1 / 19

Parallelizing Security Checks on Commodity Hardware

Parallelizing Security Checks on Commodity Hardware. E.B. Nightingale, D. Peek, P.M. Chen and J. Flinn U Michigan. Overview. Introduction Speculator Design Parallel lifeguards Evaluation Conclusion. Introduction. Security checkers (lifeguards) are too slow (~30X with taintcheck)

marcel
Download Presentation

Parallelizing Security Checks on Commodity Hardware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Parallelizing Security Checks on Commodity Hardware E.B. Nightingale, D. Peek, P.M. Chen and J. Flinn U Michigan

  2. Overview • Introduction • Speculator • Design • Parallel lifeguards • Evaluation • Conclusion

  3. Introduction • Security checkers (lifeguards) are too slow (~30X with taintcheck) • Multi core systems are increasingly popular • Can we exploit idle cores to improve lifeguard performance • Speck (Speculative Error ChecKing), parallelizes lifeguards to improve performance

  4. Introduction (2) • Security checks are decoupled from application execution • Security checks are executed in parallel on separate cores • Speculator for speculative execution and rollback

  5. Speculator • OS level support for speculative execution and rollback • Checkpoint process state before system call execution • Use buffering to hide side effects (e.g I/O) of speculative execution • Block process if cannot hide side effects • Rollback to checkpoint state if necessary

  6. Speck Design • Fork instrumented clones of monitored application to run on other cores • Security checks run on instrumented clones • OS logging to handle non deterministic execution e.g signal delivery, system call results • Speculator for speculative execution and rollback of system call

  7. Design

  8. Parallel Lifeguards • Process Memory Analysis • System Call Analysis • Taint Analysis

  9. Parallel Process Memory Analysis • Security violations can be detected in memory • Decrypted virus image • Leaked data • Check each store location for pattern • All checks are independent • Easy to parallelize

  10. Parallel System Call Analysis • Analyze program behavior using system calls • Check system call parameters • Check system call history • Checks are independent • Easy to parallelize

  11. Parallel Taint Analysis • Detect critical use of malicious input • Track propagation of input • Pin based sequential taintcheck is 18X • Checking is inherently sequential and hard to parallelize • Log based approach to parallelize • Parallel log generation by instrumented clones (workers) • Sequential log processing by master

  12. Parallel Taint Analysis Workers • Generate log segments from replayed execution • Eliminate redundant log records using mark and sweep algorithm (6X compression ratio) • Send compressed segments to master for processing

  13. Parallel Taint Analysis Master • Maintains metadata • Process segments in log order • Detects violations • Update metadata

  14. Evaluation • 8-core (quad dual core) Intel Xeon • 2.66 GHz, 4GB RAM, 8MB L2, 1.33 GHz bus • Linux 2.6 (64 bit) kernel • 4-core (2 dual core) Intel Xeon • 2.8G Hz, 3GB RAM, 4MB L2, 800 MHz bus • Linux 2.4 (32 bit) kernel

  15. Benchmarks • Process memory analysis • Frames per second of mplayer playing Harry Potter trailer • System call analysis • Transactions per second (TPS) of Postmark benchmark • Taint Analysis • Frames per second of mplayer playing Harry Potter trailer

  16. Process Memory Analysis

  17. System Call Analysis

  18. Taint Analysis

  19. Conclusion • Speck parallelizes security checks on commodity hardware • Pin based lifeguards • OS level support (Speculator) for speculative execution of system call • Speedups with (4 workers, 8 workers) • Process memory analysis (4X, 7.5X) • System Call Analysis (3.3X, 2.8X) • Taint Analysis (1.6X, 2X)

More Related