From bff52c33e72bc21f936530e6543611f982b8c13b Mon Sep 17 00:00:00 2001 From: Iru Cai Date: Fri, 17 May 2019 11:54:27 +0800 Subject: upd --- chap/abs.tex | 65 ++++++++++++++++++++++++++++++--------------------------- chap/chap1.tex | 35 ++++++++++++++++++------------- chap/encl1.tex | 6 ++++-- chap/origin.tex | 2 +- 4 files changed, 59 insertions(+), 49 deletions(-) diff --git a/chap/abs.tex b/chap/abs.tex index 080c963..81b1b10 100644 --- a/chap/abs.tex +++ b/chap/abs.tex @@ -14,7 +14,7 @@ 本文基于模拟平台,针对推测式执行侧信道攻击设计实现了一种防御结构。主 要工作内容如下: \begin{enumerate} - \item 调研 Meltdown 和 Spectre 攻击技术,分析其技术原理。 + \item 调研 Meltdown 和 Spectre 攻击,分析其技术原理。 \item 调研现有的 Meltdown 和 Spectre 防御方案,分析这些方案的设计思 想、实现方法、安全性和性能开销。 \item 设计一种针对 Spectre 攻击的防御结构,并在模拟平台中实现。该结 @@ -30,40 +30,43 @@ \begin{eabstract} Performance and power consumption are the main factors of modern - processor design. As software and hardware become more and more - complex, security is becoming important in computer system + processor design. As software and hardware systems become more and + more complex, security is becoming important in microprocessor design. The disclosure of Meltdown and Spectre shows that - microarchitecture optimizations can break the security of the - system, although the programs still run correctly. Spectre exploits - speculative execution, constructing covert channel with transient - instructions, and leak secret information to the attacker, breaking - the security guarentee of the program and system isolation. Since - speculative execution is an important method to optimize the - execution, it's complex to defend against Spectre attack, while - minimize the performance loss of the defense. + microarchitecture optimizations can bring security issues, although + the programs still run correctly. Spectre exploits speculative + execution, constructing covert channel with transient instructions, + and leak secret information to the attacker, breaking the security + guarentee of the program and system isolation. Since speculative + execution is an important method to optimize the performance in + microprocessor design, it's important to defend against Spectre + attack, while minimize the performance loss of the defense. - This thesis designs a microarchitecture to defend against Spectre - attack, based on the gem5 simulation platform, and evaluates the - design. The contribution of this thesis is as follows: - \begin{itemize} - \item Investigate on current side-channel attack, Meltdown and - Spectre attack, and analyze how these attacks work + This thesis designs a microarchitecture to defend against + speculation side channels based on the a simulation platform. The + contribution of this thesis is as follows: + \begin{enumerate} + \item Investigate on Meltdown and Spectre attacks, and analyze how + these attacks work. \item Investigate on current defenses of Meltdown and Spectre - attack, analyze their idea, implementation, security and overhead + attacks, analyze their idea, implementation, security and + performance overhead. \item Design a microarchitecture to defend against spectre attack - and simulate it on gem5. This microarchitecture is based on - dynamic information flow tracking, which detects whether a - speculating instruction directly or indirectly depends on a value - loaded from memory, which may result in a leakage. This thesis - combines this method with InvisiSpec, a scheme to execute - speculating load safely, and implement these models on gem5. - \item Evaluate the security and performance of this - microarchitecture. Tested with a constructed proof of concept code - on gem5, this microarchitecture design has the expected security - feature. Evaluated with SPEC CPU2006, this microarchitecture has - an average performance overhead of 8.5\%, better than