Hadoop is a well-known parallel computing system for distributed computing and large-scale data processes.“Straggling”tasks,however,have a serious impact on task allocation and scheduling in a Hadoop system.Speculat...Hadoop is a well-known parallel computing system for distributed computing and large-scale data processes.“Straggling”tasks,however,have a serious impact on task allocation and scheduling in a Hadoop system.Speculative Execution(SE)is an efficient method of processing“Straggling”Tasks by monitoring real-time running status of tasks and then selectively backing up“Stragglers”in another node to increase the chance to complete the entire mission early.Present speculative execution strategies meet challenges on misjudgement of“Straggling”tasks and improper selection of backup nodes,which leads to inefficient implementation of speculative executive processes.This paper has proposed an Optimized Resource Scheduling strategy for Speculative Execution(ORSE)by introducing non-cooperative game schemes.The ORSE transforms the resource scheduling of backup tasks into a multi-party non-cooperative game problem,where the tasks are regarded as game participants,whilst total task execution time of the entire cluster as the utility function.In that case,the most benefit strategy can be implemented in each computing node when the game reaches a Nash equilibrium point,i.e.,the final resource scheduling scheme to be obtained.The strategy has been implemented in Hadoop-2.x.Experimental results depict that the ORSE can maintain the efficiency of speculative executive processes and improve fault-tolerant and computation performance under the circumstances of Normal Load,Busy Load and Busy Load with Skewed Data.展开更多
Since the discovery of speculative execution attacks based on side channels,there has been a long history of research on their attack mechanisms and defense principles.To explore TLB side channels,we constructed a Sys...Since the discovery of speculative execution attacks based on side channels,there has been a long history of research on their attack mechanisms and defense principles.To explore TLB side channels,we constructed a System-on-Chip(SoC)centered around the XuanTie C910 processor on a Virtex UltraScale+HBM VCU128 FPGA and ran the Linux operating system on this platform.We successfully implemented the Spectre-v1 attack targeting the multi-level TLB structure of the XuanTie C910 processor,identifying the second-level TLB as the primary target of the attack.In addition,we proposed a defense mechanism called TLBshield-v1,which employs a 50-percent block rate policy on the write-back channel from the Page Table Walker to the second-level TLB,thereby mitigating all attacks based on the second-level TLB.We tested a 50-percent block rate policy,which reduced the success rate of the Spectre-v1 attack from 100 percent to 55.7 percent,with a performance overhead of only 1.77 percent.Furthermore,we designed TLBshield-v2,with different block rates of second-level TLB,tested their corresponding performance overheads and security implications,and introduced a normalized evaluation metric,Security-Versus-Performance to determine the optimal design strategy that balances performance overhead and security under varying security requirements.展开更多
Speculative execution attacks can leak arbitrary program data under malicious speculation,presenting a severe security threat.Based on two key observations,this paper presents a software-transparent defense mechanism ...Speculative execution attacks can leak arbitrary program data under malicious speculation,presenting a severe security threat.Based on two key observations,this paper presents a software-transparent defense mechanism called speculative secret flow tracking(SSFT),which is capable of defending against all cache-based speculative execution attacks with a low performance overhead.First,we observe that the attacker must use array or pointer variables in the victim code to access arbitrary memory data.Therefore,we propose a strict definition of secret data to reduce the amount of data to be protected.Second,if the load is not data-dependent and control-dependent on secrets,its speculative execution will not leak any secrets.Thus,this paper introduces the concept of speculative secret flow to analyze how secret data are obtained and propagated during speculative execution.By tracking speculative secret flow in hardware,SSFT can identify all unsafe speculative loads(USLs)that are dependent on secrets.Moreover,SSFT exploits three different methods to constrain USLs’speculative execution and prevent them from leaking secrets into the cache and translation lookaside buffer(TLB)states.This paper evaluates the performance of SSFT on the SPEC CPU 2006 workloads,and the results show that SSFT is effective and its performance overhead is very low.To defend against all speculative execution attack variants,SSFT only incurs an average slowdown of 4.5%(Delay USL-L1Miss)or 3.8%(Invisible USLs)compared to a non-secure processor.Our analysis also shows that SSFT maintains a low hardware overhead.展开更多
基金This work has received funding from the European Unions Horizon 2020 research and innovation programme under the Marie Sklodowska-Curie grant agreement no.701697Major Program of the National Social Science Fund of China(Grant No.17ZDA092)+2 种基金Basic Research Programs(Natural Science Foundation)of Jiangsu Province(BK20180794)333 High-Level Talent Cultivation Project of Jiangsu Province(BRA2018332)333 High-Level Talent Cultivation Project of Jiangsu Province(BRA2018332)the PAPD fund.
