the bad neighbor
play

The Bad Neighbor Out-of-Order Execution and Its Applications - PowerPoint PPT Presentation

Oct 03, 2023 •553 likes •1.83k views

The Bad Neighbor Out-of-Order Execution and Its Applications Sophia dAntoine November 7th, 2017 1 whoami Masters in CS from RPI - Exploiting Intels CPU pipelines Work at Trail of Bits - Senior Security Researcher - Program

  1. Optimizations! - Processor Register and Functional Unit - Out-Of-Order Execution - Speculative Execution - Branch Prediction - 1 Pipeline, multiple execution units - i.e. Integer ALU and FPU (adder, multiplier and divider) share a pipeline - Data cache pseudo-dual ported via interleaving - “ Long latency operations can proceed in parallel with short latency operations.”

  2. Optimizations! - Processor Register and Functional Unit - Out-Of-Order Execution - Speculative Execution - Branch Prediction - 1 Pipeline, multiple execution units - i.e. Integer ALU and FPU (adder, multiplier and divider) share a pipeline - Data cache pseudo-dual ported via interleaving - “ Long latency operations can proceed in parallel with short latency operations.”

  3. Optimizations! L1 Data Cache Loads can: - Read data before preceding stores when the load address and store address ranges are known not to Confict. - Be carried out speculatively, before preceding branches are resolved. - T ake cache misses out of order and in an overlapped manner.

  4. Optimizations!

  5. Speculative Execution

  6. Speculative Execution mov rax,[addr_0] mov rbx,[addr_1]

  7. Speculative Execution mov rax,[addr_0] add rax, 1 mov rbx,[rax + addr_1]

  8. Speculative Execution mov rax,[addr_0] add rax, 1 mov rbx,[rax + addr_1] Time Memory Load

  9. Speculative Execution Uses: Arbitrary Kernel Memory Leak! mov rax,[k_addr] - Interrupt occurs - Undefned behavior - Timing of fnished instruction execution and actual retirement - mov potentially sets the results in the reorder bufer Goal: Speculatively execute instructions after mov, based on reorder bufer value.

  10. Speculative Execution syscall Force target into cache mov rax,[k_addr] Guessed address add rax, 1 mov rbx,[rax + addr_1] Time to validate guess

  11. Speculative Execution: T omasulo algorithm L1 Data Cache syscall Reorder Commit Bufger [k_addr] mov rax,[k_addr] u_val add rax, 1 mov rbx,[rax + addr_1 u_val

  12. Speculative Execution: T omasulo algorithm L1 Data Cache syscall Reorder Commit Bufger [k_addr] mov rax,[k_addr] u_val add rax, 1 k_val INT! mov rbx,[rax + addr_1 u_val

  13. Speculative Execution: T omasulo algorithm L1 Data Cache syscall Reorder Commit Bufger [k_addr] mov rax,[k_addr] u_val add rax, 1 k_val INT! mov rbx,[rax + addr_1 u_val k_val + 1 u_addr value [k_val+1]

  14. Speculative Execution: T omasulo algorithm L1 Data Cache syscall Reorder Commit Bufger [k_addr] mov rax,[k_addr] u_val add rax, 1 k_val INT! mov rbx,[rax + addr_1 u_val k_val + 1 u_addr value [k_val+1] time!

  15. Speculative Execution T est target: Intel Broadwell CPU - While goal k_addr value might not be given directly - Use cache side channel to verify result or not - Failed on this target, but... - Does process illegal read from k_addr (!) - Does not copy value into reorder bufer :< - Loads from data cache during speculative execution - Speculative execution & data loads do occur after violation of kernel/user read

  16. Speculative Execution T est target: Intel Broadwell CPU - While goal k_addr value might not be given directly - Use cache side channel to verify result or not - Failed on this target, but... - Does process illegal read from k_addr (!) - Does not copy value into reorder bufer :< - Loads from data cache during speculative execution - Speculative execution & data loads do occur after violation of kernel/user read T o be continued….

