Top Banner
Software-Hardware Information Flow Tracking + Multicore Colleen Lewis & Cynthia Sturton SHIFT+M
29

S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Dec 19, 2015

Download

Documents

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Software-Hardware Information

Flow Tracking + Multicore

Colleen Lewis & Cynthia Sturton

SHIFT+M

Page 2: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Goals

• Design information flow control on multicore message passing

• Determine the cost of safe communication to CPU performance

• Low impact to receiving node from malicious sender

Page 3: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Asbestos

• Prevents unauthorized communication

• Message passing

• Applications set their policy

• Single Core

Page 4: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Asbestos on Multicore

• Distributed labels and checks

• Hardware component + trusted library

• Message passing

OS

Hardware

OS

Hardware

OS

Hardware

Page 5: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

OS

Hardware

OS

Hardware

OS

Hardware

Round #Allowed?Valid?PIDremotePIDlocal Round #Allowed?Valid?PIDremotePIDlocal

MessageValid? MessageValid?

Buffered MessageBuffered Message

OS – Taint Unit

Network

Hardware – Taint Unit

MetareceiveMetasendRound #PIDlocal MetareceiveMetasendRound #PIDlocal

Design

Page 6: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Message

Request Taint

Sp1 Rp2

Taint

Protocol - Simple

=?

Page 7: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Problem

Sending Process Changes Taint Label Before

Responding With Taint

Page 8: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Message

Request Taint

Sp1 Rp2

Taint

Sending Process Modifies Taint

Modify Taint

Page 9: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

OS

Hardware

OS

Hardware

OS

Hardware

Round #Allowed?Valid?PIDremotePIDlocal Round #Allowed?Valid?PIDremotePIDlocal

MessageValid? MessageValid?

Buffered MessageBuffered Message

OS – Taint Unit

Network

Hardware – Taint Unit

MetareceiveMetasendRound #PIDlocal MetareceiveMetasendRound #PIDlocal

Design

Page 10: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Message, round = 2

Request Taint, round = 2

Sp1 Rp2

Taint, round = 2

Protocol – With Round Numbers

Modify Taint

Page 11: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Problem

Every Message Requires Three Messages

Page 12: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

OS

Hardware

OS

Hardware

OS

Hardware

Round #Allowed?Valid?PIDremotePIDlocal Round #Allowed?Valid?PIDremotePIDlocal

MessageValid? MessageValid?

Buffered MessageBuffered Message

OS – Taint Unit

Network

Hardware – Taint Unit

MetareceiveMetasendRound #PIDlocal MetareceiveMetasendRound #PIDlocal

Design

Page 13: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Message, round = 2

Sp1 Rp2

Cache The Taint Check Result

Round #Allowed?Valid?PIDremotePIDlocal Round #Allowed?Valid?PIDremotePIDlocal

Hardware – Taint Unit

2p1 p2 1 1

Page 14: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Problem

Buffering Messages Requires Receiving Node

CPU Time

Page 15: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Message, round = 2

Sp1 Rp2

Software Costs

Page 16: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

OS

Hardware

OS

Hardware

OS

Hardware

Round #Allowed?Valid?PIDremotePIDlocal Round #Allowed?Valid?PIDremotePIDlocal

MessageValid? MessageValid?

Buffered MessageBuffered Message

OS – Taint Unit

Network

Hardware – Taint Unit

MetareceiveMetasendRound #PIDlocal MetareceiveMetasendRound #PIDlocal

Design

Page 17: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Message, round = 2

Request Taint, round = 2

Sp1 Rp2

Taint, round = 2

Hardware Buffer

MessageValid? MessageValid?

Hardware

1

Page 18: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Problem

Both Sending And Receiving CPU Time Wasted on Deny

Page 19: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Message, round = 2

Request Taint, round = 2

Sp1 Rp2

Taint, round = 2

Software Costs

=?

Page 20: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Quick Deny – Taint Meta Data

• Send Taint meta data with message

• Reject if sender has higher number of the most classified labels

MetareceiveMetasendRound #PIDlocal MetareceiveMetasendRound #PIDlocal

Page 21: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

OS

Hardware

OS

Hardware

OS

Hardware

Round #Allowed?Valid?PIDremotePIDlocal Round #Allowed?Valid?PIDremotePIDlocal

MessageValid? MessageValid?

Buffered MessageBuffered Message

OS – Taint Unit

Network

Hardware – Taint Unit

MetareceiveMetasendRound #PIDlocal MetareceiveMetasendRound #PIDlocal

Design

Page 22: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Message, round = 2, meta = 3

Sp1 Rp2

Quick Deny – Taint Meta Data

1

Hardware – Taint UnitMetareceiveMetasendRound #PIDlocal MetareceiveMetasendRound #PIDlocal

p1 2 6

3Send > 1Receive

Hardware – Taint UnitMetareceiveMetasendRound #PIDlocal MetareceiveMetasendRound #PIDlocal

p1 2 3 2

REJECT

Page 23: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Problem

Quality of Service

Page 24: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

B = Buffering messages

RT = Reading taint to send

RT = Reading taint for comparison

C = Comparison

Message, round = 2

Request Taint, round = 2

S R

Taint, round = 2

Software Costs

=?

Page 25: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

B = Buffering messages

RT = Reading taint to send

RT = Reading taint for comparison

C = Comparison

Quality of Service

B + RT + CRT

Receiver Work

Sender Work

RTB + RT + C Hardware

Buffer

RT >> C

~ 1

Page 26: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

B = Buffering messages

RT = Reading taint to send

RT = Reading taint for comparison

C = Comparison

Quality of Service

RTB + RT + C

Cache Hit or Quick Deny

B + RT + CRT

Receiver Work

Sender Work

Page 27: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Communication Rate

% P

rod

uctiv

e W

ork

Communication Rate (per node)

Message Arrival Rate

% P

rod

uctiv

e W

ork

Message Arrival Rate

Allowed Communication

% P

rod

uctiv

e W

ork

% of Allowed Communication

All cache

hits

Some cache

hits

No cache

hits

All HW

buffering

Some HW

buffering

No HW

buffering

Page 28: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Simulation

• Simics – full system multicore simulator

• Implemented message passing

• Added latency at nodes to represent – Buffering messages– Reading taint to send– Reading taint for comparison– Comparison

Page 29: S oftware- H ardware I nformation F low T racking + M ulticore Colleen Lewis & Cynthia Sturton SHIFT+M.

Conclusions

• Message passing is well suited for information flow tracking

• We can bound the cost of secure communication in a distributed protocol