Pub Date : 2021-06-01Epub Date: 2021-08-06DOI: 10.1109/dsn48987.2021.00052
Weijie Liu, Wenhao Wang, Hongbo Chen, XiaoFeng Wang, Yaosong Lu, Kai Chen, Xinyu Wang, Qintao Shen, Yi Chen, Haixu Tang
A trusted execution environment (TEE) such as Intel Software Guard Extension (SGX) runs attestation to prove to a data owner the integrity of the initial state of an enclave, including the program to operate on her data. For this purpose, the data-processing program is supposed to be open to the owner or a trusted third party, so its functionality can be evaluated before trust being established. In the real world, however, increasingly there are application scenarios in which the program itself needs to be protected (e.g., proprietary algorithm). So its compliance with privacy policies as expected by the data owner should be verified without exposing its code.To this end, this paper presents DEFLECTION, a new model for TEE-based delegated and flexible in-enclave code verification. Given that the conventional solutions do not work well under the resource-limited and TCB-frugal TEE, we come up with a new design inspired by Proof-Carrying Code. Our design strategically moves most of the workload to the code generator, which is responsible for producing easy-to-check code, while keeping the consumer simple. Also, the whole consumer can be made public and verified through a conventional attestation. We implemented this model on Intel SGX and demonstrate that it introduces a very small part of TCB. We also thoroughly evaluated its performance on micro-and macro-benchmarks and real-world applications, showing that the design only incurs a small overhead when enforcing several categories of security policies.
{"title":"Practical and Efficient in-Enclave Verification of Privacy Compliance.","authors":"Weijie Liu, Wenhao Wang, Hongbo Chen, XiaoFeng Wang, Yaosong Lu, Kai Chen, Xinyu Wang, Qintao Shen, Yi Chen, Haixu Tang","doi":"10.1109/dsn48987.2021.00052","DOIUrl":"https://doi.org/10.1109/dsn48987.2021.00052","url":null,"abstract":"A trusted execution environment (TEE) such as Intel Software Guard Extension (SGX) runs attestation to prove to a data owner the integrity of the initial state of an enclave, including the program to operate on her data. For this purpose, the data-processing program is supposed to be open to the owner or a trusted third party, so its functionality can be evaluated before trust being established. In the real world, however, increasingly there are application scenarios in which the program itself needs to be protected (e.g., proprietary algorithm). So its compliance with privacy policies as expected by the data owner should be verified without exposing its code.To this end, this paper presents DEFLECTION, a new model for TEE-based delegated and flexible in-enclave code verification. Given that the conventional solutions do not work well under the resource-limited and TCB-frugal TEE, we come up with a new design inspired by Proof-Carrying Code. Our design strategically moves most of the workload to the code generator, which is responsible for producing easy-to-check code, while keeping the consumer simple. Also, the whole consumer can be made public and verified through a conventional attestation. We implemented this model on Intel SGX and demonstrate that it introduces a very small part of TCB. We also thoroughly evaluated its performance on micro-and macro-benchmarks and real-world applications, showing that the design only incurs a small overhead when enforcing several categories of security policies.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"2021 ","pages":"413-425"},"PeriodicalIF":0.0,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9343090/pdf/nihms-1823058.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"40687407","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-12-10DOI: 10.1109/DSN.2002.1028938
Shuo Chen, Jun Xu, R. Iyer, K. Whisnant
This paper experimentally evaluates and models the error-caused security vulnerabilities and the resulting security violations of two Linux kernel firewalls: IPChains and Netfilter. There are two major aspects to this work: to conduct extensive error injection experiments on the Linux kernel and to quantify the possibility of error-caused security violations using a SAN (Stochastic Activity Network) model. The error injection experiments show that about 2% of errors injected into the firewall code segment cause security vulnerabilities. Two types of error-caused security vulnerabilities are distinguished: temporary, which disappear when the error disappears, and permanent, which persist even after the error is removed, as long as the system is not rebooted. Results from simulating the SAN model indicate that under an error rate of 0.1 error/day during a 1-year period in a networked system protected by 20 firewalls, 2 machines (on the average) will experience security violations. This indicates that error-caused security vulnerabilities can be a non-negligible source of a security threats to a highly secure system.