  17. Acknowledgements co-author: Jeremy Blackthorne advisor: Bulent Yener Trail of Bits Ryan Stortz, Jef Preshing, Anders Fogh https://www.sophia.re/SC http://preshing.com/20120515/memory-reordering-caught-in-the-act/ http://blog.stufedcow.net/2014/01/x86-memory-disambiguation/ https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/ https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf

  18. Any Questions? IRC: quend email: sophia@trailofbits.com website: www.sophia.re 63

  19. The Bad Neighbor Out-of-Order Execution and Its Applications Sophia d’Antoine November 7th, 2017 1

  20. whoami Masters in CS from RPI - Exploiting Intel’s CPU pipelines Work at Trail of Bits - Senior Security Researcher - Program Analysis / Ethereum Smart Contracts DEFCON (CTF), CSAW Stats - 12 Conferences Worldwide - 3 Program Committees - 2 Security Panels - 1 Paper Published - 1 Keynote 2 Blackhat, HITB, RECon, Cansecwest. Mention CTF got into it. DEFCON CTF Program analysis work automation, etc. Cyber Transition Team?

  21. Side Channels Hardware Side Channels in Virtualized Environments 3

  22. What are side channel attacks? - Attacker can observe the target system. Must be ‘neighboring’ or co-located. - Ability to repeatedly query the system for leaked artifacts. - Artifacts: changes in how a process interacts with the computer 4

  23. Variety of Side Channels Diferent target systems implies diferent methods for observing. - Fault attacks - Requires access to the hardware. - Simple power analysis - Requires proximity to the system. - Power consumption measurement mapped to behavior. - Diferent power analysis - Requires proximity to the system. - Statistics and error correction gathered over time. - Timing attacks - Requires same process co-location. - Network packet delivery, cache misses, resource contention. 5 Crypto stuff

  24. Information gained through recordable changes in the system t = n Powered sampled at even intervals across P RSA > T Implementation: time. The Black Box 6

  25. Side Channel Checklist - Transmitter Target Malicious actor - Deterministic cause and efect. - Receiver “Transmitt “Receiver - Record changes in environment er” ” without altering its readings leak measure - Medium artifacts artifacts - Shared environment - Accountable sources of noise Shared Environment 7 Software AND Hardware both

  26. Targeting Hardware The Hidden Attack Surface 8

  27. Communication Between Processes Using Hardware Malicious Malicious Transmitter Receiver Hardware 9 Software AND Hardware both

  28. Available Hardware Shared environment on computers, accessible from software processes. Hardware resources shared between processes. - Processors (CPU/ GPU) - Cache Tiers - System Buses - Main Memory - Hard Disk Drive 10 Software AND Hardware both

  29. Side Channel Attacks Over Hardware Physical co-location leads to side channel vulnerabilities. - Processes share hardware resources - Dynamic translation based on need - Allocation causes contention 11 Software AND Hardware both

  30. Cloud Computing (IaaS) Perfect environment for hardware based side channels: - Virtual instances - Hypervisor schedules resources between all processors on a server Dynamic allocation - Reduces cost 12 Software AND Hardware both

  31. Vulnerable Scenarios in the Cloud - Sensitive data stored remotely - Vulnerable host - Untrusted host - Co-located with a foreign VM 13 Software AND Hardware both

  32. Building A Novel Attack A Side Channel Recipe 14

  33. Cloud Computing Side Channel Scenarios Shared hardware Dynamically allocated hardware resources Co-Location with adversarial VMs, infected VMs, or Processes VM VM VM VM VM P P P P P P H H 15 Software AND Hardware both

  34. Cloud Computing Side Channel - Primitives Medium: Shared artifact from a hardware unit ”Privilege Separation”: Virtual Machine or process Method: Information gained through recordable changes in the system Vulnerability: Translation between physical and virtual, dynamic! 16 Software AND Hardware both

  35. First Ingredient: Hardware Medium Choose Medium: Measure shared hardware unit’s changes over time - Cache - Processor - System Bus - Main Memory - HDD Software AND Hardware both

  36. Second Ingredient: Measuring Device Choose Vulnerability: Measure artifact of shared resource. - Timing attacks (usually best choice) - Cache misses, stored value farther away in memory - Value Errors - Computation returns unexpected result - Resource contention - Locking the memory bus - Other measurements recordable from inside a process, in a VM Software AND Hardware both

  37. Third Ingredient: Attack Model Choose S/R Model: What processes are involved in creating the channel depend on intended use cases. - Transmit only - Application: DoS Attack That’s a - Sender only 10 - Record only - Application: Crypto key theft - Receiver only - Bi-way - Application: Communication channel Software AND Hardware both