文摘Hadoop is a well-known parallel computing system for distributed computing and large-scale data processes.“Straggling”tasks,however,have a serious impact on task allocation and scheduling in a Hadoop system.Speculative Execution(SE)is an efficient method of processing“Straggling”Tasks by monitoring real-time running status of tasks and then selectively backing up“Stragglers”in another node to increase the chance to complete the entire mission early.Present speculative execution strategies meet challenges on misjudgement of“Straggling”tasks and improper selection of backup nodes,which leads to inefficient implementation of speculative executive processes.This paper has proposed an Optimized Resource Scheduling strategy for Speculative Execution(ORSE)by introducing non-cooperative game schemes.The ORSE transforms the resource scheduling of backup tasks into a multi-party non-cooperative game problem,where the tasks are regarded as game participants,whilst total task execution time of the entire cluster as the utility function.In that case,the most benefit strategy can be implemented in each computing node when the game reaches a Nash equilibrium point,i.e.,the final resource scheduling scheme to be obtained.The strategy has been implemented in Hadoop-2.x.Experimental results depict that the ORSE can maintain the efficiency of speculative executive processes and improve fault-tolerant and computation performance under the circumstances of Normal Load,Busy Load and Busy Load with Skewed Data.
文摘Since the discovery of speculative execution attacks based on side channels,there has been a long history of research on their attack mechanisms and defense principles.To explore TLB side channels,we constructed a System-on-Chip(SoC)centered around the XuanTie C910 processor on a Virtex UltraScale+HBM VCU128 FPGA and ran the Linux operating system on this platform.We successfully implemented the Spectre-v1 attack targeting the multi-level TLB structure of the XuanTie C910 processor,identifying the second-level TLB as the primary target of the attack.In addition,we proposed a defense mechanism called TLBshield-v1,which employs a 50-percent block rate policy on the write-back channel from the Page Table Walker to the second-level TLB,thereby mitigating all attacks based on the second-level TLB.We tested a 50-percent block rate policy,which reduced the success rate of the Spectre-v1 attack from 100 percent to 55.7 percent,with a performance overhead of only 1.77 percent.Furthermore,we designed TLBshield-v2,with different block rates of second-level TLB,tested their corresponding performance overheads and security implications,and introduced a normalized evaluation metric,Security-Versus-Performance to determine the optimal design strategy that balances performance overhead and security under varying security requirements.
基金supported by the Key-Area Research and Development Program of Guangdong Province of China under Grant No.2018B010115002.
文摘Speculative execution attacks can leak arbitrary program data under malicious speculation,presenting a severe security threat.Based on two key observations,this paper presents a software-transparent defense mechanism called speculative secret flow tracking(SSFT),which is capable of defending against all cache-based speculative execution attacks with a low performance overhead.First,we observe that the attacker must use array or pointer variables in the victim code to access arbitrary memory data.Therefore,we propose a strict definition of secret data to reduce the amount of data to be protected.Second,if the load is not data-dependent and control-dependent on secrets,its speculative execution will not leak any secrets.Thus,this paper introduces the concept of speculative secret flow to analyze how secret data are obtained and propagated during speculative execution.By tracking speculative secret flow in hardware,SSFT can identify all unsafe speculative loads(USLs)that are dependent on secrets.Moreover,SSFT exploits three different methods to constrain USLs’speculative execution and prevent them from leaking secrets into the cache and translation lookaside buffer(TLB)states.This paper evaluates the performance of SSFT on the SPEC CPU 2006 workloads,and the results show that SSFT is effective and its performance overhead is very low.To defend against all speculative execution attack variants,SSFT only incurs an average slowdown of 4.5%(Delay USL-L1Miss)or 3.8%(Invisible USLs)compared to a non-secure processor.Our analysis also shows that SSFT maintains a low hardware overhead.