{"title":"Evaluating the security threat of firewall data corruption caused by instruction transient errors","authors":"Shuo Chen, Jun Xu, R. Iyer, K. Whisnant","doi":"10.1109/DSN.2002.1028938","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028938","url":null,"abstract":"This paper experimentally evaluates and models the error-caused security vulnerabilities and the resulting security violations of two Linux kernel firewalls: IPChains and Netfilter. There are two major aspects to this work: to conduct extensive error injection experiments on the Linux kernel and to quantify the possibility of error-caused security violations using a SAN (Stochastic Activity Network) model. The error injection experiments show that about 2% of errors injected into the firewall code segment cause security vulnerabilities. Two types of error-caused security vulnerabilities are distinguished: temporary, which disappear when the error disappears, and permanent, which persist even after the error is removed, as long as the system is not rebooted. Results from simulating the SAN model indicate that under an error rate of 0.1 error/day during a 1-year period in a networked system protected by 20 firewalls, 2 machines (on the average) will experience security violations. This indicates that error-caused security vulnerabilities can be a non-negligible source of a security threats to a highly secure system.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"17 1","pages":"495-504"},"PeriodicalIF":0.0,"publicationDate":"2002-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89196216","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-12-10DOI: 10.1109/DSN.2002.1029015
S. Dalal, Y. Ho, Ashish Jain, A. McIntosh
A new measure of performance, which uses both application integrity and traditional network response time, is proposed. Modern networked application services rely on a stack of network protocols and a host of other services many of which cross-organizational and corporate boundaries. We point out that traditional software quality assurance techniques don't scale up for post-deployment integrity checks for such applications and services. A new methodology to do non-stop post-production monitoring of networked application services for transactional integrity and time delay measurement is proposed. Specifically we describe the Telcordia/spl trade/ Application Assurance System, which we have created for measuring real-time performance of web-based applications used in commercial settings. The system measures both post-production application integrity and time delay. The measurements are carried out by sending synthetic end-user transactions and analyzing the responses. Statistical models for analyzing the data using single monitoring site as well as multiple monitoring sites are described. Creating synthetic end-user transactions is crucial for our method. The paper presents a method for generation of 'highly efficient' end-user transactions from a graphical model of the functionality of the system. Highly efficient transactions are generated using combinatorial designs. The graphical model is incrementally created using a recorder. We give several empirical examples of efficacy of this system and uses for finding performance problems.
{"title":"Application performance assurance using end-to-end user level monitoring","authors":"S. Dalal, Y. Ho, Ashish Jain, A. McIntosh","doi":"10.1109/DSN.2002.1029015","DOIUrl":"https://doi.org/10.1109/DSN.2002.1029015","url":null,"abstract":"A new measure of performance, which uses both application integrity and traditional network response time, is proposed. Modern networked application services rely on a stack of network protocols and a host of other services many of which cross-organizational and corporate boundaries. We point out that traditional software quality assurance techniques don't scale up for post-deployment integrity checks for such applications and services. A new methodology to do non-stop post-production monitoring of networked application services for transactional integrity and time delay measurement is proposed. Specifically we describe the Telcordia/spl trade/ Application Assurance System, which we have created for measuring real-time performance of web-based applications used in commercial settings. The system measures both post-production application integrity and time delay. The measurements are carried out by sending synthetic end-user transactions and analyzing the responses. Statistical models for analyzing the data using single monitoring site as well as multiple monitoring sites are described. Creating synthetic end-user transactions is crucial for our method. The paper presents a method for generation of 'highly efficient' end-user transactions from a graphical model of the functionality of the system. Highly efficient transactions are generated using combinatorial designs. The graphical model is incrementally created using a recorder. We give several empirical examples of efficacy of this system and uses for finding performance problems.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"14 1","pages":"694-703"},"PeriodicalIF":0.0,"publicationDate":"2002-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91104085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028910
Andy A. Franz, Radek Mista, D. Bakken, C. Dyreson, M. Medidi
Voting is the process of combining multiple replies from replicated servers into a single reply. Data fusion is similar to but more general than voting. In data fusion, the input sources are not necessarily replicated servers, hence the inputs exhibit greater variance. Data fusion is a fundamental building block in distributed systems. It occurs in diverse contexts such as consensus, sensor networks, intrusion detection, and hierarchical resource monitoring, among others. This paper describes Mr. Fusion, a framework that provides data fusion in middleware. The heart of Mr. Fusion is a Fusion Core module that provides mechanisms for programming a wide variety of data fusion algorithms. Another part is a Fusion Status Service that monitors low-level outputs from the Fusion Core and alerts subscribers to divergent values or timings. The implementation borrows techniques from data warehousing and data mining.