  38. Some channels are easier than others…. Case Study 1: Locking the memory bus - Pro: efcient, no noise, good bandwidth - Con: highly noticeable Case Study 2: Everyone loves Cache. - Pro: hardware medium is ‘static’ - Con: most common, mitigations are quickly developed Software AND Hardware both

  39. Some channels are easier than others…. T echnical Difculties: ● Querying the specifc hardware unit ● Difculty/ reliability unique to each hardware unit ● Number of repeated measurements possible ● Frequency of measurements allowed Software AND Hardware both

  40. Measuring Devices for Hardware Mediums Software AND Hardware both

  41. Some Example Hardware Side Channels Medium Transmission Reception Constraints Need to Share L1 Cache Prime Probe Timing Processor Space Caches Missing Causes L2 Cache Prime Probe/ Preemption Timing Noise Measure Address Peripheral Threads Main Memory SMT Paging Space Create Noise Halts all Processes Memory Bus Lock & Unlock Memory Bus Measure Access Requiring the Bus CPU Functional mo' Threads, mo' Units Resource Eviction & Usage Timing Problems Hard Disc Contention - Dependent on multiple Hard drive Access Files Frantically Timing readings of files See how they all follow the recipe. Existing work. Abstraction is KEY!

  42. A Novel Attack 1) Medium: CPU Pipeline Optimization 2) Vulnerability: Erroneous Values. Computation returns unexpected result (SMT optimizations). 3) Model: Develop both a sender and receiver General setup: Cross VM or Process. Smt optimizations are key for this pipeline attack. Optimizations are a great vulnerability in general.

  43. CPU Optimizations Uses of Out-Of-Order Execution 25

  44. A Novel Attack Side Channel exploiting the pipeline’s common optimization of re-ordering instructions. - Regardless of process ownership - Some re-ordering fails and computation result changes Smt optimizations are key for this pipeline attack. Optimizations are a great vulnerability in general.

  45. Receiver: Measuring OoOE Smt optimizations are key for this pipeline attack. Optimizations are a great vulnerability in general.

  46. THREAD 1 THREAD 2 store store => r1 = r2 = Synche [X], 1 [Y], 1 d 1 load r1, load r2, [Y] [X] store store Asynch => r1 = 0 r2 [X], 1 [Y], 1 ed = 1 load r1, load r2, [Y] [X] load r1, load r2, Out of => r1 = r2 = [Y] [X] Order Executi 0 store store on [X], 1 [Y], 1

  47. Receiver: Measuring OoOE int X,Y,count_OoOE; ….initialize semaphores Sema1 & Sema2… pthread_t thread1, thread2; pthread_create(&threadN, NULL, threadNFunc, NULL); for (int iterations = 1; ; iterations++) X,Y = 0; sem_post(beginSema1 & beginSema2); sem_wait(endSema1 & endSema2); if (r1 == 0 && r2 == 0) count_OoOE ++; Smt optimizations are key for this pipeline attack. Optimizations are a great vulnerability in general.

  48. Sender: Transmit OoOE Force Deterministic Memory Reordering: - Compile-time vs Runtime Reordering Runtime: - Usually strong memory model: x86/64 (mostly sequentially consistent) - Weaker models (data dependency re-ordering): arm, powerpc Barriers: - 4 types of run time reordering barriers - #StoreLoad most expensive

  49. Sender: Transmit OoOE Memory Fences Mfence: - x86 instruction full memory barrier - prevents memory reordering of any kind - order of 100 cycles per operation - lock-free programming on SMT multiprocessors 2 types of memory reordering, GCC Multithreaded Programs Or pipeline type

  50. Sender: Transmit OoOE mfence (x86) #StoreLoad unique prevents r1=r2=0 2 types of memory reordering, GCC Multithreaded Programs Or pipeline type

  51. T esting: Hardware Architectures Lab Setup: - Intel’s Core Duo, Xeon Architecture - Each processor has two cores - The Xen hypervisor schedules between all processors on a server - Each core then allocates processes on its pipeline Notes: - Multiple processes run on a single pipeline (SMT) - Relaxed memory model 2 types of memory reordering, GCC Multithreaded Programs Or pipeline type

  52. T esting: Setup 6 Windows 7 VM’s VM1 VM2 VM3 VM4 VM5 VM6 P1 P2 P3 P4 CPU1 CPU1 2 types of memory reordering, GCC Multithreaded Programs Or pipeline type

