Timeline of a Vulnerability
Size: px
Start display at page:

Download "Timeline of a Vulnerability"

Transcription

1

2 Introduction

3 Timeline of a Vulnerability Is this all a conspiracy? Vulnerability existed for many years 2 Michael Schwarz (@misc0110)

4 Timeline of a Vulnerability Is this all a conspiracy? Vulnerability existed for many years No one discovered it before 2 Michael Schwarz (@misc0110)

5 Timeline of a Vulnerability Is this all a conspiracy? Vulnerability existed for many years No one discovered it before Suddenly, 4 independent teams discover it within 6 months 2 Michael Schwarz (@misc0110)

6 Timeline of a Vulnerability Is this all a conspiracy? Vulnerability existed for many years No one discovered it before Suddenly, 4 independent teams discover it within 6 months Let s create an evidence board 2 Michael Schwarz (@misc0110)

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23 Timeline of a Vulnerability Not a conspiracy Tools to detect the bug only invented in Michael Schwarz (@misc0110)

24 Timeline of a Vulnerability Not a conspiracy Tools to detect the bug only invented in 2014 No broad interest in microarchitectural attacks before 3 Michael Schwarz (@misc0110)

25 Timeline of a Vulnerability Not a conspiracy Tools to detect the bug only invented in 2014 No broad interest in microarchitectural attacks before Discovering teams quite knowledgeable in this area 3 Michael Schwarz (@misc0110)

26 Timeline of a Vulnerability Not a conspiracy Tools to detect the bug only invented in 2014 No broad interest in microarchitectural attacks before Discovering teams quite knowledgeable in this area The bug was ripe a consequence of research in this area 3 Michael Schwarz (@misc0110)

27 Timeline of a Vulnerability Not a conspiracy Tools to detect the bug only invented in 2014 No broad interest in microarchitectural attacks before Discovering teams quite knowledgeable in this area The bug was ripe a consequence of research in this area bug collision nearly inevitable 3 Michael Schwarz (@misc0110)

28 The Fallout You realize it is something big when... 4 Michael Schwarz (@misc0110)

29 The Fallout You realize it is something big when... it is in the news, all over the world 4 Michael Schwarz (@misc0110)

30 The Fallout You realize it is something big when... it is in the news, all over the world 4 Michael Schwarz (@misc0110)

31 The Fallout You realize it is something big when... it is in the news, all over the world 4 Michael Schwarz (@misc0110)

32 The Fallout You realize it is something big when... it is in the news, all over the world 4 Michael Schwarz (@misc0110)

33 The Fallout You realize it is something big when... it is in the news, all over the world 4 Michael Schwarz (@misc0110)

34 The Fallout You realize it is something big when... it is in the news, all over the world you get a Wikipedia article in multiple languages 4 Michael Schwarz (@misc0110)

35 The Fallout You realize it is something big when... it is in the news, all over the world you get a Wikipedia article in multiple languages 4 Michael Schwarz (@misc0110)

36 The Fallout You realize it is something big when... it is in the news, all over the world you get a Wikipedia article in multiple languages 4 Michael Schwarz (@misc0110)

37 The Fallout You realize it is something big when... it is in the news, all over the world you get a Wikipedia article in multiple languages there are comics, including xkcd 4 Michael Schwarz (@misc0110)

38 The Fallout You realize it is something big when... it is in the news, all over the world you get a Wikipedia article in multiple languages there are comics, including xkcd 4 Michael Schwarz (@misc0110)

39 The Fallout You realize it is something big when... it is in the news, all over the world you get a Wikipedia article in multiple languages there are comics, including xkcd 4 Michael Schwarz (@misc0110)

40 The Fallout You realize it is something big when... it is in the news, all over the world you get a Wikipedia article in multiple languages there are comics, including xkcd you get a lot of Twitter follower after Snowden mentioned you 4 Michael Schwarz (@misc0110)

41 The Fallout You realize it is something big when... it is in the news, all over the world you get a Wikipedia article in multiple languages there are comics, including xkcd you get a lot of Twitter follower after Snowden mentioned you 4 Michael Schwarz (@misc0110)

42

43 The Core of Meltdown Kernel is isolated from user space Userspace Kernelspace Applications Operating System Memory 5 Michael Schwarz (@misc0110)

44 The Core of Meltdown Kernel is isolated from user space This isolation is a combination of hardware and software Userspace Kernelspace Applications Operating System Memory 5 Michael Schwarz (@misc0110)

45 The Core of Meltdown Kernel is isolated from user space This isolation is a combination of hardware and software User applications cannot access anything from the kernel Userspace Kernelspace Applications Operating System Memory 5 Michael Schwarz (@misc0110)

46 The Core of Meltdown Kernel is isolated from user space This isolation is a combination of hardware and software User applications cannot access anything from the kernel There is only a well-defined interface syscalls Userspace Applications Kernelspace Operating System Memory 5 Michael Schwarz (@misc0110)

47 Meltdown Briefing Breaks isolation between applications and kernel 6 Michael Schwarz (@misc0110)

48 Meltdown Briefing Breaks isolation between applications and kernel User applications can access kernel addresses 6 Michael Schwarz (@misc0110)

49 Meltdown Briefing Breaks isolation between applications and kernel User applications can access kernel addresses Entire physical memory is mapped in the kernel 6 Michael Schwarz (@misc0110)

50 Meltdown Briefing Breaks isolation between applications and kernel User applications can access kernel addresses Entire physical memory is mapped in the kernel Meltdown can read whole DRAM 6 Michael Schwarz (@misc0110)

51 Meltdown Requirements Only on Intel CPUs and some ARMs (Cortex A75) 7 Michael Schwarz (@misc0110)

52 Meltdown Requirements Only on Intel CPUs and some ARMs (Cortex A75) AMD and other ARMs seem to be unaffected 7 Michael Schwarz (@misc0110)

53 Meltdown Requirements Only on Intel CPUs and some ARMs (Cortex A75) AMD and other ARMs seem to be unaffected Common cause: permission check done in parallel to load instruction 7 Michael Schwarz (@misc0110)

54 Meltdown Requirements Only on Intel CPUs and some ARMs (Cortex A75) AMD and other ARMs seem to be unaffected Common cause: permission check done in parallel to load instruction Race condition between permission check and dependent operation(s) 7 Michael Schwarz (@misc0110)

55

56

57

58

59 Revolutionary concept! Store your food at home, never go to the grocery store during cooking. Can store ALL kinds of food. ONLY TODAY INSTEAD OF $1,300 ORDER VIA PHONE:

60 CPU Cache printf("%d", i); printf("%d", i); 8 Michael Schwarz (@misc0110)

61 CPU Cache printf("%d", i); printf("%d", i); Cache miss 8 Michael Schwarz (@misc0110)

62 CPU Cache printf("%d", i); printf("%d", i); Cache miss Request 8 Michael Schwarz (@misc0110)

63 CPU Cache printf("%d", i); printf("%d", i); Cache miss Request Response 8 Michael Schwarz (@misc0110)

64 CPU Cache printf("%d", i); printf("%d", i); Cache miss i Request Response 8 Michael Schwarz (@misc0110)

65 CPU Cache printf("%d", i); printf("%d", i); Cache miss Cache hit i Request Response 8 Michael Schwarz (@misc0110)

66 CPU Cache DRAM access, slow printf("%d", i); printf("%d", i); Cache miss Cache hit i Request Response 8 Michael Schwarz (@misc0110)

67 CPU Cache DRAM access, slow printf("%d", i); printf("%d", i); Cache miss Cache hit i No DRAM access, much faster Request Response 8 Michael Schwarz (@misc0110)

68 Flush+Reload ATTACKER Shared Memory VICTIM flush access access 9 Michael Schwarz (@misc0110)

69 Flush+Reload ATTACKER Shared Memory VICTIM flush access cached Shared Memory cached access 9 Michael Schwarz (@misc0110)

70 Flush+Reload ATTACKER Shared Memory VICTIM flush access Shared Memory access 9 Michael Schwarz (@misc0110)

71 Flush+Reload ATTACKER Shared Memory VICTIM flush access access 9 Michael Schwarz (@misc0110)

72 Flush+Reload ATTACKER Shared Memory VICTIM flush access access 9 Michael Schwarz (@misc0110)

73 Flush+Reload ATTACKER Shared Memory VICTIM flush access Shared Memory access 9 Michael Schwarz (@misc0110)

74 Flush+Reload ATTACKER Shared Memory VICTIM flush access Shared Memory access 9 Michael Schwarz (@misc0110)

75 Flush+Reload ATTACKER Shared Memory VICTIM flush access Shared Memory access fast if victim accessed data, slow otherwise 9 Michael Schwarz (@misc0110)

76 Back to Work

77

78

79 Wait for an hour

80 Wait for an hour LATENCY

81

82 Dependency Parallelize

83 Out-of-order Execution int width = 10, height = 5; float diagonal = sqrt(width * width + height * height); int area = width * height; printf("area %d x %d = %d\n", width, height, area); 10 Michael Schwarz (@misc0110)

