conf-isca-2006
Transcript of conf-isca-2006
-
8/6/2019 conf-isca-2006
1/27
An Integrated Framework for Dependable
and Revivable Architecture Using
Multicore Processors
Weidong Shi Motorola Labs
Hsien-Hsin Sean Lee Georgia Tech
Laura Falk University of Michigan
Mrinmoy Ghosh Georgia Tech
-
8/6/2019 conf-isca-2006
2/27
2
Problem Statement
Highly Available, Reliable, and Revivable networkedservices.
Explore new programming and usage models for Multi-
core processors
Provide architectural support for network services to be Autonomic
Remote-exploits revivable Self-recoverable
Achieve high performance
-
8/6/2019 conf-isca-2006
3/27
3
Problem Statement
Highly Available, Reliable, and Revivable networkedservices.
Explore new programming and usage models for
Multi-core processors
Provide architectural support for network services to be Autonomic
Remote-exploits revivable Self-recoverable
Achieve high performance
-
8/6/2019 conf-isca-2006
4/27
4
Toward Self-recovery Network Services
Causes of Network Service Loss
AccidentalTransient Heisenbugs Damage Aging
IntentionalDoS Buffer
Overflow
Solutions
Replication
Rejuvenation
Checkpoint
RemoteExploit Self-
recovery
-
8/6/2019 conf-isca-2006
5/27
5
Multicore: An ideal platform
Exploit insulation:
Each core of a multicore can be
programmed to run at different
privilege levels with different OS.
Dual Core (Merome)
ServerCore
Monitor
Core
SharedL2
Tight coupling of cores comparing with SMPFine-grained processor state monitoring
Concurrent monitoring, efficient state backup and recovery
Massive multi-core will have many idle cores
-
8/6/2019 conf-isca-2006
6/27
6
INDRA: A Dependable and Revivable Architecture
Monitor Core
L2 Cache
IL1
Cache
DL1
Cache
Monitor
Insulation
Issue Recovery
Control
Memory Interface
Watch Dog
Physical Memory Space(used by service OS and applications)
Protected Memory Space(monitor BIOS, OS, and SW)
Server Core(Network Apps)
IL1
Cache
DL1
Cache
TraceFilter
TraceFIFO
Code origin check
CFG check
Control signals
-
8/6/2019 conf-isca-2006
7/277
Data Page
Code Page
Monitor Core: Insulated Parallel Inspection[Kiriansky et al., USENIX 2002]
Vuln_func()
{
//Attack!!// Return address changed
}
FunctionA()
{
Vuln_func();A =3;
}
Malicious_func()
{}
Code Page
Code Origin Check
Control Flow Graph Check
Exception Handling
-
8/6/2019 conf-isca-2006
8/278
Server Core: Request Based Recovery
Issue state backuprequest
Read network request(Request for page
arch.ece.gatech.edu)
Process networkrequest
Monitor SignalledError?
No Yes
Restore CheckpointedState
-
8/6/2019 conf-isca-2006
9/279
Comparison of Backup and Recovery
Backup RecoveryApproach
Software
checkpointing Slow
Fast, modify page
translationMemory Update
Log FastLog based undo
slow
Virtual
Checkpointing
Copy dirty page on
demand, slow
Fast, modify TLB
entry
INDRAFast, no page copy Fast, no page
copy
-
8/6/2019 conf-isca-2006
10/2710
INDRA Backup Page Record
Active Page
Modified TLB
Global TimestampRegister (GT) GT=4
Backup Page
TLB Extension for Backup and Rollback
Dirty BlockBitvector
Backup Page(PhysicalAddress)
RollbackBitvector
RollbackValid
LocalTimestamp
Active Page(Physical Address)
Tag
Dirty BlockBitvector
Backup Page(PhysicalAddress)
LocalTimestamp
RollbackBitvector
RollbackValid
3
ProcessorMemory
-
8/6/2019 conf-isca-2006
11/2711
INDRA Backup Page Record
Active Page
Modified TLB
Global TimestampRegister (GT) GT=4
Backup Page
TLB Extension for Backup and Rollback
Backup Page RecordProcessorMemory
Dirty BlockBitvector
Backup Page(PhysicalAddress)
LocalTimestamp
RollbackBitvector
3
Dirty BlockBitvector
Backup Page(PhysicalAddress)
RollbackBitvector
BackpRecord
RollbackValid
LocalTimestamp
Active Page(Physical Address)
Tag
RollbackValid
3
-
8/6/2019 conf-isca-2006
12/2712
INDRA Recovery Example
Active Page
Global TimestampRegister (GT) GT=5
Backup Page
Modified TLB TLB Extension for Backup and Rollback
3
Dirty BlockBitvector
Backup Page(PhysicalAddress)
RollbackBitvector
BackupRecord
RollbackValid
LocalTimestamp
Active Page(Physical Address)
Tag
Current Operation
Wr memory line 7REQUEST n
5
-
8/6/2019 conf-isca-2006
13/2713
INDRA Recovery Example
Active Page
Global TimestampRegister (GT) GT=5
Backup Page
Modified TLB TLB Extension for Backup and Rollback
3
Dirty BlockBitvector
Backup Page(PhysicalAddress)
RollbackBitvector
BackupRecord
