Global ETD Search

411	Fuites d'information dans les processeurs récents et applications à la virtualisation / Information leakage on shared hardware : evolutions in recent hardware and applications to virtualization Maurice, Clémentine 28 October 2015 (has links) Dans un environnement virtualisé, l'hyperviseur fournit l'isolation au niveau logiciel, mais l'infrastructure partagée rend possible des attaques au niveau matériel. Les attaques par canaux auxiliaires ainsi que les canaux cachés sont des problèmes bien connus liés aux infrastructures partagées, et en particulier au partage du processeur. Cependant, ces attaques reposent sur des caractéristiques propres à la microarchitecture qui change avec les différentes générations de matériel. Ces dernières années ont vu la progression des calculs généralistes sur processeurs graphiques (aussi appelés GPUs), couplés aux environnements dits cloud. Cette thèse explore ces récentes évolutions, ainsi que leurs conséquences en termes de fuites d'information dans les environnements virtualisés. Premièrement, nous investiguons les microarchitectures des processeurs récents. Notre première contribution est C5, un canal caché sur le cache qui traverse les coeurs d'un processeur, évalué entre deux machines virtuelles. Notre deuxième contribution est la rétro-ingénierie de la fonction d'adressage complexe du dernier niveau de cache des processeurs Intel, rendant la classe des attaques sur les caches facilement réalisable en pratique. Finalement, dans la dernière partie nous investiguons la sécurité de la virtualisation des GPUs. Notre troisième contribution montre que les environnements virtualisés sont susceptibles aux fuites d'informations sur la mémoire d'un GPU. / In a virtualized environment, the hypervisor provides isolation at the software level, but shared infrastructure makes attacks possible at the hardware level. Side and covert channels are well-known issues of shared hardware, and in particular shared processors. However, they rely on microarchitectural features that are changing with the different generations of hardware. The last years have also shown the rise of General-Purpose computing on Graphics Processing Units (GPGPU), coupled to so-called cloud environments. This thesis explores these recent evolutions and their consequences in terms of information leakage in virtualized environments. We first investigate the recent processor microarchitectures. Our first contribution is C5, a cross-core cache covert channel, evaluated between virtual machines. Following this work, our second contribution is the reverse engineering of the complex addressing function of the last-level cache of Intel processors, rendering the class of cache attacks highly practical. In the last part, we investigate the security of GPU virtualization. Our third contribution shows that virtualized environments are susceptible to information leakage from the GPU memory. Sécurité informatique Fuite d'information Virtualisation Canal caché Canal auxiliaire Processeur Cache GPU Computer security Information leakage Virtualization Covert channel Side channel Processor Cache GPU
412	Protection du contenu des mémoires externes dans les systèmes embarqués, aspect matériel / Protecting the content of externals memories in embedded systems, hardware aspect Ouaarab, Salaheddine 09 September 2016 (has links) Ces dernières années, les systèmes informatiques (Cloud Computing, systèmes embarqués, etc.) sont devenus omniprésents. La plupart de ces systèmes utilisent des espaces de stockage (flash,RAM, etc.) non fiables ou non dignes de confiance pour stocker du code ou des données. La confidentialité et l’intégrité de ces données peuvent être menacées par des attaques matérielles (espionnage de bus de communication entre le composant de calcul et le composant de stockage) ou logicielles. Ces attaques peuvent ainsi révéler des informations sensibles à l’adversaire ou perturber le bon fonctionnement du système. Dans cette thèse, nous nous sommes focalisés, dans le contexte des systèmes embarqués, sur les attaques menaçant la confidentialité et l’intégrité des données qui transitent sur le bus de communication avec la mémoire ou qui sont stockées dans celle-ci.Plusieurs primitives de protection de confidentialité et d’intégrité ont déjà été proposées dans la littérature, et notamment les arbres de Merkle, une structure de données protégeant efficacement l’intégrité des données notamment contre les attaques par rejeu. Malheureusement,ces arbres ont un impact important sur les performances et sur l’empreinte mémoire du système.Dans cette thèse, nous proposons une solution basée sur des variantes d’arbres de