84 Out-of-order Execution Dependency int width = 10, height = 5; float diagonal = sqrt(width * width + height * height); int area = width * height; Parallelize printf("area %d x %d = %d\n", width, height, area); 10 Michael Schwarz (@misc0110)

85 Building the Code Find something human readable, e.g., the Linux version # sudo grep linux_banner /proc/kallsyms ffffffff81a000e0 R linux_banner 11 Michael Schwarz (@misc0110)

86 Building the Code char data = *(char*)0xffffffff81a000e0; printf("%c\n", data); 12 Michael Schwarz (@misc0110)

87 Building the Code Compile and run segfault at ffffffff81a000e0 ip sp 00007ffce4a80610 error 5 in reader 13 Michael Schwarz (@misc0110)

88 Building the Code Compile and run segfault at ffffffff81a000e0 ip sp 00007ffce4a80610 error 5 in reader Kernel addresses are of course not accessible 13 Michael Schwarz (@misc0110)

89 Building the Code Compile and run segfault at ffffffff81a000e0 ip sp 00007ffce4a80610 error 5 in reader Kernel addresses are of course not accessible Any invalid access throws an exception segmentation fault 13 Michael Schwarz (@misc0110)

90 Building the Code Just catch the segmentation fault! 14 Michael Schwarz

91 Building the Code Just catch the segmentation fault! We can simply install a signal handler 14 Michael Schwarz (@misc0110)

92 Building the Code Just catch the segmentation fault! We can simply install a signal handler And if an exception occurs, just jump back and continue 14 Michael Schwarz (@misc0110)

93 Building the Code Just catch the segmentation fault! We can simply install a signal handler And if an exception occurs, just jump back and continue Then we can read the value 14 Michael Schwarz (@misc0110)

94 Building the Code Just catch the segmentation fault! We can simply install a signal handler And if an exception occurs, just jump back and continue Then we can read the value Sounds like a good idea 14 Michael Schwarz (@misc0110)

95 Building the Code Still no kernel memory 15 Michael Schwarz

96 Building the Code Still no kernel memory Maybe it is not that straight forward 15 Michael Schwarz

97 Building the Code Still no kernel memory Maybe it is not that straight forward Privilege checks seem to work 15 Michael Schwarz

98 Building the Code Still no kernel memory Maybe it is not that straight forward Privilege checks seem to work Are privilege checks also done when executing instructions out of order? 15 Michael Schwarz

99 Building the Code Still no kernel memory Maybe it is not that straight forward Privilege checks seem to work Are privilege checks also done when executing instructions out of order? Problem: out-of-order instructions are not visible 15 Michael Schwarz

100 Building the Code Adapted code *(volatile char*)0; array[84 * 4096] = 0; 16 Michael Schwarz (@misc0110)

101 Building the Code Adapted code *(volatile char*)0; array[84 * 4096] = 0; volatile because compiler was not happy warning : s t a t e m e n t with no e f f e c t [ Wunused v a l u e ] ( char ) 0 ; 16 Michael Schwarz (@misc0110)

102 Building the Code Adapted code *(volatile char*)0; array[84 * 4096] = 0; volatile because compiler was not happy warning : s t a t e m e n t with no e f f e c t [ Wunused v a l u e ] ( char ) 0 ; Static code analyzer is still not happy warning : D e r e f e r e n c e o f n u l l p o i n t e r ( v o l a t i l e char ) 0 ; 16 Michael Schwarz (@misc0110)

103 Building Meltdown Flush+Reload over all pages of the array Access time [cycles] Page Unreachable code line was actually executed 17 Michael Schwarz (@misc0110)

104 Building Meltdown Flush+Reload over all pages of the array Access time [cycles] Page Unreachable code line was actually executed Exception was only thrown afterwards 17 Michael Schwarz (@misc0110)

105 Building the Code Out-of-order instructions leave microarchitectural traces 18 Michael Schwarz

106 Building the Code Out-of-order instructions leave microarchitectural traces We can see them for example in the cache 18 Michael Schwarz

107 Building the Code Out-of-order instructions leave microarchitectural traces We can see them for example in the cache Give such instructions a name: transient instructions 18 Michael Schwarz (@misc0110)

108 Building the Code Out-of-order instructions leave microarchitectural traces We can see them for example in the cache Give such instructions a name: transient instructions We can indirectly observe the execution of transient instructions 18 Michael Schwarz (@misc0110)

109 Building the Code Maybe there is no permission check in transient instructions Michael Schwarz

110 Building the Code Maybe there is no permission check in transient instructions......or it is only done when commiting them 19 Michael Schwarz

111 Building the Code Maybe there is no permission check in transient instructions......or it is only done when commiting them Add another layer of indirection to test char data = *(char*)0xffffffff81a000e0; array[data * 4096] = 0; 19 Michael Schwarz (@misc0110)

112 Building the Code Maybe there is no permission check in transient instructions......or it is only done when commiting them Add another layer of indirection to test char data = *(char*)0xffffffff81a000e0; array[data * 4096] = 0; Then check whether any part of array is cached 19 Michael Schwarz (@misc0110)

113 Building the Code Flush+Reload over all pages of the array Access time [cycles] Page Index of cache hit reveals data 20 Michael Schwarz (@misc0110)

114 Building the Code Flush+Reload over all pages of the array Access time [cycles] Page Index of cache hit reveals data Permission check is in some cases not fast enough 20 Michael Schwarz (@misc0110)

115

116 And now?...

117 Take the kernel addresses... Kernel addresses in user space are a problem 22 Michael Schwarz (@misc0110)

118 Take the kernel addresses... Kernel addresses in user space are a problem Why don t we take the kernel addresses Michael Schwarz (@misc0110)

119 ...and remove them...and remove them if not needed? 23 Michael Schwarz

120 ...and remove them...and remove them if not needed? User accessible check in hardware is not reliable 23 Michael Schwarz

121 Idea Let s just unmap the kernel in user space 24 Michael Schwarz (@misc0110)

122 Idea Let s just unmap the kernel in user space Kernel addresses are then no longer present 24 Michael Schwarz (@misc0110)

123 Idea Let s just unmap the kernel in user space Kernel addresses are then no longer present Memory which is not mapped cannot be accessed at all 24 Michael Schwarz (@misc0110)

124

125 Kernel Address Isolation to have Side channels Efficiently Removed

126 KAISER /ˈkʌɪzə/ 1. [german] Emperor, ruler of an empire 2. largest penguin, emperor penguin Kernel Address Isolation to have Side channels Efficiently Removed

127 Userspace Kernelspace Applications Operating System Memory

128 Kernel View User View Userspace Kernelspace Userspace Kernelspace Applications Operating System Memory Applications context switch

129 Kernel Address Space Isolation We published KAISER in July Michael Schwarz

130 Kernel Address Space Isolation We published KAISER in July 2017 Intel and others improved and merged it into Linux as KPTI (Kernel Page Table Isolation) 25 Michael Schwarz

131 Kernel Address Space Isolation We published KAISER in July 2017 Intel and others improved and merged it into Linux as KPTI (Kernel Page Table Isolation) Microsoft implemented similar concept in Windows Michael Schwarz

132 Kernel Address Space Isolation We published KAISER in July 2017 Intel and others improved and merged it into Linux as KPTI (Kernel Page Table Isolation) Microsoft implemented similar concept in Windows 10 Apple implemented it in macos and called it Double Map 25 Michael Schwarz

133 Kernel Address Space Isolation We published KAISER in July 2017 Intel and others improved and merged it into Linux as KPTI (Kernel Page Table Isolation) Microsoft implemented similar concept in Windows 10 Apple implemented it in macos and called it Double Map All share the same idea: switching address spaces on context switch 25 Michael Schwarz

134

135 Performance Depends on how often you need to switch between kernel and user space 26 Michael Schwarz

136 Performance Depends on how often you need to switch between kernel and user space Can be slow, 40% or more on old hardware 26 Michael Schwarz

137 Performance Depends on how often you need to switch between kernel and user space Can be slow, 40% or more on old hardware But modern CPUs have additional features 26 Michael Schwarz

138 Performance Depends on how often you need to switch between kernel and user space Can be slow, 40% or more on old hardware But modern CPUs have additional features Performance overhead on average below 2% 26 Michael Schwarz

139 Meltdown and Spectre 27 Michael Schwarz

140 Meltdown and Spectre 27 Michael Schwarz

141

142 Spectre Briefing Mistrains branch prediction 28 Michael Schwarz

143 Spectre Briefing Mistrains branch prediction CPU speculatively executes code which should not be executed 28 Michael Schwarz

144 Spectre Briefing Mistrains branch prediction CPU speculatively executes code which should not be executed Can also mistrain indirect calls 28 Michael Schwarz

145 Spectre Briefing Mistrains branch prediction CPU speculatively executes code which should not be executed Can also mistrain indirect calls Spectre convinces program to execute code 28 Michael Schwarz