RollbackValid
LocalTimestamp
Active Page(Physical Address)
Tag
Current Operation
REQUEST n
5
Wr memory line 2
-
8/6/2019 conf-isca-2006
14/2714
INDRA Recovery Example
Active Page
Global TimestampRegister (GT) GT=5
Backup Page
Modified TLB TLB Extension for Backup and Rollback
3
Dirty BlockBitvector
Backup Page(PhysicalAddress)
RollbackBitvector
BackupRecord
RollbackValid
LocalTimestamp
Active Page(Physical Address)
Tag
REQUEST n
5
Failure Signal
Restore system resource allocationRestore process context
1
-
8/6/2019 conf-isca-2006
15/2715
INDRA Recovery Example
Active Page
Global TimestampRegister (GT) GT=5
Backup Page
Modified TLB TLB Extension for Backup and Rollback
3
Dirty BlockBitvector
Backup Page(PhysicalAddress)
RollbackBitvector
BackupRecord
RollbackValid
1
LocalTimestamp
Active Page(Physical Address)
Tag
REQUEST n+1
5
Current Operation
Rd memory line 7
-
8/6/2019 conf-isca-2006
16/2716
INDRA Recovery Example
Active Page
Global TimestampRegister (GT) GT=5
Backup Page
Modified TLB TLB Extension for Backup and Rollback
3
Dirty BlockBitvector
Backup Page(PhysicalAddress)
RollbackBitvector
BackupRecord
RollbackValid
1
LocalTimestamp
Active Page(Physical Address)
Tag
REQUEST n+1
5
Current Operation
Wr memory line 1
-
8/6/2019 conf-isca-2006
17/2717
INDRA Recovery Example
Active Page
Global TimestampRegister (GT) GT=5
Backup Page
Modified TLB TLB Extension for Backup and Rollback
3
Dirty BlockBitvector
Backup Page(PhysicalAddress)
RollbackBitvector
BackupRecord
RollbackValid
1
LocalTimestamp
Active Page(Physical Address)
Tag
REQUEST n+1
5
Current Operation
Handle Next Request Global TimestampRegister (GT) GT=6
Record system resource allocationRecord process context
-
8/6/2019 conf-isca-2006
18/2718
INDRA Recovery Example
Active Page
Global TimestampRegister (GT) GT=5
Backup Page
Modified TLB TLB Extension for Backup and Rollback
3
Dirty BlockBitvector
Backup Page(PhysicalAddress)
RollbackBitvector
BackupRecord
RollbackValid
1
LocalTimestamp
Active Page(Physical Address)
Tag
REQUEST n+2
5
Current Operation
Global TimestampRegister (GT) GT=6Wr memory line 4
6
-
8/6/2019 conf-isca-2006
19/2719
Test Bed (Bochs + TAXI [Vlaovic & Davidson, ICCD02])
Monitor(Stripped Down OS,Security SW, 10MB)
Linux NetworkServer
Bochs + TAXI
Host OS
NetworkRequests
ServerResponse
Run production OS with real service applications, httpd, ftpd,bind, sendmail, etc.
Recoverability evaluated by applying real x86 remoteexploits from security websites.
Experiment with documented exploits
-
8/6/2019 conf-isca-2006
20/2720
Inter-Request Interval (# of Instructions)
Average Network Request Interval(instructions/per request)
0
500000
1000000
1500000
2000000
2500000
ftp
http
bind
send
mail
imap nf
s
averag
e
-
8/6/2019 conf-isca-2006
21/27
21
I-Cache Miss RateL1 Miss Rate
0.0%
0.5%
1.0%
1.5%
2.0%
2.5%
3.0%
3.5%
4.0%
ftp http bind sendmail imap nfs average
Code Origin Check reads traces of code read from L2 Cache
Number of Instructions in the Trace is Proportional to L1 I Cache Miss Rate
Overhead of monitoring code origin depends on L1 I Cache Miss Rate
-
8/6/2019 conf-isca-2006
22/27
22
Monitoring Overhead
Request Response Time Slowdown
0
0.2
0.4
0.6
0.8
1
1.2
ftpd
http
dbi
nd
send
mail
imap nf
s
averag
e
-
8/6/2019 conf-isca-2006
23/27
23
Sensitivity of Monitoring Queue Size
1
1.1
1.2
1.3
1.4
1.5
1.6
8 16 32 64 128
Queue Size
Queue Size vs. Performance
Slowdo
wn
-
8/6/2019 conf-isca-2006
24/27
24
Backup Overhead of Modified Lines
Percentage of Modified Lines Requiring Backup
0%
2%
4%
6%
8%
10%
12%
14%
ftpd
http
dbi
nd
send
mail
imap nf
s
averag
e
-
8/6/2019 conf-isca-2006
25/27
25
Performance of Recovery + Monitoring
Slowdown of Service Response Time
1
1.2
1.4
1.6
1.8
2
2.2
2.4
2.6
2.8
ftpd httpd bind sendmail imap nfs average
Monitor+Backup Monitor+Backup+Rollback
-
8/6/2019 conf-isca-2006
26/27
26
Conclusions
Real time exploit monitoring with autonomic recoveryincreases revivability and availability.
Multicore architectures are an ideal candidate for new typeof revivable system.
INDRA-based Multicore system can provide improvedreliability and availability.
More research is required to explore the trade-off betweenavailability, performance, architecture design, and cost.
-
8/6/2019 conf-isca-2006
27/27
Questions and Answers
http://arch.ece.gatech.edu
Thank you !