Software-Hardware Information Flow Tracking + MulticoreGoalsAsbestosAsbestos on MulticoreSlide 5Protocol - SimpleSending Process Changes Taint Label Before Responding With TaintSending Process Modifies TaintSlide 9Protocol – With Round NumbersEvery Message Requires Three MessagesSlide 12Cache The Taint Check ResultBuffering Messages Requires Receiving Node CPU TimeSoftware CostsSlide 16Hardware BufferBoth Sending And Receiving CPU Time Wasted on DenySlide 19Quick Deny – Taint Meta DataSlide 21Slide 22Quality of ServiceSlide 24Slide 25Slide 26Slide 27SimulationConclusionsSoftware-Hardware Information Flow Tracking + MulticoreColleen Lewis & Cynthia SturtonSHIFT+MGoals•Design information flow control on multicore message passing•Determine the cost of safe communication to CPU performance•Low impact to receiving node from malicious senderAsbestos•Prevents unauthorized communication•Message passing•Applications set their policy•Single CoreAsbestos on Multicore•Distributed labels and checks•Hardware component + trusted library•Message passingOSHardwareOSHardwareOSHardwareOSHardwareOSHardwareOSHardwareOS – Taint UnitNetworkHardware – Taint UnitDesignMessage Request TaintSp1Rp2 TaintProtocol - Simple=?ProblemSending Process Changes Taint Label Before Responding With TaintMessage Request TaintSp1Rp2 TaintSending Process Modifies TaintModify TaintOSHardwareOSHardwareOSHardwareOS – Taint UnitNetworkHardware – Taint UnitDesignMessage, round = 2Request Taint, round = 2Sp1Rp2Taint, round = 2Protocol – With Round NumbersModify TaintProblemEvery Message Requires Three MessagesOSHardwareOSHardwareOSHardwareOS – Taint UnitNetworkHardware – Taint UnitDesignMessage, round = 2Sp1Rp2Cache The Taint Check ResultHardware – Taint Unit2p1 p2 1 1ProblemBuffering Messages Requires Receiving Node CPU TimeMessage, round = 2Sp1Rp2Software CostsOSHardwareOSHardwareOSHardwareOS – Taint UnitNetworkHardware – Taint UnitDesignMessage, round = 2Request Taint, round = 2Sp1Rp2Taint, round = 2Hardware BufferHardware1ProblemBoth Sending And Receiving CPU Time Wasted on DenyMessage, round = 2Request Taint, round = 2Sp1Rp2Taint, round = 2Software Costs=?Quick Deny – Taint Meta Data•Send Taint meta data with message•Reject if sender has higher number of the most classified labelsOSHardwareOSHardwareOSHardwareOS – Taint UnitNetworkHardware – Taint UnitDesignMessage, round = 2, meta = 3Sp1Rp2Quick Deny – Taint Meta Data1Hardware – Taint Unitp1 2 63Send > 1ReceiveHardware – Taint Unitp1 2 3 2REJECTProblemQuality of ServiceB = Buffering messagesRT = Reading taint to sendRT = Reading taint for comparisonC = ComparisonMessage, round = 2Request Taint, round = 2SRTaint, round = 2Software Costs=?B = Buffering messagesRT = Reading taint to sendRT = Reading taint for comparisonC = ComparisonQuality of ServiceB + RT + CRTReceiver WorkSender WorkRTB + RT + C Hardware BufferRT >> C~ 1B = Buffering messagesRT = Reading taint to sendRT = Reading taint for comparisonC = ComparisonQuality of ServiceRTB + RT + CCache Hit or Quick DenyB + RT + CRTReceiver WorkSender WorkCommunication Rate% Productive WorkCommunication Rate (per node)Message Arrival Rate% Productive WorkMessage Arrival RateAllowed Communication% Productive Work% of Allowed CommunicationAll cache hitsSome cache hitsNo cache hitsAll HW bufferingSome HW bufferingNo HW bufferingSimulation•Simics – full system multicore simulator•Implemented message passing•Added latency at nodes to represent –Buffering messages–Reading taint to send–Reading taint for comparison–ComparisonConclusions•Message passing is well suited for information flow tracking•We can bound the cost of secure communication in a distributed
View Full Document