146 Spectre Requirements On Intel and AMD CPUs 29 Michael Schwarz

147 Spectre Requirements On Intel and AMD CPUs Some ARMs (Cortex R and Cortex A) are also affected 29 Michael Schwarz (@misc0110)

148 Spectre Requirements On Intel and AMD CPUs Some ARMs (Cortex R and Cortex A) are also affected Common cause: speculative execution of branches 29 Michael Schwarz (@misc0110)

149 Spectre Requirements On Intel and AMD CPUs Some ARMs (Cortex R and Cortex A) are also affected Common cause: speculative execution of branches Speculative execution leaves microarchitectural traces which leak secret 29 Michael Schwarz (@misc0110)

150

151 Prosciutto

152 Funghi

153 Diavolo

154 Diavolo

155 Diavolo

156 Diavolo

157 »A table for 6 please«

158

159 Speculative Cooking

160 »A table for 6 please«

161

162

163

164

165

166 Spectre (variant 1) index = 0; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

167 Spectre (variant 1) index = 0; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

168 Spectre (variant 1) index = 0; char* data = "textkey"; if (index < 4) Speculate th els en e Prediction LUT[data[index] * 4096] 30 0 Michael Schwarz (@misc0110)

169 Spectre (variant 1) index = 0; char* data = "textkey"; if (index < 4) Execute th els en e Prediction LUT[data[index] * 4096] 30 0 Michael Schwarz (@misc0110)

170 Spectre (variant 1) index = 1; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

171 Spectre (variant 1) index = 1; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

172 Spectre (variant 1) index = 1; char* data = "textkey"; if (index < 4) Speculate th els en e Prediction LUT[data[index] * 4096] 30 0 Michael Schwarz (@misc0110)

173 Spectre (variant 1) index = 1; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

174 Spectre (variant 1) index = 2; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

175 Spectre (variant 1) index = 2; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

176 Spectre (variant 1) index = 2; char* data = "textkey"; if (index < 4) Speculate th els en e Prediction LUT[data[index] * 4096] 30 0 Michael Schwarz (@misc0110)

177 Spectre (variant 1) index = 2; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

178 Spectre (variant 1) index = 3; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

179 Spectre (variant 1) index = 3; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

180 Spectre (variant 1) index = 3; char* data = "textkey"; if (index < 4) Speculate th els en e Prediction LUT[data[index] * 4096] 30 0 Michael Schwarz (@misc0110)

181 Spectre (variant 1) index = 3; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

182 Spectre (variant 1) index = 4; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

183 Spectre (variant 1) index = 4; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

184 Spectre (variant 1) index = 4; char* data = "textkey"; if (index < 4) Speculate th els en e Prediction LUT[data[index] * 4096] 30 0 Michael Schwarz (@misc0110)

185 Spectre (variant 1) index = 4; char* data = "textkey"; if (index < 4) Execute th els en e Prediction LUT[data[index] * 4096] 30 0 Michael Schwarz (@misc0110)

186 Spectre (variant 1) index = 5; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

187 Spectre (variant 1) index = 5; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

188 Spectre (variant 1) index = 5; char* data = "textkey"; if (index < 4) Speculate th els en e Prediction LUT[data[index] * 4096] 30 0 Michael Schwarz (@misc0110)

189 Spectre (variant 1) index = 5; char* data = "textkey"; if (index < 4) Execute th els en e Prediction LUT[data[index] * 4096] 30 0 Michael Schwarz (@misc0110)

190 Spectre (variant 1) index = 6; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

191 Spectre (variant 1) index = 6; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 30 Michael Schwarz (@misc0110)

192 Spectre (variant 1) index = 6; char* data = "textkey"; if (index < 4) Speculate th els en e Prediction LUT[data[index] * 4096] 30 0 Michael Schwarz (@misc0110)

193 Spectre (variant 1) index = 6; char* data = "textkey"; if (index < 4) Execute th els en e Prediction LUT[data[index] * 4096] 30 0 Michael Schwarz (@misc0110)

194 Spectre (variant 2) Animal* a = bird; a->move() fly() swim() swim() Prediction LUT[data[index] * 4096] 0 31 Michael Schwarz (@misc0110)

195 Spectre (variant 2) Animal* a = bird; a->move() () swim() fly sw Speculate im () Prediction LUT[data[index] * 4096] 31 0 Michael Schwarz (@misc0110)

196 Spectre (variant 2) Animal* a = bird; a->move() fly() swim() swim() Prediction LUT[data[index] * 4096] 0 31 Michael Schwarz (@misc0110)

197 Spectre (variant 2) Animal* a = bird; a->move() Execute () fly swim() sw im () Prediction LUT[data[index] * 4096] 31 0 Michael Schwarz (@misc0110)

198 Spectre (variant 2) Animal* a = bird; a->move() fly() fly() swim() Prediction LUT[data[index] * 4096] 0 31 Michael Schwarz (@misc0110)

199 Spectre (variant 2) Animal* a = bird; a->move() Speculate () fly fly() sw im () Prediction LUT[data[index] * 4096] 31 0 Michael Schwarz (@misc0110)

200 Spectre (variant 2) Animal* a = bird; a->move() fly() fly() swim() Prediction LUT[data[index] * 4096] 0 31 Michael Schwarz (@misc0110)

201 Spectre (variant 2) Animal* a = fish; a->move() fly() fly() swim() Prediction LUT[data[index] * 4096] 0 31 Michael Schwarz (@misc0110)

202 Spectre (variant 2) Animal* a = fish; a->move() Speculate ) ( fly fly() sw im () Prediction LUT[data[index] * 4096] 31 0 Michael Schwarz (@misc0110)

203 Spectre (variant 2) Animal* a = fish; a->move() fly() fly() swim() Prediction LUT[data[index] * 4096] 0 31 Michael Schwarz (@misc0110)

204 Spectre (variant 2) Animal* a = fish; a->move() () fly() fly Execute sw im () Prediction LUT[data[index] * 4096] 31 0 Michael Schwarz (@misc0110)

205 Spectre (variant 2) Animal* a = fish; a->move() fly() swim() swim() Prediction LUT[data[index] * 4096] 0 31 Michael Schwarz (@misc0110)

206 Spectre Read own memory (e.g., sandbox escape) 32 Michael Schwarz

207 Spectre Read own memory (e.g., sandbox escape) Convince other programs to reveal their secrets 32 Michael Schwarz

208 Spectre Read own memory (e.g., sandbox escape) Convince other programs to reveal their secrets Again, a cache attack (Flush+Reload) is used to read the secret 32 Michael Schwarz (@misc0110)

209 Spectre Read own memory (e.g., sandbox escape) Convince other programs to reveal their secrets Again, a cache attack (Flush+Reload) is used to read the secret Much harder to fix, KAISER does not help 32 Michael Schwarz (@misc0110)

210 Spectre Read own memory (e.g., sandbox escape) Convince other programs to reveal their secrets Again, a cache attack (Flush+Reload) is used to read the secret Much harder to fix, KAISER does not help Ongoing effort to patch via microcode update and compiler extensions 32 Michael Schwarz (@misc0110)

211 Spectre Trivial approach: disable speculative execution 33 Michael Schwarz

212 Spectre Trivial approach: disable speculative execution No wrong speculation if there is no speculation 33 Michael Schwarz

213 Spectre Trivial approach: disable speculative execution No wrong speculation if there is no speculation Problem: massive performance hit! 33 Michael Schwarz

214 Spectre Trivial approach: disable speculative execution No wrong speculation if there is no speculation Problem: massive performance hit! Also: How to disable it? 33 Michael Schwarz

215 Spectre Trivial approach: disable speculative execution No wrong speculation if there is no speculation Problem: massive performance hit! Also: How to disable it? Speculative execution is deeply integrated into CPU 33 Michael Schwarz

216 Spectre Variant 1 Mitigations 34 Michael Schwarz (@misc0110)

217 Spectre Variant 1 Mitigations Workaround: insert instructions stopping speculation 34 Michael Schwarz (@misc0110)

218 Spectre Variant 1 Mitigations Workaround: insert instructions stopping speculation insert after every bounds check 34 Michael Schwarz (@misc0110)

219 Spectre Variant 1 Mitigations Workaround: insert instructions stopping speculation insert after every bounds check x86: LFENCE, ARM: CSDB 34 Michael Schwarz (@misc0110)

220 Spectre Variant 1 Mitigations Workaround: insert instructions stopping speculation insert after every bounds check x86: LFENCE, ARM: CSDB Available on all Intel CPUs, retrofitted to existing ARMv7 and ARMv8 34 Michael Schwarz (@misc0110)

221 Spectre Variant 1 Mitigations 35 Michael Schwarz (@misc0110)

222 Spectre Variant 1 Mitigations Speculation barrier requires compiler supported 35 Michael Schwarz (@misc0110)

223 Spectre Variant 1 Mitigations Speculation barrier requires compiler supported Already implemented in GCC, LLVM, and MSVC 35 Michael Schwarz (@misc0110)

