Title: Introspective Computing: A Multicore Approach to Availability, Reliability and Security
1Introspective Computing A Multicore Approach to
Availability, Reliability and Security
Hsien-Hsin Sean Lee School of ECE, Georgia
Tech http//arch.ece.gatech.edu
- Research Objective
- This research investigates architectural
techniques to exploit the emerging multicore
processing platform to enable introspective
computing an automonic system addressing
issues of availability, reliability, and
security.
Multicore
Attack!
The growing concerns caused by cyber exploits and
remote attacks on network call for a system
architecture providing effective countermeasures
and efficient recovery. By leveraging the
computing capability of a multicore processor,
this research explores the design space of
programming models, shepherding software, and
architectural support for fulfilling such needs.
Service
Monitor
Core 0
Core 1
Cache
Dual-Core
Attack!
OS
RTS Security State
The target applications are primarily network
services, e.g. online merchants, application
providers, etc.
Introspective Multicore System
Approach and Impact
- New Approaches
- Inter-core insulation
- Introspection capability
- Delta checkpoint and recovery
- Research Impact
- High availability computing systems
- High security architecture
- New multicore programming model
- To enable introspective computing, a system must
exhibit the following property - Insulation and Isolation the assurance to
provide a sandbox for guarding components. - Introspection the ability to detect attempted
exploits and identify system corruption. - Prevention the ability o prevent attempted
intrusions. - Recovery the ability to recover from a
corrupted state and restore execution. - Performance to enable the above functionality
with minimal performance overhead. - A multicore processor presents an ideal
opportunity to achieve the objectives of an
introspective computing system. Each individual
core on such a system can be programmed and
configured asymmetrically in terms of their
responsibility and functionality. The guarding
core is designated to perform online monitoring
and execution inspection within a protected
sandbox while the cores running service
applications are exposed to the external network
with bounded security privilege. Due the close
coupling of the cores, checkpointing and fault
recovery can be implemented in a highly efficient
manner to enable introspection with minimal cost.