Merkle (arbres creux) et un mécanisme de gestion adapté du cache afin de réduire grandement l’impact de la vérification d’intégrité d’un espace de stockage non fiable. Les performances de cette solution ont été évaluées théoriquement et à l’aide de simulations. De plus, une preuve est donnée de l’équivalence, du point de vue de la sécurité, avec les arbres de Merkle classiques.Enfin, cette solution a été implémentée dans le projet SecBus, une architecture matérielle et logicielle ayant pour objectif de garantir la confidentialité et l’intégrité du contenu des mémoires externes d’un système à base de microprocesseurs. Un prototype de cette architecture a été réalisé et les résultats de l’évaluation de ce dernier sont donnés. / During the past few years, computer systems (Cloud Computing, embedded systems...) have become ubiquitous. Most of these systems use unreliable or untrusted storage (flash, RAM...)to store code or data. The confidentiality and integrity of these data can be threaten by hardware (spying on the communication bus between the processing component and the storage component) or software attacks. These attacks can disclose sensitive information to the adversary or disturb the behavior of the system. In this thesis, in the context of embedded systems, we focused on the attacks that threaten the confidentiality and integrity of data that are transmittedover the memory bus or that are stored inside the memory. Several primitives used to protect the confidentiality and integrity of data have been proposed in the literature, including Merkle trees, a data structure that can protect the integrity of data including against replay attacks. However, these trees have a large impact on the performances and the memory footprint of the system. In this thesis, we propose a solution based on variants of Merkle trees (hollow trees) and a modified cache management mechanism to greatly reduce the impact of the verification of the integrity. The performances of this solution have been evaluated both theoretically and in practice using simulations. In addition, a proof a security equivalence with regular Merkle treesis given. Finally, this solution has been implemented in the SecBus architecture which aims at protecting the integrity and confidentiality of the content of external memories in an embedded system. A prototype of this architecture has been developed and the results of its evaluation are given. Systèmes embarqués Mémoire cache Sécurité Confidentialité Attaques par rejeu Arbres de Merkle SoCLib SoC ZedBoard Embedded systems Cache memory Security Confidentiality Replays attacks Merkle trees SoCLib SoC ZedBoard
413	Passerelle intelligente pour réseaux de capteurs sans fil contraints / Smart gateway for low-power and lossy networks Leone, Rémy 24 July 2016 (has links) Les réseaux de capteurs sans fil (aussi appelés LLNs en anglais) sont des réseaux contraints composés de nœuds ayant de faibles ressources (mémoire, CPU, batterie). Ils sont de nature très hétérogène et utilisés dans des contextes variés comme la domotique ou les villes intelligentes. Pour se connecter nativement à l’Internet, un LLN utilise une passerelle, qui a une vue précise du trafic transitant entre Internet et le LLN du fait de sa position. Le but de cette thèse est d’exposer comment des fonctionnalités peuvent être ajoutées à une passerelle d’un LLN dans le but d’optimiser l’utilisation des ressources limitées des nœuds contraints et d’améliorer la connaissance de leur état de fonctionnement. La première contribution est un estimateur non intrusif utilisant le trafic passant par la passerelle pour inférer l’utilisation de la radio des nœuds contraints. La seconde contribution adapte la durée de vie d’informations mises en cache (afin d’utiliser les ressources en cache au lieu de solliciter le réseau) en fonction du compromis entre le coût et l’efficacité. Enfin, la troisième contribution est Makesense, un framework permettant de documenter, d’exécuter et d’analyser une expérience pour réseaux de capteurs sans fil de façon reproductible à partir d’une description unique. / Low-Power and Lossy Network (LLN)s are constrained networks composed by nodes with little resources (memory, CPU, battery). Those networks are typically used to provide real-time measurement of their environment in various contexts such as home automation or smart cities. LLNs connect to other networks by using a gateway that can host various enhancing features due to its key location between constrained and unconstrained devices. This thesis shows three contributions aiming to improve the reliability and performance of a LLN by using its gateway. The first contribution