224 Spectre Variant 1 Mitigations Speculation barrier requires compiler supported Already implemented in GCC, LLVM, and MSVC Can be automated (MSVC) not really reliable 35 Michael Schwarz (@misc0110)

225 Spectre Variant 1 Mitigations Speculation barrier requires compiler supported Already implemented in GCC, LLVM, and MSVC Can be automated (MSVC) not really reliable Explicit use by programmer: builtin load no speculate 35 Michael Schwarz (@misc0110)

226 Spectre Variant 1 Mitigations 36 Michael Schwarz (@misc0110)

227 Spectre Variant 1 Mitigations 36 Michael Schwarz (@misc0110)

228 Spectre Variant 1 Mitigations 37 Michael Schwarz (@misc0110)

229 Spectre Variant 1 Mitigations Speculation barrier works if affected code constructs are known 37 Michael Schwarz (@misc0110)

230 Spectre Variant 1 Mitigations Speculation barrier works if affected code constructs are known Programmer has to fully understand vulnerability 37 Michael Schwarz (@misc0110)

231 Spectre Variant 1 Mitigations Speculation barrier works if affected code constructs are known Programmer has to fully understand vulnerability Automatic detection is not reliable 37 Michael Schwarz (@misc0110)

232 Spectre Variant 1 Mitigations Speculation barrier works if affected code constructs are known Programmer has to fully understand vulnerability Automatic detection is not reliable Non-negligible performance overhead of barriers 37 Michael Schwarz (@misc0110)

233 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): 38 Michael Schwarz (@misc0110)

234 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): Do not speculate based on anything before entering IBRS mode 38 Michael Schwarz (@misc0110)

235 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): Do not speculate based on anything before entering IBRS mode lesser privileged code cannot influence predictions 38 Michael Schwarz (@misc0110)

236 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): Do not speculate based on anything before entering IBRS mode lesser privileged code cannot influence predictions Indirect Branch Predictor Barrier (IBPB): 38 Michael Schwarz (@misc0110)

237 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): Do not speculate based on anything before entering IBRS mode lesser privileged code cannot influence predictions Indirect Branch Predictor Barrier (IBPB): Flush branch-target buffer 38 Michael Schwarz (@misc0110)

238 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): Do not speculate based on anything before entering IBRS mode lesser privileged code cannot influence predictions Indirect Branch Predictor Barrier (IBPB): Flush branch-target buffer Single Thread Indirect Branch Predictors (STIBP): 38 Michael Schwarz (@misc0110)

239 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): Do not speculate based on anything before entering IBRS mode lesser privileged code cannot influence predictions Indirect Branch Predictor Barrier (IBPB): Flush branch-target buffer Single Thread Indirect Branch Predictors (STIBP): Isolates branch prediction state between two hyperthreads 38 Michael Schwarz (@misc0110)

240 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) 39 Michael Schwarz (@misc0110)

241 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) push <call_target> call 1f 2: ; speculation will continue here lfence ; speculation barrier jmp 2b ; endless loop 1: lea 8(%rsp), %rsp ; restore stack pointer ret ; the actual call to <call_target> always predict to enter an endless loop 39 Michael Schwarz (@misc0110)

242 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) push <call_target> call 1f 2: ; speculation will continue here lfence ; speculation barrier jmp 2b ; endless loop 1: lea 8(%rsp), %rsp ; restore stack pointer ret ; the actual call to <call_target> always predict to enter an endless loop instead of the correct (or wrong) target function 39 Michael Schwarz (@misc0110)

243 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) push <call_target> call 1f 2: ; speculation will continue here lfence ; speculation barrier jmp 2b ; endless loop 1: lea 8(%rsp), %rsp ; restore stack pointer ret ; the actual call to <call_target> always predict to enter an endless loop instead of the correct (or wrong) target function performance? 39 Michael Schwarz (@misc0110)

244 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) push <call_target> call 1f 2: ; speculation will continue here lfence ; speculation barrier jmp 2b ; endless loop 1: lea 8(%rsp), %rsp ; restore stack pointer ret ; the actual call to <call_target> always predict to enter an endless loop instead of the correct (or wrong) target function performance? On Broadwell or newer: 39 Michael Schwarz (@misc0110)

245 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) push <call_target> call 1f 2: ; speculation will continue here lfence ; speculation barrier jmp 2b ; endless loop 1: lea 8(%rsp), %rsp ; restore stack pointer ret ; the actual call to <call_target> always predict to enter an endless loop instead of the correct (or wrong) target function performance? On Broadwell or newer: ret may fall-back to the BTB for prediction 39 Michael Schwarz (@misc0110)

246 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) push <call_target> call 1f 2: ; speculation will continue here lfence ; speculation barrier jmp 2b ; endless loop 1: lea 8(%rsp), %rsp ; restore stack pointer ret ; the actual call to <call_target> always predict to enter an endless loop instead of the correct (or wrong) target function performance? On Broadwell or newer: ret may fall-back to the BTB for prediction microcode patches to prevent that 39 Michael Schwarz (@misc0110)

247 Spectre Variant 2 Mitigations (Software) ARM provides hardened Linux kernel 40 Michael Schwarz (@misc0110)

248 Spectre Variant 2 Mitigations (Software) ARM provides hardened Linux kernel Clears branch-predictor state on context switch 40 Michael Schwarz (@misc0110)

249 Spectre Variant 2 Mitigations (Software) ARM provides hardened Linux kernel Clears branch-predictor state on context switch Either via instruction (BPIALL) Michael Schwarz (@misc0110)

250 Spectre Variant 2 Mitigations (Software) ARM provides hardened Linux kernel Clears branch-predictor state on context switch Either via instruction (BPIALL)......or workaround (disable/enable MMU) 40 Michael Schwarz (@misc0110)

251 Spectre Variant 2 Mitigations (Software) ARM provides hardened Linux kernel Clears branch-predictor state on context switch Either via instruction (BPIALL)......or workaround (disable/enable MMU) Non-negligible performance overhead ( ns) 40 Michael Schwarz (@misc0110)

252 What does not work Prevent access to high-resolution timer 41 Michael Schwarz

253 What does not work Prevent access to high-resolution timer Own timer using timing thread 41 Michael Schwarz

254 What does not work Prevent access to high-resolution timer Own timer using timing thread Flush instruction only privileged 41 Michael Schwarz

255 What does not work Prevent access to high-resolution timer Own timer using timing thread Flush instruction only privileged Cache eviction through memory accesses 41 Michael Schwarz

256 What does not work Prevent access to high-resolution timer Own timer using timing thread Flush instruction only privileged Cache eviction through memory accesses Just move secrets into secure world 41 Michael Schwarz

257 What does not work Prevent access to high-resolution timer Own timer using timing thread Flush instruction only privileged Cache eviction through memory accesses Just move secrets into secure world Spectre works on secure enclaves 41 Michael Schwarz

258 What do we learn from it? We have ignored software side-channels for many many years: 42 Michael Schwarz

259 What do we learn from it? We have ignored software side-channels for many many years: attacks on crypto 42 Michael Schwarz

260 What do we learn from it? We have ignored software side-channels for many many years: attacks on crypto software should be fixed 42 Michael Schwarz

261 What do we learn from it? We have ignored software side-channels for many many years: attacks on crypto software should be fixed attacks on ASLR 42 Michael Schwarz

262 What do we learn from it? We have ignored software side-channels for many many years: attacks on crypto software should be fixed attacks on ASLR ASLR is broken anyway 42 Michael Schwarz

263 What do we learn from it? We have ignored software side-channels for many many years: attacks on crypto software should be fixed attacks on ASLR ASLR is broken anyway attacks on SGX and TrustZone 42 Michael Schwarz

264 What do we learn from it? We have ignored software side-channels for many many years: attacks on crypto software should be fixed attacks on ASLR ASLR is broken anyway attacks on SGX and TrustZone not part of the threat model 42 Michael Schwarz

265 What do we learn from it? We have ignored software side-channels for many many years: attacks on crypto software should be fixed attacks on ASLR ASLR is broken anyway attacks on SGX and TrustZone not part of the threat model for years we solely optimized for performance 42 Michael Schwarz

266 When you read the Intel manuals... After learning about a side channel you realize: 43 Michael Schwarz (@misc0110)

267 When you read the Intel manuals... After learning about a side channel you realize: the side channels were documented in the Intel manual 43 Michael Schwarz (@misc0110)

268 When you read the Intel manuals... After learning about a side channel you realize: the side channels were documented in the Intel manual only now we understand the implications 43 Michael Schwarz (@misc0110)

269 What do we learn from it? Motor Vehicle Deaths in U.S. by Year 44 Michael Schwarz

270 A unique chance A unique chance to rethink processor design grow up, like other fields (car industry, construction industry) find good trade-offs between security and performance 45 Michael Schwarz (@misc0110)

271 Conclusion Underestimated microarchitectural attacks for a long time Basic techniques were there for years Industry and customers must embrace security mechanisms Run through the same development (for security) as the automobile industry (for safety) It should not be performance first, but security first 46 Michael Schwarz (@misc0110)

272 Fact or Fiction?

273 Fact or Fiction? FAc tt

274 Any Questions?

275

Similar documents

Timeline of a Vulnerability

Timeline of a Vulnerability Timeline of a Vulnerability Is this all a conspiracy? Vulnerability existed for many years 1 Daniel Gruss, Moritz Lipp, Michael Schwarz www.iaik.tugraz.at Timeline of a Vulnerability Is this all a conspiracy?