{"title":"Mr. Fusion: a programmable data fusion middleware subsystem with a tunable statistical profiling service","authors":"Andy A. Franz, Radek Mista, D. Bakken, C. Dyreson, M. Medidi","doi":"10.1109/DSN.2002.1028910","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028910","url":null,"abstract":"Voting is the process of combining multiple replies from replicated servers into a single reply. Data fusion is similar to but more general than voting. In data fusion, the input sources are not necessarily replicated servers, hence the inputs exhibit greater variance. Data fusion is a fundamental building block in distributed systems. It occurs in diverse contexts such as consensus, sensor networks, intrusion detection, and hierarchical resource monitoring, among others. This paper describes Mr. Fusion, a framework that provides data fusion in middleware. The heart of Mr. Fusion is a Fusion Core module that provides mechanisms for programming a wide variety of data fusion algorithms. Another part is a Fusion Status Service that monitors low-level outputs from the Fusion Core and alerts subscribers to divergent values or timings. The implementation borrows techniques from data warehousing and data mining.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"36 1","pages":"273-278"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75179035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028930
Nagarajan Kandasamy, J. Hayes, B. Murray
Advanced automotive control applications such as steer and brake-by-wire are typically implemented as distributed systems comprising many embedded processors, sensors, and actuators interconnected via a communication bus. They have severe cost constraints but demand a high level of safety and performance. Motivated by the need for timely diagnosis of faulty actuators in such systems, we present a general method to implement failure diagnosis under deadline and resource constraints. Actuators are diagnosed in distributed fashion by processors to provide a global view of their fault status. The diagnostic tests are implemented in software using analytical redundancy and execute concurrently with the control tasks. The proposed method solves the test scheduling problem using a static list-based approach which guarantees actuator diagnosis within designer-specified deadlines while meeting control performance goals. As a secondary objective, it also minimizes the number of required processors. We present simulation results evaluating the effectiveness of the proposed method under various design constraints.
{"title":"Time-constrained failure diagnosis in distributed embedded systems","authors":"Nagarajan Kandasamy, J. Hayes, B. Murray","doi":"10.1109/DSN.2002.1028930","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028930","url":null,"abstract":"Advanced automotive control applications such as steer and brake-by-wire are typically implemented as distributed systems comprising many embedded processors, sensors, and actuators interconnected via a communication bus. They have severe cost constraints but demand a high level of safety and performance. Motivated by the need for timely diagnosis of faulty actuators in such systems, we present a general method to implement failure diagnosis under deadline and resource constraints. Actuators are diagnosed in distributed fashion by processors to provide a global view of their fault status. The diagnostic tests are implemented in software using analytical redundancy and execute concurrently with the control tasks. The proposed method solves the test scheduling problem using a static list-based approach which guarantees actuator diagnosis within designer-specified deadlines while meeting control performance goals. As a secondary objective, it also minimizes the number of required processors. We present simulation results evaluating the effectiveness of the proposed method under various design constraints.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"12 1","pages":"449-458"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74532374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028894
M. Hiller, A. Jhumka, N. Suri
An important aspect in the development of dependable software is to decide where to locate mechanisms for efficient error detection and recovery. We present a comparison between two methods for selecting locations for error detection mechanisms, in this case executable assertions (EAs), in black-box, modular software. Our results show that by placing EAs based on error propagation analysis one may reduce the memory and execution time requirements as compared to experience- and heuristic-based placement while maintaining the obtained detection coverage. Further, we show the sensitivity of the EA-provided coverage estimation on the choice of the underlying error model. Subsequently, we extend the analysis framework such that error-model effects are also addressed and introduce measures for classifying signals according to their effect on system output when errors are present. The extended framework facilitates profiling of software systems from varied dependability perspectives and is also less susceptible to the effects of having different error models for estimating detection coverage.