  53. T esting: Setup V 6 Windows 7 VM’s VM VM VM M VM1 VM2 VM3 VM4 VM5 VM6 S/R S/R S/R S/R Pipeline SMT Core01 Core02 P1 P2 P3 P4 Executing Optimizes Instructions Shared CPU1 CPU1 From Foreign Hardware Processor Applications 2 types of memory reordering, GCC Multithreaded Programs Or pipeline type

  54. T esting: Results Sending signal: 001000. 1 0 0 0 0 0 Process changes signature of queried hardware unit over time MALWARE USES ETC

  55. T esting: Results Benefts: - Harder for a intelligent hypervisor to detect, quiet - Eavesdropping sufciently mutilates channel - System artifacts sent and queried dynamically - Not afected by cache misses - Channel amplifed with system noise - Immediately useful for malware, leaking system behavior, environmental keying, algorithm identifcation More Info: https://www.sophia.re/SC

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSCI 447/547 MACHINE LEARNING Outline Nearest Neighbor K-Nearest Neighbor Algorithm

CSCI 447/547 MACHINE LEARNING Outline Nearest Neighbor K-Nearest Neighbor Algorithm

Nearest Neighbor CSCI 447/547 MACHINE LEARNING Outline Nearest Neighbor K-Nearest Neighbor Algorithm Note: Slides were adapted from David Sontag, New York University (who adapted them from Vibhav Gogate, Carlos Questrin, Mehryar

200 views • 16 slides
Scaling IPv6 Neighbor Discovery Ben Mack-Crane ( ben.mackcrane@huawei.com ) Overview of Neighbor

Scaling IPv6 Neighbor Discovery Ben Mack-Crane ( ben.mackcrane@huawei.com ) Overview of Neighbor

Scaling IPv6 Neighbor Discovery Ben Mack-Crane ( ben.mackcrane@huawei.com ) Overview of Neighbor Discovery Protocol IPv6 nodes on the same LAN use Neighbor Discovery (RFC4861) to to find routers and discover link and network parameters,

310 views • 10 slides
Nearest Neighbor Classification Machine Learning 1 This lecture K-nearest neighbor

Nearest Neighbor Classification Machine Learning 1 This lecture K-nearest neighbor

Nearest Neighbor Classification Machine Learning 1 This lecture K-nearest neighbor classification The basic algorithm Different distance measures Some practical aspects Voronoi Diagrams and Decision Boundaries What is the

893 views • 57 slides
Learning From Data Lecture 16 Similarity and Nearest Neighbor Similarity Nearest Neighbor M.

Learning From Data Lecture 16 Similarity and Nearest Neighbor Similarity Nearest Neighbor M.

Learning From Data Lecture 16 Similarity and Nearest Neighbor Similarity Nearest Neighbor M. Magdon-Ismail CSCI 4100/6100 My 5-Year-Old Called It A ManoHorse The simplest method of learning that we know. Classify according to similar

331 views • 16 slides
Example Im at work, neighbor John calls to say my alarm is ringing, but neighbor Mary doesnt

Example Im at work, neighbor John calls to say my alarm is ringing, but neighbor Mary doesnt

Example Im at work, neighbor John calls to say my alarm is ringing, but neighbor Mary doesnt call. Sometimes its set o ff by minor earthquakes. Is there a burglar? Variables: Burglar , Earthquake , Alarm , JohnCalls , MaryCalls Network

849 views • 55 slides
Proximity in the Age of Distraction: Robust Approximate Nearest Neighbor Search Sariel Har-Peled

Proximity in the Age of Distraction: Robust Approximate Nearest Neighbor Search Sariel Har-Peled

Proximity in the Age of Distraction: Robust Approximate Nearest Neighbor Search Sariel Har-Peled Sepideh Mahabadi UIUC MIT Nearest Neighbor Problem Nearest Neighbor Dataset of points in a metric space (, ) , e.g.

967 views • 81 slides
BAYES AND NEAREST NEIGHBOR BAYES AND NEAREST NEIGHBOR CLASSIFIERS CLASSIFIERS Matthieu R Bloch

BAYES AND NEAREST NEIGHBOR BAYES AND NEAREST NEIGHBOR CLASSIFIERS CLASSIFIERS Matthieu R Bloch

BAYES AND NEAREST NEIGHBOR BAYES AND NEAREST NEIGHBOR CLASSIFIERS CLASSIFIERS Matthieu R Bloch Tuesday, January 21, 2020 1 LOGISTICS LOGISTICS TAs and Office hours Monday: Mehrdad (TSRB 523a) - 2pm-3:15pm Tuesday: TJ (VL C449 Cubicle D) -

362 views • 12 slides
On Optimal Neighbor Discovery Philipp H. Kindt philipp.kindt@tum.de SIGCOMM19, Beijing CH

On Optimal Neighbor Discovery Philipp H. Kindt philipp.kindt@tum.de SIGCOMM19, Beijing CH

On Optimal Neighbor Discovery Philipp H. Kindt philipp.kindt@tum.de SIGCOMM19, Beijing CH 918/5-1 - Slotless Neighbor Discovery Neighbor Discovery in MANETs Pairwise Groupwise Pairwise in Groups Realizing Neighbor Discovery

747 views • 19 slides
High-Dimensional Nearest Neighbor Search High-Dimensional Nearest Neighbor Search Who?

High-Dimensional Nearest Neighbor Search High-Dimensional Nearest Neighbor Search Who?

High-Dimensional Nearest Neighbor Search High-Dimensional Nearest Neighbor Search Who? About Cliqz and me What? Problem statement Why? Applications How? Exact solutions in low dimensions Approximate

690 views • 19 slides
NEAREST NEIGHBOR RULE Jeff Robble, Brian Renzenbrink, Doug Roberts Nearest Neighbor Rule

NEAREST NEIGHBOR RULE Jeff Robble, Brian Renzenbrink, Doug Roberts Nearest Neighbor Rule

NEAREST NEIGHBOR RULE Jeff Robble, Brian Renzenbrink, Doug Roberts Nearest Neighbor Rule Consider a test point x. x is the closest point to x out of the rest of the test points. Nearest Neighbor Rule selects the class for x with the

573 views • 33 slides
Simultaneous Nearest Neighbor Search Piotr Indyk Robert Kleinberg MIT Cornell Sepideh

Simultaneous Nearest Neighbor Search Piotr Indyk Robert Kleinberg MIT Cornell Sepideh

Simultaneous Nearest Neighbor Search Piotr Indyk Robert Kleinberg MIT Cornell Sepideh Mahabadi Yang Yuan MIT Cornell Nearest Neighbor Dataset of points in a metric space (, ) 6/17/2016 2 Nearest Neighbor

883 views • 69 slides
Nearest neighbor methods Lecture 11 David Sontag New York

Nearest neighbor methods Lecture 11 David Sontag New York

Nearest neighbor methods Lecture 11 David Sontag New York University Slides adapted from Vibhav Gogate, Carlos Guestrin, Mehryar Mohri, &amp; Luke Zettlemoyer Nearest Neighbor Algorithm

311 views • 20 slides
Average - case Lower Bounds for Approximate Near - Neighbor fs om Isoperimetric Inequalities

Average - case Lower Bounds for Approximate Near - Neighbor fs om Isoperimetric Inequalities

Simple Average - case Lower Bounds for Approximate Near - Neighbor fs om Isoperimetric Inequalities Yitong Yin Nanjing University Nearest Neighbor Search ( NNS ) metric space ( X, dist) query x X database access y = ( y 1 , y 2 , . . . , y

384 views • 26 slides
My New Neighbor LESSON 7 Your Response to the Lesson What was most interesting in the Bible

My New Neighbor LESSON 7 Your Response to the Lesson What was most interesting in the Bible

My New Neighbor LESSON 7 Your Response to the Lesson What was most interesting in the Bible story? What activity was most enjoyable? What new things did you learn? Activity A Find-a-Neighbor Party How do you like to celebrate with others?

357 views • 22 slides
Intrinsic t-Stochastic Neighbor Embedding for Visualization and Outlier Detection A Remedy

Intrinsic t-Stochastic Neighbor Embedding for Visualization and Outlier Detection A Remedy

Intrinsic t-Stochastic Neighbor Embedding for Visualization and Outlier Detection A Remedy Against the Curse of Dimensionality? Erich Schubert, Michael Gertz October 4, 2017, Munich, Germany Heidelberg University t-Stochastic Neighbor

691 views • 32 slides
MATTHEW 5:43 You have heard that it was said, Love your neighbor and hate your enemy.