More information

Administrivia. Course Objectives. Overview. Lecture Notes Week markem/cs333/ 2. Staff. 3. Prerequisites. 4. Grading. 1. Theory and application

Administrivia. Course Objectives. Overview. Lecture Notes Week markem/cs333/ 2. Staff. 3. Prerequisites. 4. Grading. 1. Theory and application Administrivia 1. markem/cs333/ 2. Staff 3. Prerequisites 4. Grading Course Objectives 1. Theory and application 2. Benefits 3. Labs TAs Overview 1. What is a computer system? CPU PC ALU System bus Memory

More information

Effective Entropy for Memory Randomization Defenses

Effective Entropy for Memory Randomization Defenses Effective Entropy for Memory Randomization Defenses William Herlands, Thomas Hobson, Paula Donovan 7 th Workshop on Cyber Security Experimentation and Test 18 August 2014 This work is sponsored by Assistant

More information

Computer Architecture

Computer Architecture Computer Architecture QtSpim, a Mips simulator S. Coudert and R. Pacalet January 4, 2018..................... Memory Mapping 0xFFFF000C 0xFFFF0008 0xFFFF0004 0xffff0000 0x90000000 0x80000000 0x7ffff4d4

More information

ECEN 651: Microprogrammed Control of Digital Systems Department of Electrical and Computer Engineering Texas A&M University

ECEN 651: Microprogrammed Control of Digital Systems Department of Electrical and Computer Engineering Texas A&M University ECEN 651: Microprogrammed Control of Digital Systems Department of Electrical and Computer Engineering Texas A&M University Prof. Mi Lu TA: Ehsan Rohani Laboratory Exercise #4 MIPS Assembly and Simulation

More information

ICS 233 Computer Architecture & Assembly Language

ICS 233 Computer Architecture & Assembly Language ICS 233 Computer Architecture & Assembly Language Assignment 6 Solution 1. Identify all of the RAW data dependencies in the following code. Which dependencies are data hazards that will be resolved by

More information

Go Tutorial. Ian Lance Taylor. Introduction. Why? Language. Go Tutorial. Ian Lance Taylor. GCC Summit, October 27, 2010

Go Tutorial. Ian Lance Taylor. Introduction. Why? Language. Go Tutorial. Ian Lance Taylor. GCC Summit, October 27, 2010 GCC Summit, October 27, 2010 Go Go is a new experimental general purpose programming language. Main developers are: Russ Cox Robert Griesemer Rob Pike Ken Thompson It was released as free software in November

More information

Issue = Select + Wakeup. Out-of-order Pipeline. Issue. Issue = Select + Wakeup. OOO execution (2-wide) OOO execution (2-wide)

Issue = Select + Wakeup. Out-of-order Pipeline. Issue. Issue = Select + Wakeup. OOO execution (2-wide) OOO execution (2-wide) Out-of-order Pipeline Buffer of instructions Issue = Select + Wakeup Select N oldest, read instructions N=, xor N=, xor and sub Note: ma have execution resource constraints: i.e., load/store/fp Fetch Decode

More information

Efficient Application of Countermeasures for Elliptic Curve Cryptography

Efficient Application of Countermeasures for Elliptic Curve Cryptography Efficient Application of Countermeasures for Elliptic Curve Cryptography Vladimir Soukharev, Ph.D. Basil Hess, Ph.D. InfoSec Global Inc. May 19, 2017 Outline Introduction Brief Summary of ECC Arithmetic

More information

Impact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers

Impact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers Impact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers Goutam Paul and Shashwat Raizada Jadavpur University, Kolkata and Indian Statistical Institute,

More information

INF2270 Spring Philipp Häfliger. Lecture 8: Superscalar CPUs, Course Summary/Repetition (1/2)

INF2270 Spring Philipp Häfliger. Lecture 8: Superscalar CPUs, Course Summary/Repetition (1/2) INF2270 Spring 2010 Philipp Häfliger Summary/Repetition (1/2) content From Scalar to Superscalar Lecture Summary and Brief Repetition Binary numbers Boolean Algebra Combinational Logic Circuits Encoder/Decoder

More information

Comp 11 Lectures. Mike Shah. July 26, Tufts University. Mike Shah (Tufts University) Comp 11 Lectures July 26, / 40

Comp 11 Lectures. Mike Shah. July 26, Tufts University. Mike Shah (Tufts University) Comp 11 Lectures July 26, / 40 Comp 11 Lectures Mike Shah Tufts University July 26, 2017 Mike Shah (Tufts University) Comp 11 Lectures July 26, 2017 1 / 40 Please do not distribute or host these slides without prior permission. Mike

More information

CS 700: Quantitative Methods & Experimental Design in Computer Science

CS 700: Quantitative Methods & Experimental Design in Computer Science CS 700: Quantitative Methods & Experimental Design in Computer Science Sanjeev Setia Dept of Computer Science George Mason University Logistics Grade: 35% project, 25% Homework assignments 20% midterm,

More information

Worst-Case Execution Time Analysis. LS 12, TU Dortmund

Worst-Case Execution Time Analysis. LS 12, TU Dortmund Worst-Case Execution Time Analysis Prof. Dr. Jian-Jia Chen LS 12, TU Dortmund 09/10, Jan., 2018 Prof. Dr. Jian-Jia Chen (LS 12, TU Dortmund) 1 / 43 Most Essential Assumptions for Real-Time Systems Upper

More information

Worst-Case Execution Time Analysis. LS 12, TU Dortmund

Worst-Case Execution Time Analysis. LS 12, TU Dortmund Worst-Case Execution Time Analysis Prof. Dr. Jian-Jia Chen LS 12, TU Dortmund 02, 03 May 2016 Prof. Dr. Jian-Jia Chen (LS 12, TU Dortmund) 1 / 53 Most Essential Assumptions for Real-Time Systems Upper

More information

NCU EE -- DSP VLSI Design. Tsung-Han Tsai 1

NCU EE -- DSP VLSI Design. Tsung-Han Tsai 1 NCU EE -- DSP VLSI Design. Tsung-Han Tsai 1 Multi-processor vs. Multi-computer architecture µp vs. DSP RISC vs. DSP RISC Reduced-instruction-set Register-to-register operation Higher throughput by using

More information

CSE. 1. In following code. addi. r1, skip1 xor in r2. r3, skip2. counter r4, top. taken): PC1: PC2: PC3: TTTTTT TTTTTT

CSE. 1. In following code. addi. r1, skip1 xor in r2. r3, skip2. counter r4, top. taken): PC1: PC2: PC3: TTTTTT TTTTTT CSE 560 Practice Problem Set 4 Solution 1. In this question, you will examine several different schemes for branch prediction, using the following code sequence for a simple load store ISA with no branch

More information

Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur

Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur March 19, 2018 Modular Exponentiation Public key Cryptography March 19, 2018 Branch Prediction Attacks 2 / 54 Modular Exponentiation

More information

Simple Instruction-Pipelining (cont.) Pipelining Jumps

Simple Instruction-Pipelining (cont.) Pipelining Jumps 6.823, L9--1 Simple ruction-pipelining (cont.) + Interrupts Updated March 6, 2000 Laboratory for Computer Science M.I.T. http://www.csg.lcs.mit.edu/6.823 Src1 ( j / ~j ) Src2 ( / Ind) Pipelining Jumps

More information

CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis. Ruth Anderson Winter 2019

CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis. Ruth Anderson Winter 2019 CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis Ruth Anderson Winter 2019 Today Algorithm Analysis What do we care about? How to compare two algorithms Analyzing Code Asymptotic Analysis

More information

Measurement & Performance

Measurement & Performance Measurement & Performance Timers Performance measures Time-based metrics Rate-based metrics Benchmarking Amdahl s law Topics 2 Page The Nature of Time real (i.e. wall clock) time = User Time: time spent

More information

Operating Systems. VII. Synchronization

Operating Systems. VII. Synchronization Operating Systems VII. Synchronization Ludovic Apvrille ludovic.apvrille@telecom-paristech.fr Eurecom, office 470 http://soc.eurecom.fr/os/ @OS Eurecom Outline Synchronization issues 2/22 Fall 2017 Institut

More information

Measurement & Performance

Measurement & Performance Measurement & Performance Topics Timers Performance measures Time-based metrics Rate-based metrics Benchmarking Amdahl s law 2 The Nature of Time real (i.e. wall clock) time = User Time: time spent executing

More information

Lecture 16 More Profiling: gperftools, systemwide tools: oprofile, perf, DTrace, etc.

