Table Of ContentHardware-Assisted Dependable Systems
Dissertation
submitted for the degree of
Doktoringenieur (Dr.-Ing.)
by
Dmitrii Kuvaiskii
born 28.11.1987 in Chigirik, Uzbekistan, USSR
Technische Universität Dresden
Faculty of Computer Science
Institute of Systems Architecture
Chair of Systems Engineering
Supervisors:
Prof. Dr. (PhD) Christof Fetzer
Prof. Dr. (PhD) Pramod Bhatotia
Submitted November 5, 2017
Note on Title
Based on the recommendation of the reviewers and the PhD committee, the initial working
title of this thesis (“Dependable Systems Leveraging New ISA Extensions”) was adapted to the
final title named “Hardware-Assisted Dependable Systems”. This title better reflects the actual
content of the thesis in its general sense.
Acknowledgements
This PhD thesis would not be possible without guidance and support of many, many people.
First and foremost, I would like to thank my supervisors, prof. Christof Fetzer and prof.
Pramod Bhatotia. Without their invaluable counsel and advice, I would not be able to achieve
good results and finish my PhD so soon. Specifically, I would like to express my gratitude to
prof. Fetzer for allowing me to pursue topics I was most interested in and for deep technical
discussions early on in my PhD. Also, I am immensely grateful to prof. Bhatotia for teaching
me how to conduct research and for supporting me on a day-to-day basis. Finally, I would like
to thank both my supervisors for arranging the defense of my PhD at short notice, due to the
specific circumstances of my visa.
I am also grateful to prof. Thorsten Strufe for being my Fachreferent and to prof. Pascal
Felber for frequent collaborations and discussions. Other professors that helped me a lot include
Herbert Bos, Cristiano Giuffrida, Herman Haertig, Jeronimo Castrillon, and Christel Baier.
I would like to thank all my colleagues and close friends for their endless support, reviews,
comments, and patiently listening to my constant complains about everything. Thanks to Oleksii
Oleksenko, Do Le Quoc, Maksym Planeta, Sergei Arnautov, Rasha Faqeh, Franz Gregor, Bohdan
Trach, Irina Karadschow, Robert Krahn, Diogo Behrens, Raluca Halalai, Andre Martin, Ute
Schiffel, Jons-Tobias Wamhoff, Frank Busse, Lenar Yazdanov, Thordis Kombrink, and Thomas
Knauth. Special thanks go to my colleagues and fellow interns during my stay at Intel Labs:
Mona Vij, Somnath Chakrabarti, Shweta Shinde, Palak Jindal, Mohammed Karmoose, Noor
Abbani, and many others. And thanks to everyone who I did not explicitly mention here.
I am blessed to have amazing parents and a loving sister. Thank you, Anastasia, for showing
me how to put up a fight. Thank you, dad, for making me love math and physics and for that
Pentium-II computer we bought in 1998. Thank you, mom, for forcing me out of my comfort
zone and for everything you did.
Thank you, Daria, for the past six years and for being awesome.
Abstract
Unpredictable hardware faults and software bugs lead to application crashes, incorrect computa-
tions,unavailabilityofinternetservices,datalosses,malfunctioningcomponents,andconsequently
financial losses or even death of people. In particular, faults in microprocessors (CPUs) and
memory corruption bugs are among the major unresolved issues of today. CPU faults may result
in benign crashes and, more problematically, in silent data corruptions that can lead to catas-
trophic consequences, silently propagating from component to component and finally shutting
down the whole system. Similarly, memory corruption bugs (memory-safety vulnerabilities) may
result in a benign application crash but may also be exploited by a malicious hacker to gain
control over the system or leak confidential data.
Both these classes of errors are notoriously hard to detect and tolerate. Usual mitigation
strategy is to apply ad-hoc local patches: checksums to protect specific computations against
hardware faults and bug fixes to protect programs against known vulnerabilities. This strategy
is unsatisfactory since it is prone to errors, requires significant manual effort, and protects only
against anticipated faults. On the other extreme, Byzantine Fault Tolerance solutions defend
against all kinds of hardware and software errors, but are inadequately expensive in terms of
resources and performance overhead.
In this thesis, we examine and propose five techniques to protect against hardware CPU faults
and software memory-corruption bugs. All these techniques are hardware-assisted: they use
recent advancements in CPU designs and modern CPU extensions. Three of these techniques
target hardware CPU faults and rely on specific CPU features: ∆-encoding efficiently utilizes
instruction-level parallelism of modern CPUs, Elzar re-purposes Intel AVX extensions, and
HAFT builds on Intel TSX instructions. The rest two target software bugs: SGXBounds detects
vulnerabilities inside Intel SGX enclaves, and “MPX Explained” analyzes the recent Intel MPX
extension to protect against buffer overflow bugs.
Our techniques achieve three goals: transparency, practicality, and efficiency. All our systems
are implemented as compiler passes which transparently harden unmodified applications against
hardware faults and software bugs. They are practical since they rely on commodity CPUs and
require no specialized hardware or operating system support. Finally, they are efficient because
they use hardware assistance in the form of CPU extensions to lower performance overhead.
I
Publications
The content of this thesis is based on the following publications.
• ∆-encoding: Practical Encoded Processing. Dmitrii Kuvaiskii and Christof Fetzer.
In proceedings of the IEEE/IFIP International Conference on Dependable Systems and
Networks (DSN), 2015. Best Student Paper award.
• Elzar: Triple Modular Redundancy using Intel AVX. Dmitrii Kuvaiskii, Oleksii
Oleksenko, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. In proceedings of the
IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2016.
• HAFT: Hardware-assisted Fault Tolerance. DmitriiKuvaiskii,RashaFaqeh,Pramod
Bhatotia, Pascal Felber, and Christof Fetzer. In proceedings of the European Conference
on Computer Systems (EuroSys), 2016.
• SGXBounds: Memory Safety for Shielded Execution. Dmitrii Kuvaiskii, Oleksii
Oleksenko, Sergei Arnautov, Bohdan Trach, Pramod Bhatotia, Pascal Felber, and Christof
Fetzer. In proceedings of the European Conference on Computer Systems (EuroSys), 2017.
Best Paper award.
• Intel MPX Explained: An Empirical Study of Intel MPX and Software-based
Bounds Checking Approaches. OleksiiOleksenko, DmitriiKuvaiskii, PramodBhatotia,
Pascal Felber, and Christof Fetzer. Submitted to the ACM International Conference on
Measurement and Modeling of Computer Systems (SIGMETRICS), 2018.
III
Description:I am blessed to have amazing parents and a loving sister. Thank you, Anastasia, for Unpredictable hardware faults and software bugs lead to application crashes, incorrect computa- tions, unavailability of they use hardware assistance in the form of CPU extensions to lower performance overhead.
