EBSIS Summer School
on Distributed Event Based Systems
and Related Topics 2017

July 10—14, 2017 – Timmendorfer Strand, Germany

★ Lecture Abstracts

Mark Silberstein (Technion - Israel Institute of Technology)

Efficient OS Services for SGX Enclaves

Intel Software Guard eXtensions (SGX) enable secure and trusted execution of user code in an isolated enclave to protect against a powerful adversary. In this lecture we will focus on the mechanisms that enable enclaves to use OS services, such as memory paging and system calls, and will analyze their performance. In particular, we will show that running I/O-intensive, memory-demanding server applications in enclaves leads to significant performance degradation, and will thoroughly analyze the main reasons for such slowdown.

We will show how to mitigate these problems using Eleos, an in-enclave runtime system which enables efficient system calls and exit-less paging in enclaves. Eleos introduces a novel Secure User-managed Virtual Memory (SUVM) abstraction that implements application-level paging inside the enclave. SUVM eliminates the overheads of enclave exits due to paging, and enables new optimizations such as sub-page granularity of accesses. We thoroughly evaluate Eleos on a range of microbenchmarks and two real server applications, achieving significant system performance gains.

Never Trust Your Graphics Card!

Graphics Processing Units (GPUs) have become an integral part of modern systems, but their implications for system security are not yet clear. In this talk we will discuss our ongoing research in security of GPU-accelerated systems. Specifically, we will show that, in contrast to previous publications, GPUs cannot be used as secure co-processors. Moreover, GPU themselves may serve a platform for running highly stealthy malware with unlimited access to system memory. We will describe two new attacks, one which modifies the GPU closed-source binary driver in OS kernel memory, and another one that infects the GPU firmware. Both attacks enable unlimited access to CPU memory, in addition bypassing IOTLB protection. We will also show several novel techniques for building stealthy GPU-native malware which rely on inherent software/hardware architecture of modern GPUs. The talk is self-contained, and will provide the necessary background on GPUs.

Speaker Bio

Mark Silberstein is an assistant professor in the Electrical Engineering Department at the Technion - Israel Institute of Technology. Mark's research is about accelerated computer systems. It spans all the levels of the software and hardware stack, from hardware architecture and in-FPGA runtimes, through operating system abstractions for programs running on accelerators like GPUs, Smart NICs and SGX enclaves, to software security of accelerated systems and scalable multi-accelerator applications.