{"title":"On the placement of software mechanisms for detection of data errors","authors":"M. Hiller, A. Jhumka, N. Suri","doi":"10.1109/DSN.2002.1028894","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028894","url":null,"abstract":"An important aspect in the development of dependable software is to decide where to locate mechanisms for efficient error detection and recovery. We present a comparison between two methods for selecting locations for error detection mechanisms, in this case executable assertions (EAs), in black-box, modular software. Our results show that by placing EAs based on error propagation analysis one may reduce the memory and execution time requirements as compared to experience- and heuristic-based placement while maintaining the obtained detection coverage. Further, we show the sensitivity of the EA-provided coverage estimation on the choice of the underlying error model. Subsequently, we extend the analysis framework such that error-model effects are also addressed and introduce measures for classifying signals according to their effect on system output when errors are present. The extended framework facilitates profiling of software systems from varied dependability perspectives and is also less susceptible to the effects of having different error models for estimating detection coverage.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"33 1","pages":"135-144"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87992324","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028921
A. Mostéfaoui, S. Rajsbaum, M. Raynal
Investigates a modular and versatile approach to solve the consensus problem in asynchronous distributed systems in which up to f processes may crash (f
研究了一种模块化和通用的方法来解决异步分布式系统中的共识问题,其中多达f个进程可能崩溃(f
{"title":"A versatile and modular consensus protocol","authors":"A. Mostéfaoui, S. Rajsbaum, M. Raynal","doi":"10.1109/DSN.2002.1028921","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028921","url":null,"abstract":"Investigates a modular and versatile approach to solve the consensus problem in asynchronous distributed systems in which up to f processes may crash (f<n/2), but equipped with appropriate oracles. It presents a generic protocol that proceeds by consecutive asynchronous rounds. Each round follows a \"two-phase\" pattern. The modularity and the versatility of the protocol appear at each phase of a round. The first phase is a selection phase that allows to use any combination merging random oracle, leader oracle and condition. Its aim is to ensure termination by allowing the processes to start the second phase with the same value. The aim of the second phase is to ensure that the agreement property cannot be violated. Its cost depends on the value of f: two communication steps when f<n/2, that reduce to a single communication step when f<n/3. Hence, the behavior of the first phase is mainly ruled by the system additional equipment, while the behavior of the second phase depends on the value of f. It follows that the proposed protocol can be instantiated in different ways according to the oracles the system is equipped with and the actual value of f.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"36 1","pages":"364-373"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83813956","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028976
G. Ciardo, R. L. Jones, Robert M. Marmorstein, A. Miner, Radu I. Siminiceanu
SMART is a software package integrating logic and stochastic modeling formalisms into a single environment. Models expressed in different formalisms can be combined in the same study. To study logical behavior, both explicit and symbolic state-space generation techniques, as well as CTL model-checking algorithms, are available. To study stochastic and timing behavior, both explicit and Kronecker-based numerical solution approaches are available. Since SMART is intended as an industry and research tool, it is written in a modular way that allows for easy integration of new formalisms and solution algorithms.