introduce a non-intrusive estimator of a node radio usage by observing its network traffic passing through the gateway. The second contribution offers to determine the validity time of an information within a cache placed at the gateway to reduce the load on LLNs nodes by doing a trade-off between energy cost and efficiency. Finally, we present Makesense, an open source framework for reproducible experiments that can document, execute and analyze a complete LLN experiment on simulation or real nodes from a unique description. Réseaux de capteurs Internet des objets Cache Supervision Recherche reproductible Wireless sensor networks Internet of things Low-Power and Lossy Network - LLN Cache Monitoring Reproducible research
414	Realtidssammanställning av stora mängder data från tidsseriedatabaser / Realtime compilation of large datasets from time series databases Rådeström, Johan, Skoog, Gustav January 2017 (has links) Stora mängder tidsseriedata genereras och hanteras i tekniska försörjningssystem och processindustrier i syfte att möjliggöra övervakning av systemen. När tidserierna ska hämtas och sammanställas för dataanalys utgör tidsåtgången ett problem. Examensarbetet hade som syfte att ta reda på hur utvinning av tidsseriedata borde utföras för att ge bästa möjliga svarstid för systemen. För att göra hämtningen och sammanställningen så effektiv som möjligt testades och utvärderades olika tekniker och metoder. De områden som tekniker och metoder jämfördes inom var sammanställning av data inom och utanför databasen, cachning, användandet av minnesdatabaser jämfört med andra databaser, dataformat, dataöverföring, och förberäkning av data. Resultatet var att den bästa lösningen bestod av att sammanställa data parallellt utanför databasen, att använda en egen inbyggd minnesdatabas, att använda Google Protobuf som dataformat, samt att förberäkna data. / Large amounts of time series data are generated and managed within management systems and industries with the purpose to enable monitoring of the systems. When the time series is to be acquired and compiled for data analysis, the expenditure of time is a problem. This thesis was purposed to determine how the extraction of time series data should be performed to give the systems the best response time possible. To make the extraction and compilation as effective as possible, different techniques and methods were tested and evaluated. The areas that techniques and methods were compared for were compilation of data inside and outside the database, caching, usage of in-memory databases compared to other databases, dataformats, data transfer, and precalculation of data. The results showed that the best solution was to compile data in parallel outside the database, to use a custom built-in in-memory database, to use Google Protobuf as data format, and finally to use precalculated data. time series time series database cache data format data transfer performance in-memory database tidsserier tidsseriedatabas cache dataformat dataöverföring prestanda minnesdatabaser Computer Engineering Datorteknik
415	Partition-based SIMD Processing and its Application to Columnar Database Systems Hildebrandt, Juliana, Pietrzyk, Johannes, Krause, Alexander, Habich, Dirk, Lehner, Wolfgang 19 March 2024 (has links) The Single Instruction Multiple Data (SIMD) paradigm became a core principle for optimizing query processing in columnar database systems. Until now, only the LOAD/STORE instructions are considered to be efficient enough to achieve the expected speedups, while avoiding GATHER/SCATTER is considered almost imperative. However, the GATHER instruction offers a very flexible way to populate SIMD registers with data elements coming from non-consecutive memory locations. As we will discuss within this article, the GATHER instruction can achieve the same performance as the LOAD instruction, if applied properly. To enable the proper usage, we outline a novel access pattern allowing fine-grained, partition-based SIMD implementations. Then, we apply this partition-based SIMD processing to two representative examples from columnar database systems to experimentally demonstrate the applicability and efficiency of our new access pattern. info:eu-repo/classification/ddc/004 ddc:004