using DIFT - or InvisiSpec only. - \end{itemize} + and implement it on a simulation platform. This microarchitecture + tracks the information flow, detecting the dependency of a + speculated instruction and a speculated data load from memory, and + tags the instruction which may leak data. For memory reads which + is likely unsafe, a safe loading mechanism is used, avoiding + leaving transient execution side effects in the cache. + \item Evaluate the microarchitecture on the simulation + platform. Tested with a constructed proof of concept code, this + microarchitecture design can defend the tested attacks, meeting + the security requirement. Evaluated with SPEC CPU2006, this + microarchitecture has an average performance overhead of 8.5\%, + and the number of speculated loads that need to be safely executed + is significantly decreased, thus the performance overhead of the + defence is smaller. + \end{enumerate} \end{eabstract} % vim:ts=4:sw=4 diff --git a/chap/chap1.tex b/chap/chap1.tex index 7ddf6b6..bee1ea1 100644 --- a/chap/chap1.tex +++ b/chap/chap1.tex @@ -24,19 +24,20 @@ Tomasulo 算法\supercite{tomasulo},可以识别指令之间的依赖关系, 结果。 超标量处理器设计允许处理器平均没周期执行多于一条指令,它可以在一周期内 -同时分发多个指令至不同的执行单元,从而利用程序的指令级并行性。 +同时分发多个指令至不同的执行单元,进一步开发了程序的指令级并行性。 -程序中除了数据相关,还有控制相关。程序中存在大量的分支指令,等待分支指 -令执行,则后续指令在分支指令执行期间均无法执行,降低了执行单元的利用率, -导致总体性能下降。因此现代微处理器使用了推测式执行技术,在分支指令执行 -结束前,根据分支预测的结果,执行预测将要执行的指令。分支预测需要预测分 -支的方向和目标地址。处理器使用分支目标缓冲器(BTB)预测分支指令的方向 -和目标地址\supercite{btb}。为了预测函数调用的返回地址,处理器还使用栈 -结构的返回栈缓冲器(RSB)\supercite{rsb}。 +程序中除了数据相关之外,还存在控制相关。程序中存在大量的分支指令,等待 +分支指令执行,则后续指令在分支指令执行期间均无法执行,降低了执行单元的 +利用率,导致总体性能下降。因此现代微处理器使用了推测式执行技术,在分支 +指令执行结束前,根据分支预测的结果,执行预测将要执行的指令。分支预测需 +要预测分支的方向和目标地址。处理器使用分支目标缓冲器(BTB)预测分支指令 +的方向和目标地址\supercite{btb}。为了预测函数调用的返回地址,处理器还使 +用栈结构的返回栈缓冲器(RSB)\supercite{rsb}。 -为了开发出多任务系统的线程级并行性,部分处理器使用了多线程技术。同时多 -线程(SMT)\supercite{smt}是一种多线程技术,它对超标量处理器做了少量修 -改,使得多个线程可以共用一组执行单元,提高执行单元的利用率。 +为了开发出多任务系统的线程级并行性,部分处理器使用了多线程技术,使得一 +个处理器核可以执行多个线程。同时多线程(SMT)\supercite{smt}是一种多线 +程技术,它对超标量处理器做了少量修改,使得多个线程可以共用一组执行单元, +提高执行单元的利用率。 \begin{figure}[htbp] \centering @@ -111,10 +112,14 @@ gem5 的灵活性使得研究者可以根据需要选择不同的系统模型, 度的平衡。gem5 支持以下模型的配置: \begin{enumerate} - \item CPU 模型:如图\ref{fig:gem5_cpu},gem5 支持多种不同的 CPU 模型。AtomicSimpleCPU 模拟一个单周期处理器,模拟速度最快。TimingSimpleCPU 在此之上增加对存储访问时间的模拟。O3CPU 则是一个详细的乱序执行处理器模型。此外,gem5 还支持使用 KVM 虚拟化技术模拟 CPU 的执行。 -\item 系统模式:gem5 可以用系统调用模拟(SE)和全系统(FS)两种模式进 - 行模拟,前者模拟大多数的系统调用,无需对操作系统和设备进行模拟,而后 - 者则模拟了操作系统和设备,同时执行用户态和内核态的指令。 +\item CPU 模型:如图\ref{fig:gem5_cpu},gem5 支持多种不同的 CPU 模 + 型。AtomicSimpleCPU 模拟一个单周期处理器,模拟速度最 + 快。TimingSimpleCPU 在此之上增加对存储访问时间的模拟。O3CPU 则是一个 + 详细的乱序执行处理器模型。此外,gem5 还支持使用 KVM 虚拟化技术模 + 拟 CPU 的执行。 +\item 系统模式:gem5 可以用系统调用模拟(SE)和全系统(FS)两种模式进行 + 模拟,前者模拟大多数的系统调用,无需对操作系统和设备进行模拟,而后者 + 则模拟了操作系统和设备,同时执行用户态和内核态的指令。 \item 存储系统:gem5 包含两种存储系统模型,来自 M5 的 Classic 模型容易 配置且模拟速度快,而来自 GEMS 的 Ruby 模型则提供了一个可以精确模拟缓 存一致性模型的存储系统模拟框架。 diff --git a/chap/encl1.tex b/chap/encl1.tex index a2eafac..6a8e62a 100644 --- a/chap/encl1.tex +++ b/chap/encl1.tex @@ -11,7 +11,8 @@ #include #include -/* default: 64B line size, L1-D 64KB assoc 2, L1-I 32KB assoc 2, L2 2MB assoc 8 */ +/* default: 64B line size, L1-D 64KB assoc 2, L1-I 32KB assoc 2 + , L2 2MB assoc 8 */ #define LLC_SIZE (2 << 20) uint8_t dummy[LLC_SIZE]; @@ -59,7 +60,8 @@ int main() printf("attack_idx = %ld\n", attack_idx); for (int i = 0; i < 256; i++) { - printf("%d: %d, %s\n", i, t[i], (t[i] < 40)? "hit": "miss"); + printf("%d: %d, %s\n", i, t[i], + (t[i] < 40)? "hit": "miss"); } } \end{minted} diff --git a/chap/origin.tex b/chap/origin.tex index 0002589..d0ac318 100644 --- a/chap/origin.tex +++ b/chap/origin.tex @@ -34,7 +34,7 @@ % 学校书面要求本页面不要页码,但在给出的 Word 模版中又有页码且编入了目录。 % 此处以 Word 模版为实际标准进行设定。 - \specialchap*{北京大学学位论文原创性声明和使用授权说明} + \chapter*{北京大学学位论文原创性声明和使用授权说明} \mbox{}\vspace*{-3em} \section*{原创性声明} -- cgit v1.2.3