Embed Size (px)
Citation preview
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors
Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh. (ISCA 2006)
Lecture:Juan Carlos Martinez Santos
Outline
Introduction Remote Attack Insulation and Service
Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
Introduction
Taxonomy of Network Service Loss
Introduction
INDRA – Integrated framework for Dependable and Revivable Architectures Self-healing network New programming model Exploits the characteristics of a multicore
processor
Introduction
Main advantages: Consolidated security and revivability. High efficiency monitoring, backup, and
recovery.
Outline
Introduction Remote Attack Insulation and Service
Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
Remote Attack Insulation and Service Revivability
Features in INDRA: The ability to implement a component
which is insulated from remote exploits. The ability to detect erroneous and
corrupted states during software execution.
The ability to automatically recover compromised services with minimal performance impact.
Remote Attack Insulation and Service Revivability
Thread and Fault Model Buffer overflow Privilege escalation Corruption of the application’s memory
space Denied of Service - DoS
Remote Attack Insulation and Service Revivability
Intrusion Revivable and Instant Recoverable Multi-core System INDRA tries to repair damages caused by
malicious request in real time. INDRA tries to process every received
service request.
Remote Attack Insulation and Service Revivability
Remote Attack Insulation and Service Revivability
Why Multi-core Processors? Multi-level Insulation Fine-grained Internal State Logging Tight Processor Core Coupling and
Control Reconfigurability
Outline
Introduction Remote Attack Insulation and Service
Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
INDRA Architecture
INDRA Architecture
Asymmetric Multi-core and Insulation Remote exploit insulation
Dual or multiple-systems Memory space isolation Network isolation
Boot sequence
INDRA Architecture
Monitoring and Introspection
INDRA Architecture
Monitoring and Introspection Function Call/Return Code Origin Inspection Control Transfer Inspection False Positive vs. False Negative Synchronization
INDRA Architecture
State Backup and Recovery Memory State Backup and Recovery Hybrid Recovery Scheme System Resource Recovery Connection State Recovery
INDRA Architecture
State Backup and Recovery
INDRA Architecture
INDRA Architecture
Processing of Memory Write
INDRA Architecture
Processing of Memory Read
INDRA Architecture
Processing of Service Request
INDRA Architecture
INDRA Architecture
Hybrid Recovery Scheme
INDRA Architecture
Limitation INDRA does not promise to handle all conceivable attacks
and recover from all possible corrupted machine states. INDRA’s architectural design does not attempt any file
system recovery assuming that all disk writes are issued by verified program execution and properly checked.
INDRA is also not a replacement for the conventional means of patching software vulnerabilities.
Last, INDRA does not handle attacks that jam a network channel, e.g. router flooding.
Outline
Introduction Remote Attack Insulation and Service
Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
Evaluation
Security Evaluation Performance
Monitor State Backup and Recovery
Evaluation
Processor model parameters
Evaluation
Impact of Shared Queue SizeMonitoring Overhead
Evaluation
Slowdown by backup and rollbackSlowdown using traditional memory virtual checkpoint
Outline
Introduction Remote Attack Insulation and Service
Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
Related Work
Exploit Detection Recovery
Traditional Recovery Reactive Immune System and DIRA Reliability and Security Engine Memory State Recovery
Outline
Introduction Remote Attack Insulation and Service
Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
Conclusion
INDRA creates a remote attack immune hardware sandbox based on asymmetric configuration among different cores to create a solid insulation against malicious exploits.
INDRA proposes a novel delta backup scheme for resurrectees to enable high speed recovery when an attack or a fault is detected by their resurrector.
INDRA provides better dependability and availability for high performance production servers hosting high volume networked services.
INDRA facilitates a fast backup and recovery mechanism that shows a substantial improvement against the conventional checkpointing schemes.
Outline
Introduction Remote Attack Insulation and Service
Revivability INDRA Architecture Evaluation Related Work Conclusion Personal Comments
Personal Comments
Ever the focus of this paper is in the recovery of network services caused by malicious remote exploit attacks, some aspects are important, for example, synchronization and hardware insulation.
Buffer overflow (vulnerable) No prevention Detection Avoid Denied of Service
This approach presents performance degradation due to synchronization process. A solution could be sampling the process of checking, for example, only in IL1 missing.
Questions?
Thank you.