416	Register Caching for Energy Efficient GPGPU Tensor Core Computing / Registrera cachelagring för energieffektiv GPGPU Tensor Core Computing Qian, Qiran January 2023 (has links) The General-Purpose GPU (GPGPU) has emerged as the predominant computing device for extensive parallel workloads in the fields of Artificial Intelligence (AI) and Scientific Computing, primarily owing to its adoption of the Single Instruction Multiple Thread architecture, which not only provides a wealth of thread context but also effectively hide the latencies exposed in the single threads executions. As computational demands have evolved, modern GPGPUs have incorporated specialized matrix engines, e.g., NVIDIA’s Tensor Core (TC), in order to deliver substantially higher throughput for dense matrix computations compared with traditional scalar or vector architectures. Beyond mere throughput, energy efficiency is a pivotal concern in GPGPU computing. The register file is the largest memory structure on the GPGPU die and typically accounts for over 20% of the dynamic power consumption. To enhance energy efficiency, GPGPUs incorporate a technique named register caching borrowed from the realm of CPUs. Register caching captures temporal locality among register operands to reduce energy consumption within a 2- level register file structure. The presence of TC raises new challenges for Register Cache (RC) design, as each matrix instruction applies intensive operand delivering traffic on the register file banks. In this study, we delve into the RC design trade-offs in GPGPUs. We undertake a comprehensive exploration of the design space, encompassing a range of workloads. Our experiments not only reveal the basic design considerations of RC but also clarify that conventional caching strategies underperform, particularly when dealing with TC computations, primarily due to poor temporal locality and the substantial register operand traffic involved. Based on these findings, we propose an enhanced caching strategy featuring a look-ahead allocation policy to minimize unnecessary cache allocations for the destination register operands. Furthermore, to leverage the energy efficiency of Tensor Core computing, we highlight an alternative instruction scheduling framework for Tensor Core instructions that collaborates with a specialized caching policy, resulting in a remarkable reduction of up to 50% in dynamic energy consumption within the register file during Tensor Core GEMM computations. / Den allmänna ändamålsgrafikprocessorn (GPGPU) har framträtt som den dominerande beräkningsenheten för omfattande parallella arbetsbelastningar inom områdena för artificiell intelligens (AI) och vetenskaplig beräkning, huvudsakligen tack vare dess antagande av arkitekturen för enkel instruktion, flera trådar (Single Instruction Multiple Thread), vilket inte bara ger en mängd trådcontext utan också effektivt döljer de latenser som exponeras vid enskilda trådars utförande. När beräkningskraven har utvecklats har moderna GPGPU:er inkorporerat specialiserade matrismotorer, t.ex., NVIDIAs Tensor Core (TC), för att leverera avsevärt högre genomströmning för täta matrisberäkningar jämfört med traditionella skalär- eller vektorarkitekturer. Bortom endast genomströmning är energieffektivitet en central oro inom GPGPUberäkning. Registerfilen är den största minnesstrukturen på GPGPU-dien och svarar vanligtvis för över 20% av den dynamiska effektförbrukningen För att förbättra energieffektiviteten inkorporerar GPGPU:er en teknik vid namn registercachning, lånad från CPU-världen. Registercachning fångar temporal lokalitet bland registeroperanderna för att minska energiförbrukningen inom en 2-nivåers registerfilstruktur. Närvaron av TC innebär nya utmaningar för Register Cache (RC)-design, eftersom varje matrisinstruktion genererar intensiv operandleverans på registerfilbankarna. I denna studie fördjupar vi oss i RC-designavvägandena i GPGPU:er. Vi genomför en omfattande utforskning av designutrymmet, som omfattar olika arbetsbelastningar. Våra experiment avslöjar inte bara de grundläggande designövervägandena för RC utan klargör också att konventionella cachestrategier underpresterar, särskilt vid hantering av TC-beräkningar, främst på grund av dålig temporal lokalitet och den betydande trafiken med registeroperand. Baserat på dessa resultat föreslår vi en förbättrad cachestrategi med en look-ahead-alloceringspolicy för att minimera onödiga cacheallokeringar för destinationens registeroperand. Dessutom, för att dra nytta av energieffektiviteten hos Tensor Core-beräkning, belyser vi en alternativ instruktionsplaneringsram för Tensor Core-instruktioner som samarbetar med en specialiserad cachelayout, vilket resulterar i en anmärkningsvärd minskning av upp till 50% i dynamisk energiförbrukning inom registerfilen under Tensor Core GEMM-beräkningar. Computer Architecture GPGPU Tensor Core GEMM Energy Efficiency Register File Cache Instruction Scheduling Datorarkitektur GPGPU Tensor Core GEMM energieffektivitet registerfil cache instruktionsschemaläggning Computer and Information Sciences Data- och informationsvetenskap
