Hardware-Assisted Dependable Systems Dissertation submitted for the degree of Doktoringenieur (Dr.-Ing.) by Dmitrii Kuvaiskii born 28.11.1987 in Chigirik, Uzbekistan, USSR Technische Universität Dresden Faculty of Computer Science Institute of Systems Architecture Chair of Systems Engineering Supervisors: Prof. Dr. (PhD) Christof Fetzer Prof. Dr. (PhD) Pramod Bhatotia Submitted November 5, 2017 Note on Title Based on the recommendation of the reviewers and the PhD committee, the initial working title of this thesis (“Dependable Systems Leveraging New ISA Extensions”) was adapted to the final title named “Hardware-Assisted Dependable Systems”. This title better reflects the actual content of the thesis in its general sense. Acknowledgements This PhD thesis would not be possible without guidance and support of many, many people. First and foremost, I would like to thank my supervisors, prof. Christof Fetzer and prof. Pramod Bhatotia. Without their invaluable counsel and advice, I would not be able to achieve good results and finish my PhD so soon. Specifically, I would like to express my gratitude to prof. Fetzer for allowing me to pursue topics I was most interested in and for deep technical discussions early on in my PhD. Also, I am immensely grateful to prof. Bhatotia for teaching me how to conduct research and for supporting me on a day-to-day basis. Finally, I would like to thank both my supervisors for arranging the defense of my PhD at short notice, due to the specific circumstances of my visa. I am also grateful to prof. Thorsten Strufe for being my Fachreferent and to prof. Pascal Felber for frequent collaborations and discussions. Other professors that helped me a lot include Herbert Bos, Cristiano Giuffrida, Herman Haertig, Jeronimo Castrillon, and Christel Baier. I would like to thank all my colleagues and close friends for their endless support, reviews, comments, and patiently listening to my constant complains about everything. Thanks to Oleksii Oleksenko, Do Le Quoc, Maksym Planeta, Sergei Arnautov, Rasha Faqeh, Franz Gregor, Bohdan Trach, Irina Karadschow, Robert Krahn, Diogo Behrens, Raluca Halalai, Andre Martin, Ute Schiffel, Jons-Tobias Wamhoff, Frank Busse, Lenar Yazdanov, Thordis Kombrink, and Thomas Knauth. Special thanks go to my colleagues and fellow interns during my stay at Intel Labs: Mona Vij, Somnath Chakrabarti, Shweta Shinde, Palak Jindal, Mohammed Karmoose, Noor Abbani, and many others. And thanks to everyone who I did not explicitly mention here. I am blessed to have amazing parents and a loving sister. Thank you, Anastasia, for showing me how to put up a fight. Thank you, dad, for making me love math and physics and for that Pentium-II computer we bought in 1998. Thank you, mom, for forcing me out of my comfort zone and for everything you did. Thank you, Daria, for the past six years and for being awesome. Abstract Unpredictable hardware faults and software bugs lead to application crashes, incorrect computa- tions,unavailabilityofinternetservices,datalosses,malfunctioningcomponents,andconsequently financial losses or even death of people. In particular, faults in microprocessors (CPUs) and memory corruption bugs are among the major unresolved issues of today. CPU faults may result in benign crashes and, more problematically, in silent data corruptions that can lead to catas- trophic consequences, silently propagating from component to component and finally shutting down the whole system. Similarly, memory corruption bugs (memory-safety vulnerabilities) may result in a benign application crash but may also be exploited by a malicious hacker to gain control over the system or leak confidential data. Both these classes of errors are notoriously hard to detect and tolerate. Usual mitigation strategy is to apply ad-hoc local patches: checksums to protect specific computations against hardware faults and bug fixes to protect programs against known vulnerabilities. This strategy is unsatisfactory since it is prone to errors, requires significant manual effort, and protects only against anticipated faults. On the other extreme, Byzantine Fault Tolerance solutions defend against all kinds of hardware and software errors, but are inadequately expensive in terms of resources and performance overhead. In this thesis, we examine and propose five techniques to protect against hardware CPU faults and software memory-corruption bugs. All these techniques are hardware-assisted: they use recent advancements in CPU designs and modern CPU extensions. Three of these techniques target hardware CPU faults and rely on specific CPU features: ∆-encoding efficiently utilizes instruction-level parallelism of modern CPUs, Elzar re-purposes Intel AVX extensions, and HAFT builds on Intel TSX instructions. The rest two target software bugs: SGXBounds detects vulnerabilities inside Intel SGX enclaves, and “MPX Explained” analyzes the recent Intel MPX extension to protect against buffer overflow bugs. Our techniques achieve three goals: transparency, practicality, and efficiency. All our systems are implemented as compiler passes which transparently harden unmodified applications against hardware faults and software bugs. They are practical since they rely on commodity CPUs and require no specialized hardware or operating system support. Finally, they are efficient because they use hardware assistance in the form of CPU extensions to lower performance overhead. I Publications The content of this thesis is based on the following publications. • ∆-encoding: Practical Encoded Processing. Dmitrii Kuvaiskii and Christof Fetzer. In proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2015. Best Student Paper award. • Elzar: Triple Modular Redundancy using Intel AVX. Dmitrii Kuvaiskii, Oleksii Oleksenko, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. In proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2016. • HAFT: Hardware-assisted Fault Tolerance. DmitriiKuvaiskii,RashaFaqeh,Pramod Bhatotia, Pascal Felber, and Christof Fetzer. In proceedings of the European Conference on Computer Systems (EuroSys), 2016. • SGXBounds: Memory Safety for Shielded Execution. Dmitrii Kuvaiskii, Oleksii Oleksenko, Sergei Arnautov, Bohdan Trach, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. In proceedings of the European Conference on Computer Systems (EuroSys), 2017. Best Paper award. • Intel MPX Explained: An Empirical Study of Intel MPX and Software-based Bounds Checking Approaches. OleksiiOleksenko, DmitriiKuvaiskii, PramodBhatotia, Pascal Felber, and Christof Fetzer. Submitted to the ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), 2018. III
Description: