Application-Aware Reliability and Security: The Trusted ILLIAC Approach

Security and reliability are the key attributes in building highly trusted systems. System security violations (e.g., unauthorized privileged access or the compromising of data integrity) and reliability failures can be caused by hardware problems (transient or intermittent), software bugs, resource exhaustion, environmental conditions, or any complex interaction among these factors. To build a truly trustworthy system, the designer must find ways to mitigate (avoid and tolerate) against accidental errors and malicious attacks. Trusted ILLIAC 1 is a reliable and secure clustercomputing platform being built at the University of Illinois Coordinated Science Laboratory (CSL) and Information Trust Institute (ITI), involving faculty from Electrical and Computer Engineering and Computer Science Departments. Trusted ILLIAC is intended to be a large, demonstrably trustworthy cluster-computing system to support what is variously referred to as on-demand/utility computing or adaptive enterprise computing. Such systems require that a significant number of applications co-exist and share hardware/software resources using a variety of containment boundaries. Current solutions aim at providing hardware and software solutions that can only be described as a one-size-fits-all approaches. Today’s environments are complex, expensive to implement, and nearly impossible to validate. The challenge is to provide an application-specific level of reliability and security in a totally transparent manner, while delivering optimal performance. A promising approach lies in developing a new set of application-aware methods that provide customized levels of trust (specified by the application) enforced using an integrated approach 1 Trusted ILLIAC is based on research and support provided by, among others, The National Science Foundation, MARCO/GSRC (SRC and DARPA), IBM, HP, AT&T, AMD, Intel, Motorola, XILINX, Nallatech, and the University of Illinois. involving reprogrammable hardware, enhanced compiler methods to extract security and reliability properties, and the support of configurable operating system and middleware. Our approach is to demonstrate such a set of integrated techniques that span entire system hierarchy: processor hardware, operating system, middleware, and application. At the processor level, a Reliability and Security Engine (RSE) provides a hardware framework that enables embedding low-cost, programmable hardware modules to provide application-aware error detection and security services (e.g., process hang detection, selective duplication of the instruction stream, and detection of memory-corruption