with a GPU that is architecturally similar to (but 4xPCIe* less powerful than) the HD 4000 graphics engine integrated in the 3rdŐĞŶĞƌĂƟŽŶ/ŶƚĞůΠŽƌĞƉƌŽĐĞƐƐŽƌƐůĂƵŶĐŚĞĚŝŶĞĂƌůLJϮϬϭϮ͘dŚĞƐĞ
    [Show full text]