MATTHEW 5:43 You have heard that it was said, Love your neighbor and hate your enemy.

MATTHEW 5:43 You have heard that it was said, Love your neighbor and hate your enemy. LEVITICUS 19:18 Do not seek revenge or bear a grudge against anyone among your people, but love your neighbor as yourself. I am the Lord. MATTHEW

355 views • 13 slides
Bridging the Gap Between Binary and Multiparty Communications Jorge A. P erez University of

Bridging the Gap Between Binary and Multiparty Communications Jorge A. P erez University of

Bridging the Gap Between Binary and Multiparty Communications Jorge A. P erez University of Groningen (NL) Joint work with Lu s Caires - Universidade NOVA de Lisboa (PT) Open Problems in Concurrency Theory (OPCT) Bertinoro, June 2014

923 views • 58 slides
Lecture 17 C = Q Capacitance: V C = Q Q = 0 A Ed = d Q/A d 0

Lecture 17 C = Q Capacitance: V C = Q Q = 0 A Ed = d Q/A d 0

Lecture 17 C = Q Capacitance: V C = Q Q = 0 A Ed = d Q/A d 0 Units: Coulomb = Farad Volts Computer Key Bu2on Es6mate Capacitance: A 1 cm 2 1 4 k 8 . 885 10 12

225 views • 11 slides
CSC373 Algorithm Design, Analysis &amp; Complexity Nisarg Shah 373F20 - Nisarg Shah 1

CSC373 Algorithm Design, Analysis &amp; Complexity Nisarg Shah 373F20 - Nisarg Shah 1

CSC373 Algorithm Design, Analysis &amp; Complexity Nisarg Shah 373F20 - Nisarg Shah 1 Introduction Totally useless Instructors this semester! Nisarg Shah o cs.toronto.edu/~nisarg, nisarg@cs, SF 2301C o LEC 0101 and 0102 TAs: Too

1.05k views • 68 slides
Position: Synergetic Effects of Software and Hardware Parameters on the LSM System Authors:

Position: Synergetic Effects of Software and Hardware Parameters on the LSM System Authors:

Position: Synergetic Effects of Software and Hardware Parameters on the LSM System Authors: Jinghuan Yu, Heejin Yoon* Sam H. Noh*, Young-ri Choi*, Chun Jason Xue * Log Structured Merge-tree (LSM) Specific designs for HDD and write-intensive

632 views • 11 slides
Light Lab Intro Questions 1. How would you describe light to a person who cannot see? Exploring

Light Lab Intro Questions 1. How would you describe light to a person who cannot see? Exploring

Light Lab Intro Questions 1. How would you describe light to a person who cannot see? Exploring the Properties of Light Why are we studying the behavior of light? Most what we know about space comes from studying light! Not just visible

354 views • 17 slides
Insolvent Estates and Trusts Toby Bishop and Raj Arumugam 18 September, 2020 www.5sblaw.com

Insolvent Estates and Trusts Toby Bishop and Raj Arumugam 18 September, 2020 www.5sblaw.com

Insolvent Estates and Trusts Toby Bishop and Raj Arumugam 18 September, 2020 www.5sblaw.com 18 September, 2020 Insolvent Estates and Trusts DISCLAIMER Neither these notes nor the talk based on them nor anything said in the discussion

610 views • 37 slides
The NIH Leave Bank: Overview and Best Practices Alexandra Ratie: NIH Leave Bank Program Manager

The NIH Leave Bank: Overview and Best Practices Alexandra Ratie: NIH Leave Bank Program Manager

The NIH Leave Bank: Overview and Best Practices Alexandra Ratie: NIH Leave Bank Program Manager And Mallory McCormick, Supervisor, Payroll Liaison Unit Benefits and Payroll Liaison Branch Workforce Relations Division, NIH OHR Agenda

272 views • 23 slides
Demo mograp graphic hic &amp; Op Oppor portunity tunity Stu tudy dy April 2011 Demograph

Demo mograp graphic hic &amp; Op Oppor portunity tunity Stu tudy dy April 2011 Demograph

Demo mograp graphic hic &amp; Op Oppor portunity tunity Stu tudy dy April 2011 Demograph ographic ic and Oppor ortunit nity Study udy Obj bject ectives es To prepare for future opportunities and challenges of the local Jewish

801 views • 67 slides

More recommend