Lecture 16 More Profiling: gperftools, systemwide tools: oprofile, perf, DTrace, etc. Lecture 16 More Profiling: gperftools, systemwide tools: oprofile, perf, DTrace, etc. ECE 459: Programming for Performance March 6, 2014 Part I gperftools 2 / 49 Introduction to gperftools Google Performance

More information

Unit 6: Branch Prediction

Unit 6: Branch Prediction CIS 501: Computer Architecture Unit 6: Branch Prediction Slides developed by Joe Devie/, Milo Mar4n & Amir Roth at Upenn with sources that included University of Wisconsin slides by Mark Hill, Guri Sohi,

More information

St art. rp m. Km /h 1: : : : : : : : : : : : :5 2.5.

St art. rp m. Km /h 1: : : : : : : : : : : : :5 2.5. modified 22/05/14 t 3:5 2.5 3:5 5.0 3:5 7.5 4:0 0.0 4:0 2.5 4:0 5.0 4:0 7.5 4:1 0.0 4:1 2.5 4:1 5.0 4:1 7.5 4:2 0.0 Km /h 0 25 50 75 100 125 150 175 200 225 rp m 0 250 0 500 0 750 0 100 00 125 00 1 2 3

More information

Performance Metrics for Computer Systems. CASS 2018 Lavanya Ramapantulu

Performance Metrics for Computer Systems. CASS 2018 Lavanya Ramapantulu Performance Metrics for Computer Systems CASS 2018 Lavanya Ramapantulu Eight Great Ideas in Computer Architecture Design for Moore s Law Use abstraction to simplify design Make the common case fast Performance

More information

Accelerating Decoupled Look-ahead to Exploit Implicit Parallelism

Accelerating Decoupled Look-ahead to Exploit Implicit Parallelism Accelerating Decoupled Look-ahead to Exploit Implicit Parallelism Raj Parihar Advisor: Prof. Michael C. Huang March 22, 2013 Raj Parihar Accelerating Decoupled Look-ahead to Exploit Implicit Parallelism

More information

Cyrus: Unintrusive Application-Level Record-Replay for Replay Parallelism

Cyrus: Unintrusive Application-Level Record-Replay for Replay Parallelism Cyrus: Unintrusive Application-Level Record-Replay for Replay Parallelism Nima Honarmand, Nathan Dautenhahn, Josep Torrellas and Samuel T. King (UIUC) Gilles Pokam and Cristiano Pereira (Intel) iacoma.cs.uiuc.edu

More information

E23: Hotel Management System Wen Yunlu Hu Xing Chen Ke Tang Haoyuan Module: EEE 101

E23: Hotel Management System Wen Yunlu Hu Xing Chen Ke Tang Haoyuan Module: EEE 101 E23: Hotel Management System Author: 1302509 Zhao Ruimin 1301478 Wen Yunlu 1302575 Hu Xing 1301911 Chen Ke 1302599 Tang Haoyuan Module: EEE 101 Lecturer: Date: Dr.Lin December/22/2014 Contents Contents

More information

CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis. Ruth Anderson Winter 2018

CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis. Ruth Anderson Winter 2018 CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis Ruth Anderson Winter 2018 Today Algorithm Analysis What do we care about? How to compare two algorithms Analyzing Code Asymptotic Analysis

More information

Sliding right into disaster - Left-to-right sliding windows leak

Sliding right into disaster - Left-to-right sliding windows leak Sliding right into disaster - Left-to-right sliding windows leak Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and

More information

Random Number Generation Is Getting Harder It s Time to Pay Attention

Random Number Generation Is Getting Harder It s Time to Pay Attention SESSION ID: PDAC-F03 Random Number Generation Is Getting Harder It s Time to Pay Attention Richard Moulds General Manager Whitewood Richard Hughes Laboratory Fellow (Retired) Los Alamos National Laboratory

More information

vsyscall and vdso Adrien «schischi» Schildknecht vsyscall and vdso March 17, 2014

vsyscall and vdso Adrien «schischi» Schildknecht vsyscall and vdso March 17, 2014 March 17, 2014 Section 1 Introduction Goal In computing, a system call is how a program requests a service from an operating system s kernel. This may include hardware related services (e.g. accessing

More information

CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis. Ruth Anderson Winter 2018

CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis. Ruth Anderson Winter 2018 CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis Ruth Anderson Winter 2018 Today Algorithm Analysis What do we care about? How to compare two algorithms Analyzing Code Asymptotic Analysis

More information

Possible Prelab Questions.

Possible Prelab Questions. Possible Prelab Questions. Read Lab 2. Study the Analysis section to make sure you have a firm grasp of what is required for this lab. 1) A car is travelling with constant acceleration along a straight

More information

Computer Algorithms CISC4080 CIS, Fordham Univ. Outline. Last class. Instructor: X. Zhang Lecture 2

Computer Algorithms CISC4080 CIS, Fordham Univ. Outline. Last class. Instructor: X. Zhang Lecture 2 Computer Algorithms CISC4080 CIS, Fordham Univ. Instructor: X. Zhang Lecture 2 Outline Introduction to algorithm analysis: fibonacci seq calculation counting number of computer steps recursive formula

More information

Computer Algorithms CISC4080 CIS, Fordham Univ. Instructor: X. Zhang Lecture 2

Computer Algorithms CISC4080 CIS, Fordham Univ. Instructor: X. Zhang Lecture 2 Computer Algorithms CISC4080 CIS, Fordham Univ. Instructor: X. Zhang Lecture 2 Outline Introduction to algorithm analysis: fibonacci seq calculation counting number of computer steps recursive formula

More information

Formal Verification of Mathematical Algorithms

Formal Verification of Mathematical Algorithms Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing

More information

Portland State University ECE 587/687. Branch Prediction

Portland State University ECE 587/687. Branch Prediction Portland State University ECE 587/687 Branch Prediction Copyright by Alaa Alameldeen and Haitham Akkary 2015 Branch Penalty Example: Comparing perfect branch prediction to 90%, 95%, 99% prediction accuracy,

More information

NICTA Advanced Course. Theorem Proving Principles, Techniques, Applications. Gerwin Klein Formal Methods

NICTA Advanced Course. Theorem Proving Principles, Techniques, Applications. Gerwin Klein Formal Methods NICTA Advanced Course Theorem Proving Principles, Techniques, Applications Gerwin Klein Formal Methods 1 ORGANISATORIALS When Mon 14:00 15:30 Wed 10:30 12:00 7 weeks ends Mon, 20.9.2004 Exceptions Mon

More information

NEC PerforCache. Influence on M-Series Disk Array Behavior and Performance. Version 1.0

NEC PerforCache. Influence on M-Series Disk Array Behavior and Performance. Version 1.0 NEC PerforCache Influence on M-Series Disk Array Behavior and Performance. Version 1.0 Preface This document describes L2 (Level 2) Cache Technology which is a feature of NEC M-Series Disk Array implemented

More information

System Data Bus (8-bit) Data Buffer. Internal Data Bus (8-bit) 8-bit register (R) 3-bit address 16-bit register pair (P) 2-bit address

System Data Bus (8-bit) Data Buffer. Internal Data Bus (8-bit) 8-bit register (R) 3-bit address 16-bit register pair (P) 2-bit address Intel 8080 CPU block diagram 8 System Data Bus (8-bit) Data Buffer Registry Array B 8 C Internal Data Bus (8-bit) F D E H L ALU SP A PC Address Buffer 16 System Address Bus (16-bit) Internal register addressing:

More information

ECE 571 Advanced Microprocessor-Based Design Lecture 9

ECE 571 Advanced Microprocessor-Based Design Lecture 9 ECE 571 Advanced Microprocessor-Based Design Lecture 9 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 20 February 2018 Announcements HW#4 was posted. About branch predictors Don

More information

DETERMINING THE VARIABLE QUANTUM TIME (VQT) IN ROUND ROBIN AND IT S IMPORTANCE OVER AVERAGE QUANTUM TIME METHOD

DETERMINING THE VARIABLE QUANTUM TIME (VQT) IN ROUND ROBIN AND IT S IMPORTANCE OVER AVERAGE QUANTUM TIME METHOD D DETERMINING THE VARIABLE QUANTUM TIME (VQT) IN ROUND ROBIN AND IT S IMPORTANCE OVER AVERAGE QUANTUM TIME METHOD Yashasvini Sharma 1 Abstract The process scheduling, is one of the most important tasks

More information

Che-Wei Chang Department of Computer Science and Information Engineering, Chang Gung University

Che-Wei Chang Department of Computer Science and Information Engineering, Chang Gung University Che-Wei Chang chewei@mail.cgu.edu.tw Department of Computer Science and Information Engineering, Chang Gung University } 2017/11/15 Midterm } 2017/11/22 Final Project Announcement 2 1. Introduction 2.