{"title":"SMART: stochastic model-checking analyzer for reliability and timing","authors":"G. Ciardo, R. L. Jones, Robert M. Marmorstein, A. Miner, Radu I. Siminiceanu","doi":"10.1109/DSN.2002.1028976","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028976","url":null,"abstract":"SMART is a software package integrating logic and stochastic modeling formalisms into a single environment. Models expressed in different formalisms can be combined in the same study. To study logical behavior, both explicit and symbolic state-space generation techniques, as well as CTL model-checking algorithms, are available. To study stochastic and timing behavior, both explicit and Kronecker-based numerical solution approaches are available. Since SMART is intended as an industry and research tool, it is written in a modular way that allows for easy integration of new formalisms and solution algorithms.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"28 1","pages":"545-"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83098459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1029004
K. Whisnant, R. Iyer, P. Jones, R. Some, D. Rennels
Presents an experimental evaluation of a software-implemented fault tolerance (SIFT) environment built around a set of self-checking processes called ARMORs running on different machines that provide error detection and recovery services to themselves and to spaceborne scientific applications. The experiments are split into three groups of error injections, with each group successively stressing the SIFT error detection and recovery more than the previous group. The results show that the SIFT environment adds negligible overhead to the application during failure-free runs. Only 11 cases were observed in which either the application failed to start or the SIFT environment failed to recognize that the application had completed. Further investigations showed that assertions within the SIFT processes-coupled with object-based incremental checkpointing-were effective in preventing system failures by protecting dynamic data within the SIFT processes.
{"title":"An experimental evaluation of the REE SIFT environment for spaceborne applications","authors":"K. Whisnant, R. Iyer, P. Jones, R. Some, D. Rennels","doi":"10.1109/DSN.2002.1029004","DOIUrl":"https://doi.org/10.1109/DSN.2002.1029004","url":null,"abstract":"Presents an experimental evaluation of a software-implemented fault tolerance (SIFT) environment built around a set of self-checking processes called ARMORs running on different machines that provide error detection and recovery services to themselves and to spaceborne scientific applications. The experiments are split into three groups of error injections, with each group successively stressing the SIFT error detection and recovery more than the previous group. The results show that the SIFT environment adds negligible overhead to the application during failure-free runs. Only 11 cases were observed in which either the application failed to start or the SIFT environment failed to recognize that the application had completed. Further investigations showed that assertions within the SIFT processes-coupled with object-based incremental checkpointing-were effective in preventing system failures by protecting dynamic data within the SIFT processes.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"6 1","pages":"585-594"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90076217","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028927
Seongwoo Kim, Arun Kumar Somani
This paper presents an empirical investigation on the soft error sensitivity (SES) of microprocessors, using the picoJava-II as an example, through software simulated fault injections in its RTL model. Soft errors are generated under a realistic fault model during program run-time. The SES of a processor logic block is defined as the probability that a soft error in the block causes the processor to behave erroneously or enter into an incorrect architectural state. The SES is measured at the functional block level. We have found that highly error-sensitive blocks are common for various workloads. At the same time soft errors in many other logic blocks rarely affect the computation integrity. Our results show that a reasonable prediction of the SES is possible by deduction from the processor's microarchitecture. We also demonstrate that the sensitivity-based integrity checking strategy can be an efficient way to improve fault coverage per unit redundancy.
{"title":"Soft error sensitivity characterization for microprocessor dependability enhancement strategy","authors":"Seongwoo Kim, Arun Kumar Somani","doi":"10.1109/DSN.2002.1028927","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028927","url":null,"abstract":"This paper presents an empirical investigation on the soft error sensitivity (SES) of microprocessors, using the picoJava-II as an example, through software simulated fault injections in its RTL model. Soft errors are generated under a realistic fault model during program run-time. The SES of a processor logic block is defined as the probability that a soft error in the block causes the processor to behave erroneously or enter into an incorrect architectural state. The SES is measured at the functional block level. We have found that highly error-sensitive blocks are common for various workloads. At the same time soft errors in many other logic blocks rarely affect the computation integrity. Our results show that a reasonable prediction of the SES is possible by deduction from the processor's microarchitecture. We also demonstrate that the sensitivity-based integrity checking strategy can be an efficient way to improve fault coverage per unit redundancy.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"68 1","pages":"416-425"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90372743","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: