Individual Thesis Ideas
You already have a thesis topic in mind?
Contact us with your idea: cs-os-staff@lists.rub.de
Open Theses
Bachelor's Theses
All theses are currently already assigned.
Master's Theses
All theses are currently already assigned.
Ongoing Theses
Goal and Approach
The goal of this thesis is to develop a framework for selecting the most efficient mitigation of cross-HyperThread attacks for a given system. To this end, the performance and energy characteristics of the two mitigations, disabling HyperThreading and Core Scheduling, are determined. These analyses also take into account different workload types and system configurations.
Motivation
Hardware vulnerabilities threaten the security guarantees of modern operating systems, such as Linux. Some vulnerabilities allow for attacks between HyperThreads (HTs) (e.g., Microarchitectural Data Sampling). With these cross-HT attacks, a malicious process can sample all data accessed by any other process running on the same physical core. The only effective measure to prevent such attacks is to disable HyperThreading for the entire system, which can incur significant performance penalties. Recently, a new feature serving as an alternative to disabling HT has been introduced to the Linux kernel: Core Scheduling.
With Core Scheduling, trust relationships between processes can be defined that are the basis for ensuring that only trusted processes are scheduled on the same physical core. While this allows keeping HyperThreading enabled, Core Scheduling also comes with additional overhead, especially during the scheduling process itself.
This leaves the question of which mitigation to use when optimizing the system in terms of not only performance, but also energy efficiency.
Supervisors: Prof. Dr.-Ing. Timo Hönig, Henriette Hofmeier, M.Sc.
Goal and Approach
The goal of this thesis is to develop a framework for determining the overhead of individual mitigation implementations. Hardware vulnerabilities can affect a system in various manners. Therefore, to mitigate these vulnerabilities a number of different mechanisms is required to fully ensure secure execution. These mechanism also vary depending on the system’s underlying hardware. This thesis aims to gain a better understanding of the impact of the different mechanisms on the overhead of the mitigations in general. Thus, the different implementations of protection mechanisms are evaluated and analyzed individually in terms of energy and runtime overhead.
Supervisors: Prof. Dr.-Ing. Timo Hönig, Henriette Hofmeier, M.Sc.
Completed Theses
Student: Henriette Hofmeier (handed in on 24.06.2022)
Supervisors: Prof. Dr.-Ing. Timo Hönig, Prof. Dr.-Ing. habil. Wolfgang Schröder-Preikschat, Stefan Reif, M.Sc., Luis Gerhorst, M.Sc., Christian Eichler, M.Sc.
Abstract:
Providing secure systems, for example, in computing centers, is an essential task of service providers. Vulnerabilities threatening secure execution are not only located in defective software but can also be found in the hardware itself. Hardware vulnerabilities, such as Spectre, Meltdown, and Microarchitectural Data Sampling, pose significant security concerns and can leave systems vulnerable to attacks extracting privileged information. As these vulnerabilities are often unfixable for already deployed hardware, software developers in general and operating system developers, in particular, go to great lengths to mitigate these attacks. These mitigations typically come with significant performance overheads, especially if speculative execution has to be restricted. Due to differences in the data they handle and security concerns, in general, processes may require varying degrees of
protection. Thus, mitigations may only be required for short time spans or individual processes – if at all. The mainline Linux kernel does not offer run-time control for all mitigations. For some exploits, multiple mitigations may be available that differ in the underlying protection mechanism and in their overhead on performance and efficiency.
This thesis presents dynamic reconfiguration of hardware-vulnerability mitigations in the Linux kernel. By adapting the mitigation configurations to the current workload, the system’s performance and energy efficiency can be optimized as the overhead of unnecessarily enabled mitigations is removed. Also, if multiple protection mechanisms are available for a specific vulnerability, a reconfiguration service determines the optimal configuration depending on workload characteristics, hardware, and system state. Dynamic control of mitigations that are only configurable at boot time in the mainline kernel is provided by a kernel module and kernel extensions. By utilizing code patching at run time, mitigations are omitted from the control flow if the respective mitigation is disabled. Combined, the service, kernel module, and kernel extensions provide the dynamic reconfiguration of hardware-vulnerability mitigations. The evaluation shows that using dynamic reconfigurations and adapting mitigation configurations to the system state has the potential to improve the system’s efficiency significantly. The evaluation also shows that the design and implementation of dynamic reconfiguration of hardware-vulnerability mitigations, as presented in this thesis, can be integrated into the Linux kernel with only minimal run-time overhead. Thus, this thesis provides the means for future research into the optimization of hardware-vulnerability mitigation reconfigurations.
Supervisors: Christian Eichler, M.Sc., Prof. Dr.-Ing. Timo Hönig