417	Architectural Support For Improving Computer Security Kong, Jingfei 01 January 2010 (has links) Computer security and privacy are becoming extremely important nowadays. The task of protecting computer systems from malicious attacks and potential subsequent catastrophic losses is, however, challenged by the ever increasing complexity and size of modern hardware and software design. We propose several methods to improve computer security and privacy from architectural point of view. They provide strong protection as well as performance efficiency. In our first approach, we propose a new dynamic information flow method to protect systems from popular software attacks such as buffer overflow and format string attacks. In our second approach, we propose to deploy encryption schemes to protect the privacy of an emerging non-volatile main memory technology - phase change memory (PCM). The negative impact of the encryption schemes on PCM lifetime is evaluated and new methods including a new encryption counter scheme and an efficient error correct code (ECC) management are proposed to improve PCM lifetime. In our third approach, we deconstruct two previously proposed secure cache designs against software data-cache-based side channel attacks and demonstrate their weaknesses. We propose three hardware-software integrated approaches as secure protections against those data cache attacks. Also we propose to apply them to protect instruction caches from similar threats. Furthermore, we propose a simple change to the update policy of Branch Target Buffer (BTB) to defend against BTB attacks. Our experiments show that our proposed schemes are both security effective and performance efficient. dynamic information flow buffer overflow phase change memory counter-mode encryption wear leveling secure cache designs informing loads Computer Sciences Engineering
418	SCINTRA: A Model for Quantifying Inconsistencies in Grid-Organized Sensor Database Systems Schlesinger, Lutz, Lehner, Wolfgang 12 January 2023 (has links) Sensor data sets are usually collected in a centralized sensor database system or replicated cached in a distributed system to speed up query evaluation. However, a high data refresh rate disallows the usage of traditional replicated approaches with its strong consistency property. Instead we propose a combination of grid computing technology with sensor database systems. Each node holds cached data of other grid members. Since cached information may become stale fast, the access to outdated data may sometimes be acceptable if the user has knowledge about the degree of inconsistency if unsynchronized data are combined. The contribution of this paper is the presentation and discussion of a model for describing inconsistencies in grid organized sensor database systems. info:eu-repo/classification/ddc/004 ddc:004
419	DATA MANAGEMENT IN DEFER CACHE - IMPLEMENTATION AND ANALYSIS RAO, SUDHINDRA R. January 2003 (has links) No description available. Computer Science distributed systems and chaching Beowulf clusters, linux, device drivers disk cache, buffers implementing disk cache using networks operating system enhancement
420	A Study of Mitigation Methods for Speculative Cache Side Channel Attacks Mosquera Ferrandiz, Fernando 05 1900 (has links) Side channels give attackers the opportunity to reveal private information without accessing it directly. In this study, several novel approaches are presented to mitigate cache side channel attacks including Spectre attack and its variants, resulting in several contributions. CHASM shows the information leakage in several new cache mapping schemes, where different cache address mappings may provide higher or lower protection against cache side channel attacks. GuardCache creates a noisy cache side-channel, making it more difficult for the attacker to determine if an access is a hit or miss (which is the basis for most side channel attacks). SecurityCloak is a framework that encompasses GuardCache with SafeLoadOnMiss whereby cache load misses during speculative execution are delayed until the speculation is resolved, thus preventing attacks that rely on accessing data in during (mis) speculated executions. To search for a compromise between security and performance, it is recommended not always to use protections such as SecurityCloak protections, but also to activate the protection only while executing critical sections of code or on-demand when an attack is detected (or suspected). Our experimental results show a high degree of obfuscation (and prevention of side channels) with a minimal impact on the performance. Computer Science

Search results