More information

RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer

RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer Mathematical Attacks Input Crypto Algorithm Key Output Goal: recover the key given access to the inputs

More information

Searching, mainly via Hash tables

Searching, mainly via Hash tables Data structures and algorithms Part 11 Searching, mainly via Hash tables Petr Felkel 26.1.2007 Topics Searching Hashing Hash function Resolving collisions Hashing with chaining Open addressing Linear Probing

More information

Cache-Oblivious Algorithms

Cache-Oblivious Algorithms Cache-Oblivious Algorithms 1 Cache-Oblivious Model 2 The Unknown Machine Algorithm C program gcc Object code linux Execution Can be executed on machines with a specific class of CPUs Algorithm Java program

More information

Static Program Analysis

Static Program Analysis Static Program Analysis Xiangyu Zhang The slides are compiled from Alex Aiken s Michael D. Ernst s Sorin Lerner s A Scary Outline Type-based analysis Data-flow analysis Abstract interpretation Theorem

More information

Cache-Oblivious Algorithms

Cache-Oblivious Algorithms Cache-Oblivious Algorithms 1 Cache-Oblivious Model 2 The Unknown Machine Algorithm C program gcc Object code linux Execution Can be executed on machines with a specific class of CPUs Algorithm Java program

More information

MICROPROCESSOR REPORT. THE INSIDER S GUIDE TO MICROPROCESSOR HARDWARE

MICROPROCESSOR REPORT. THE INSIDER S GUIDE TO MICROPROCESSOR HARDWARE MICROPROCESSOR www.mpronline.com REPORT THE INSIDER S GUIDE TO MICROPROCESSOR HARDWARE ENERGY COROLLARIES TO AMDAHL S LAW Analyzing the Interactions Between Parallel Execution and Energy Consumption By

More information

Safety and Liveness. Thread Synchronization: Too Much Milk. Critical Sections. A Really Cool Theorem

Safety and Liveness. Thread Synchronization: Too Much Milk. Critical Sections. A Really Cool Theorem Safety and Liveness Properties defined over an execution of a program Thread Synchronization: Too Much Milk Safety: nothing bad happens holds in every finite execution prefix Windows never crashes No patient

More information

This ensures that we walk downhill. For fixed λ not even this may be the case.

This ensures that we walk downhill. For fixed λ not even this may be the case. Gradient Descent Objective Function Some differentiable function f : R n R. Gradient Descent Start with some x 0, i = 0 and learning rate λ repeat x i+1 = x i λ f(x i ) until f(x i+1 ) ɛ Line Search Variant

More information

The conceptual view. by Gerrit Muller University of Southeast Norway-NISE

The conceptual view. by Gerrit Muller University of Southeast Norway-NISE by Gerrit Muller University of Southeast Norway-NISE e-mail: gaudisite@gmail.com www.gaudisite.nl Abstract The purpose of the conceptual view is described. A number of methods or models is given to use

More information

McBits: Fast code-based cryptography

McBits: Fast code-based cryptography McBits: Fast code-based cryptography Peter Schwabe Radboud University Nijmegen, The Netherlands Joint work with Daniel Bernstein, Tung Chou December 17, 2013 IMA International Conference on Cryptography

More information

Pwning ARM Debug Components for Sec-Related Stuff (HardBlare project)

Pwning ARM Debug Components for Sec-Related Stuff (HardBlare project) Pwning ARM Debug Components for Sec-Related Stuff (HardBlare project) HITB COMMSEC Muhammad Abdul WAHAB, Pascal COTRET April 14, 2017 CentraleSupélec Who am I? 2 nd year PhD Student at CentraleSuplec E-mail:

More information

Physics 100. Today. Finish Chapter 5: Newton s 3 rd Law. Chapter 6: Momentum

Physics 100. Today. Finish Chapter 5: Newton s 3 rd Law. Chapter 6: Momentum Physics 100 Today Finish Chapter 5: Newton s 3 rd Law Chapter 6: Momentum Momentum = inertia in motion Specifically, momentum = mass x velocity = m v Eg. Just as a truck and a roller skate have different

More information

High Performance Computing

High Performance Computing Master Degree Program in Computer Science and Networking, 2014-15 High Performance Computing 2 nd appello February 11, 2015 Write your name, surname, student identification number (numero di matricola),

More information

BOFH meets SystemTap: rootkits made trivial

BOFH meets SystemTap: rootkits made trivial BOFH meets SystemTap: rootkits made trivial Adrien Kunysz adrien@kunysz.be FOSDEM, Brussels, Belgium 5 February 2011 Who is Adrien Kunysz? Krunch on Freenode I like to look at core files, to read code,

More information

Speculative Parallelism in Cilk++

Speculative Parallelism in Cilk++ Speculative Parallelism in Cilk++ Ruben Perez & Gregory Malecha MIT May 11, 2010 Ruben Perez & Gregory Malecha (MIT) Speculative Parallelism in Cilk++ May 11, 2010 1 / 33 Parallelizing Embarrassingly Parallel

More information

CMP N 301 Computer Architecture. Appendix C

CMP N 301 Computer Architecture. Appendix C CMP N 301 Computer Architecture Appendix C Outline Introduction Pipelining Hazards Pipelining Implementation Exception Handling Advanced Issues (Dynamic Scheduling, Out of order Issue, Superscalar, etc)

More information

B629 project - StreamIt MPI Backend. Nilesh Mahajan

B629 project - StreamIt MPI Backend. Nilesh Mahajan B629 project - StreamIt MPI Backend Nilesh Mahajan March 26, 2013 Abstract StreamIt is a language based on the dataflow model of computation. StreamIt consists of computation units called filters connected

More information

TDDI04, K. Arvidsson, IDA, Linköpings universitet CPU Scheduling. Overview: CPU Scheduling. [SGG7] Chapter 5. Basic Concepts.

TDDI04, K. Arvidsson, IDA, Linköpings universitet CPU Scheduling. Overview: CPU Scheduling. [SGG7] Chapter 5. Basic Concepts. TDDI4 Concurrent Programming, Operating Systems, and Real-time Operating Systems CPU Scheduling Overview: CPU Scheduling CPU bursts and I/O bursts Scheduling Criteria Scheduling Algorithms Multiprocessor

More information

Cosmic Ray Detector Software

Cosmic Ray Detector Software Cosmic Ray Detector Software Studying cosmic rays has never been easier Matthew Jones Purdue University 2012 QuarkNet Summer Workshop 1 Brief History First cosmic ray detector built at Purdue in about

More information

CIS 371 Computer Organization and Design

CIS 371 Computer Organization and Design CIS 371 Computer Organization and Design Unit 13: Power & Energy Slides developed by Milo Mar0n & Amir Roth at the University of Pennsylvania with sources that included University of Wisconsin slides by

More information

WRF performance tuning for the Intel Woodcrest Processor

WRF performance tuning for the Intel Woodcrest Processor WRF performance tuning for the Intel Woodcrest Processor A. Semenov, T. Kashevarova, P. Mankevich, D. Shkurko, K. Arturov, N. Panov Intel Corp., pr. ak. Lavrentieva 6/1, Novosibirsk, Russia, 630090 {alexander.l.semenov,tamara.p.kashevarova,pavel.v.mankevich,

More information

MAHAPATRA218FALL12 ( MPMAHAPATRA218FALL12 )

MAHAPATRA218FALL12 ( MPMAHAPATRA218FALL12 ) Logged in as Rupak Mahapatra, Instructor Help Log Out MAHAPATRA218FALL12 ( MPMAHAPATRA218FALL12 ) My Courses Course Settings Course Home Assignments Roster Gradebook Item Library University Physics with

More information

Lecture 3, Performance

Lecture 3, Performance Repeating some definitions: Lecture 3, Performance CPI MHz MIPS MOPS Clocks Per Instruction megahertz, millions of cycles per second Millions of Instructions Per Second = MHz / CPI Millions of Operations

More information

Compiling Techniques

Compiling Techniques Lecture 11: Introduction to 13 November 2015 Table of contents 1 Introduction Overview The Backend The Big Picture 2 Code Shape Overview Introduction Overview The Backend The Big Picture Source code FrontEnd

More information

Fall 2008 CSE Qualifying Exam. September 13, 2008

Fall 2008 CSE Qualifying Exam. September 13, 2008 Fall 2008 CSE Qualifying Exam September 13, 2008 1 Architecture 1. (Quan, Fall 2008) Your company has just bought a new dual Pentium processor, and you have been tasked with optimizing your software for

More information

CSE370: Introduction to Digital Design

CSE370: Introduction to Digital Design CSE370: Introduction to Digital Design Course staff Gaetano Borriello, Brian DeRenzi, Firat Kiyak Course web www.cs.washington.edu/370/ Make sure to subscribe to class mailing list (cse370@cs) Course text

More information

CS187 - Science Gateway Seminar for CS and Math

CS187 - Science Gateway Seminar for CS and Math CS187 - Science Gateway Seminar for CS and Math Fall 2013 Class 3 Sep. 10, 2013 What is (not) Computer Science? Network and system administration? Playing video games? Learning to use software packages?

