TIME: 12:00 noon - to approximately 2:00 pm EDT
PLACE: Virtual - a zoom link will be emailed closer to the seminar
SPEAKER: Dimitrios Skarlatos
Assistant Professor, Carnegie Mellon University
Perspective: A Principled Framework for Pliable and Secure Speculation in Operating Systems
Transient execution attacks present an unprecedented threat to computing systems. Protecting the operating system (OS) is exceptionally challenging because a transient execution gadget in the OS can potentially leak the entire memory. In this talk, I will present Perspective a principled framework for building pliable and secure speculative execution defenses for the OS. Perspective offers a pliable interface that allows the OS to communicate its security requirements to hardware defenses, enabling tailored protection against transient execution attacks with little performance overhead. The design of Perspective is driven by a taxonomy of transient execution attacks in the OS kernel: (i) active transient execution attacks, where the attacker process exploits its own kernel thread to speculatively execute a transient execution gadget in the kernel, and (ii) passive transient execution attacks, where the attacker coerces the victim process’s kernel thread to execute a transient execution gadget. Based on the taxonomy, Perspective introduces Data Speculation Views (DSVs) and Instruction Speculation Views (ISVs), to mitigate active and passive attacks, respectively. DSVs define the ownership of kernel data by a given execution context and block any speculative access to data outside the DSV. ISVs define the set of kernel functions that can be speculatively executed by a given execution context. Any transmitter instructions—whose execution could leak secrets, such as load instructions—that belong to kernel functions outside the ISVs are blocked from speculative execution. ISVs open up new opportunities of (i) swiftly patching gadgets in the OS, (ii) reducing the surface of passive attacks, and (iii) speeding up the process of auditing transient execution gadgets in the OS.
Paper: Perspective - ISCA'24
BIO: Dimitrios Skarlatos is an assistant professor in the Computer Science Department at Carnegie Mellon University. His research bridges computer architecture and operating systems, focusing on performance, security, and scalability. He has received several awards for his cross-cutting research including the NSF CAREER award, four Meta Faculty Awards in systems, AI, and security, the joint ACM SIGARCH & IEEE CS TCCA Outstanding Dissertation award, the David J. Kuck Outstanding Ph.D. Thesis Award, an ISCA Best Paper Award, two ASPLOS Best Paper Awards, and four IEEE MICRO Top Picks. Dimitrios has released several open-source frameworks, with some of his work upstreamed in Linux, adopted by Android, and deployed in production at Meta across millions of servers.
SPEAKER: Amarnath Jolad
Architect, Oracle
Breaking Barriers: Successful Strategies for Integrating RDMA in the Enterprise
Remote Direct Memory Access (RDMA) enables direct access to application memory across distributed compute or storage nodes in server clusters. By leveraging standards such as InfiniBand and RoCE (RDMA over Converged Ethernet), organizations can boost efficiency, reduce server count, and improve network performance. RDMA minimizes CPU overhead, enhances network efficiency, and supports scalability. This technology forms the foundation of the Oracle Exadata platform, an enterprise database platform designed to manage Oracle Database workloads of any size and importance. For instance, RDMA plays a crucial role in the Oracle Cache Fusion cluster database architecture.
However, integrating RDMA into mission-critical enterprise platforms presents unique challenges, including memory scalability (handling multi-terabytes per node), scaling connections across thousands of processes, and ensuring secure RDMA fabric in multi-tenant environments. This discussion examines these challenges and explores innovative solutions that enable the adoption of RDMA technology in the Oracle Exadata enterprise database platform.
BIO: Amarnath Jolad is an Architect in Oracle Database product development. His research interests include high performance networks (RDMA/InfiniBand/RoCE), interconnects (PCIe/CXL), accelerators, and distributed systems. His current research is focused on efficient and scalable parallel programs in a distributed computing environment. Prior to joining Oracle, he worked on clustered data protection systems, storage systems and networking (Fibre Channel/iSCSI/SRP). He holds Master’s degree in Telecom and Software Engineering.
Director, Parallel Data Lab
VOICE: (412) 268-1297
Executive Director, Parallel Data Lab
VOICE: (412) 268-5485
PDL Administrative Manager
VOICE: (412) 268-6716