More information

Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers

Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur PROOFS 2016 August

More information

AP Physics 1 Summer Assignment

AP Physics 1 Summer Assignment Name: Email address (write legibly): AP Physics 1 Summer Assignment Packet 3 The assignments included here are to be brought to the first day of class to be submitted. They are: Problems from Conceptual

More information

CHAPTER 5 - PROCESS SCHEDULING

CHAPTER 5 - PROCESS SCHEDULING CHAPTER 5 - PROCESS SCHEDULING OBJECTIVES To introduce CPU scheduling, which is the basis for multiprogrammed operating systems To describe various CPU-scheduling algorithms To discuss evaluation criteria

More information

Lecture 3, Performance

Lecture 3, Performance Lecture 3, Performance Repeating some definitions: CPI Clocks Per Instruction MHz megahertz, millions of cycles per second MIPS Millions of Instructions Per Second = MHz / CPI MOPS Millions of Operations

More information

Recap. CS514: Intermediate Course in Operating Systems. What time is it? This week. Reminder: Lamport s approach. But what does time mean?

Recap. CS514: Intermediate Course in Operating Systems. What time is it? This week. Reminder: Lamport s approach. But what does time mean? CS514: Intermediate Course in Operating Systems Professor Ken Birman Vivek Vishnumurthy: TA Recap We ve started a process of isolating questions that arise in big systems Tease out an abstract issue Treat

More information

CSE 331 Winter 2018 Reasoning About Code I

CSE 331 Winter 2018 Reasoning About Code I CSE 331 Winter 2018 Reasoning About Code I Notes by Krysta Yousoufian Original lectures by Hal Perkins Additional contributions from Michael Ernst, David Notkin, and Dan Grossman These notes cover most

More information

R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H.

R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H. R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H. 5 S O F T W A R E E N G I N E E R I N G B Y S O M M E R V I L L E S E

More information

ITI Introduction to Computing II

ITI Introduction to Computing II (with contributions from R. Holte) School of Electrical Engineering and Computer Science University of Ottawa Version of January 11, 2015 Please don t print these lecture notes unless you really need to!

More information

Experimenting with Forces

Experimenting with Forces A mother hears a loud crash in the living room. She walks into the room to see her seven-year-old son looking at a broken vase on the floor. How did that happen? she asks. I don t know. The vase just fell

More information

ECEN 449: Microprocessor System Design Department of Electrical and Computer Engineering Texas A&M University

ECEN 449: Microprocessor System Design Department of Electrical and Computer Engineering Texas A&M University ECEN 449: Microprocessor System Design Department of Electrical and Computer Engineering Texas A&M University Prof. Sunil P Khatri (Lab exercise created and tested by Ramu Endluri, He Zhou and Sunil P

More information

Deadlock. CSE 2431: Introduction to Operating Systems Reading: Chap. 7, [OSC]

Deadlock. CSE 2431: Introduction to Operating Systems Reading: Chap. 7, [OSC] Deadlock CSE 2431: Introduction to Operating Systems Reading: Chap. 7, [OSC] 1 Outline Resources Deadlock Deadlock Prevention Deadlock Avoidance Deadlock Detection Deadlock Recovery 2 Review: Synchronization

More information

Performance, Power & Energy. ELEC8106/ELEC6102 Spring 2010 Hayden Kwok-Hay So

Performance, Power & Energy. ELEC8106/ELEC6102 Spring 2010 Hayden Kwok-Hay So Performance, Power & Energy ELEC8106/ELEC6102 Spring 2010 Hayden Kwok-Hay So Recall: Goal of this class Performance Reconfiguration Power/ Energy H. So, Sp10 Lecture 3 - ELEC8106/6102 2 PERFORMANCE EVALUATION

More information

Unit 8: Sequ. ential Circuits

Unit 8: Sequ. ential Circuits CPSC 121: Models of Computation Unit 8: Sequ ential Circuits Based on slides by Patrice Be lleville and Steve Wolfman Pre-Class Learning Goals By the start of class, you s hould be able to Trace the operation

More information

The Euler Method for the Initial Value Problem

The Euler Method for the Initial Value Problem The Euler Method for the Initial Value Problem http://people.sc.fsu.edu/ jburkardt/isc/week10 lecture 18.pdf... ISC3313: Introduction to Scientific Computing with C++ Summer Semester 2011... John Burkardt

More information

Växjö University. Software Security Testing. A Flexible Architecture for Security Testing. School of Mathematics and System Engineering

Växjö University. Software Security Testing. A Flexible Architecture for Security Testing. School of Mathematics and System Engineering School of Mathematics and System Engineering Reports from MSI - Rapporter från MSI Växjö University Software Security Testing A Flexible Architecture for Security Testing Martin Andersson Aug 2008 MSI

More information

Isaac Newton was a British scientist whose accomplishments

Isaac Newton was a British scientist whose accomplishments E8 Newton s Laws of Motion R EA D I N G Isaac Newton was a British scientist whose accomplishments included important discoveries about light, motion, and gravity. You may have heard the legend about how

More information

High-Performance Scientific Computing

High-Performance Scientific Computing High-Performance Scientific Computing Instructor: Randy LeVeque TA: Grady Lemoine Applied Mathematics 483/583, Spring 2011 http://www.amath.washington.edu/~rjl/am583 World s fastest computers http://top500.org

More information

Chapter 4: Forces and Newton's Laws of Motion Tuesday, September 17, :00 PM

Chapter 4: Forces and Newton's Laws of Motion Tuesday, September 17, :00 PM Ch4 Page 1 Chapter 4: Forces and Newton's Laws of Motion Tuesday, September 17, 2013 10:00 PM In the first three chapters of this course the emphasis is on kinematics, the mathematical description of motion.

More information

Lecture Notes Week 4. Once the CPU is up and running, the routine scheduler() is never called again except in the routine sched().

Lecture Notes Week 4. Once the CPU is up and running, the routine scheduler() is never called again except in the routine sched(). 1 XV6 Scheduler The xv6 scheduler user pure Round Robin It definitely as starvation and is definitely non-optimal The xv6 scheduler is in procc Two routines comprise the scheduler: scheduler() and sched()

More information

The Geo Web: Enabling GIS on the Internet IT4GIS Keith T. Weber, GISP GIS Director ISU GIS Training and Research Center.

The Geo Web: Enabling GIS on the Internet IT4GIS Keith T. Weber, GISP GIS Director ISU GIS Training and Research Center. The Geo Web: Enabling GIS on the Internet IT4GIS Keith T. Weber, GISP GIS Director ISU GIS Training and Research Center In the Beginning GIS was independent The GIS analyst or manager was typically a oneperson

More information

Virtualization. Introduction. G. Lettieri A/A 2014/15. Dipartimento di Ingegneria dell Informazione Università di Pisa. G. Lettieri Virtualization

Virtualization. Introduction. G. Lettieri A/A 2014/15. Dipartimento di Ingegneria dell Informazione Università di Pisa. G. Lettieri Virtualization Introduction G. Lettieri Dipartimento di Ingegneria dell Informazione Università di Pisa A/A 2014/15 G. Lettieri Folk definition What do people mean when they talk about virtualization w.r.t. computers?

More information

Real-Time Scheduling and Resource Management

Real-Time Scheduling and Resource Management ARTIST2 Summer School 2008 in Europe Autrans (near Grenoble), France September 8-12, 2008 Real-Time Scheduling and Resource Management Lecturer: Giorgio Buttazzo Full Professor Scuola Superiore Sant Anna

More information

OBEUS. (Object-Based Environment for Urban Simulation) Shareware Version. Itzhak Benenson 1,2, Slava Birfur 1, Vlad Kharbash 1

OBEUS. (Object-Based Environment for Urban Simulation) Shareware Version. Itzhak Benenson 1,2, Slava Birfur 1, Vlad Kharbash 1 OBEUS (Object-Based Environment for Urban Simulation) Shareware Version Yaffo model is based on partition of the area into Voronoi polygons, which correspond to real-world houses; neighborhood relationship

More information

Introduction The Nature of High-Performance Computation

Introduction The Nature of High-Performance Computation 1 Introduction The Nature of High-Performance Computation The need for speed. Since the beginning of the era of the modern digital computer in the early 1940s, computing power has increased at an exponential

More information

Porting RSL to C++ Ryusuke Villemin, Christophe Hery. Pixar Technical Memo 12-08

Porting RSL to C++ Ryusuke Villemin, Christophe Hery. Pixar Technical Memo 12-08 Porting RSL to C++ Ryusuke Villemin, Christophe Hery Pixar Technical Memo 12-08 1 Introduction In a modern renderer, relying on recursive ray-tracing, the number of shader calls increases by one or two

More information

ECE/CS 250 Computer Architecture

ECE/CS 250 Computer Architecture ECE/CS 250 Computer Architecture Basics of Logic Design: Boolean Algebra, Logic Gates (Combinational Logic) Tyler Bletsch Duke University Slides are derived from work by Daniel J. Sorin (Duke), Alvy Lebeck

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback