8 research outputs found
Recommended from our members
Capability Memory Protection for Embedded Systems
This dissertation explores the use of capability security hardware and software in real-time and latency-sensitive embedded systems, to address existing memory safety and task isolation problems as well as providing new means to design a secure and scalable real-time system.
In addition, this dissertation looks into how practical and high-performance temporal memory safety can be achieved under a capability architecture.
State-of-the-art memory protection schemes for embedded systems typically present limited and inflexible solutions to memory protection and isolation, and fail to scale as embedded devices become more capable and ubiquitous.
I investigate whether a capability architecture is able to provide new angles to address memory safety issues in an embedded scenario.
Previous CHERI capability research focuses on 64-bit architectures in UNIX operating systems, which does not translate to typical 32-bit embedded processors with low-latency and real-time requirements.
I propose and implement the CHERI CC-64 encoding and the CHERI-64 coprocessor to construct a feasible capability-enabled 32-bit CPU.
In addition, I implement a real-time kernel for embedded systems atop CHERI-64.
On this hardware and software platform, I focus on exploring scalable task isolation and fine-grained memory protection enabled by capabilities in a single flat physical address space, which are otherwise difficult or impossible to achieve via state-of-the-art approaches.
Later, I present the evaluation of the hardware implementation and the software run-time overhead and real-time performance.
Even with capability support, CHERI-64 as well as other CHERI processors still expose major attack surfaces through temporal vulnerabilities like use-after-free.
A naive approach that sweeps memory to invalidate stale capabilities is inefficient and incurs significant cycle overhead and DRAM traffic.
To make sweeping revocation feasible, I introduce new architectural mechanisms and micro-architectural optimisations to substantially reduce the cost of memory sweeping and capability revocation.
Another factor of the cost is the frequency of memory sweeping.
I explore tradeoffs of memory allocator designs that use quarantine buffers and shadow space tags to prevent frequent unnecessary sweeping.
The evaluation shows that the optimisations and new allocator designs reduce the cost of capability sweeping revocation by orders of magnitude, making it already practical for most applications to adopt temporal safety under CHERI.CSC Cambridge Scholarshi
VISOR: virtual machine images management service for cloud infarestructures
Cloud Computing is a relatively novel paradigm that aims to fulfill the computing as utility dream. It has appeared to bring the possibility of providing computing resources (such as servers, storage and networks) as a service and on demand, making them accessible through common Internet protocols. Through cloud offers, users only need to pay for the amount of resources they
need and for the time they use them. Virtualization is the clouds key technology, acting upon virtual machine images to deliver fully functional virtual machine instances. Therefore, virtual machine images play an important role in Cloud Computing and their efficient management becomes a key concern that should be carefully addressed. To tackle this requirement, most cloud offers provide their own image repository, where images are stored and retrieved from, in order to instantiate new virtual machines. However, the rise of Cloud Computing has brought
new problems in managing large collections of images.
Existing image repositories are not able to efficiently manage, store and catalogue virtual machine images from other clouds through the same centralized service repository. This becomes especially important when considering the management of multiple heterogeneous cloud offers. In fact, despite the hype around Cloud Computing, there are still existing barriers to its widespread adoption. Among them, clouds interoperability is one of the most notable issues.
Interoperability limitations arise from the fact that current cloud offers provide proprietary interfaces, and their services are tied to their own requirements. Therefore, when dealing with multiple heterogeneous clouds, users face hard to manage integration and compatibility issues.
The management and delivery of virtual machine images across different clouds is an example of such interoperability constraints.
This dissertation presents VISOR, a cloud agnostic virtual machine images management service and repository. Our work towards VISOR aims to provide a service not designed to fit in a specific cloud offer but rather to overreach sharing and interoperability limitations among different clouds. With VISOR, the management of clouds interoperability can be seamlessly abstracted
from the underlying procedures details. In this way, it aims to provide users with the
ability to manage and expose virtual machine images across heterogeneous clouds, throughout the same generic and centralized repository and management service. VISOR is an open source software with a community-driven development process, thus it can be freely customized and further improved by everyone. The conducted tests to evaluate its performance and resources
usage rate have shown VISOR as a stable and high performance service, even when compared
with other services already in production. Lastly, placing clouds as the main target audience is not a limitation for other use cases. In fact, virtualization and virtual machine images are not exclusively linked to cloud environments. Therefore and given the service agnostic design concerns, it is possible to adapt it to other usage scenarios as well.A Computação em Nuvem (”Cloud Computing”) é um paradigma relativamente novo que visa
cumprir o sonho de fornecer a computação como um serviço. O mesmo surgiu para possibilitar o
fornecimento de recursos de computação (servidores, armazenamento e redes) como um serviço
de acordo com as necessidades dos utilizadores, tornando-os acessíveis através de protocolos de
Internet comuns. Através das ofertas de ”cloud”, os utilizadores apenas pagam pela quantidade
de recursos que precisam e pelo tempo que os usam. A virtualização é a tecnologia chave
das ”clouds”, atuando sobre imagens de máquinas virtuais de forma a gerar máquinas virtuais
totalmente funcionais. Sendo assim, as imagens de máquinas virtuais desempenham um papel
fundamental no ”Cloud Computing” e a sua gestão eficiente torna-se um requisito que deve ser
cuidadosamente analisado. Para fazer face a tal necessidade, a maioria das ofertas de ”cloud”
fornece o seu próprio repositório de imagens, onde as mesmas são armazenadas e de onde
são copiadas a fim de criar novas máquinas virtuais. Contudo, com o crescimento do ”Cloud
Computing” surgiram novos problemas na gestão de grandes conjuntos de imagens.
Os repositórios existentes não são capazes de gerir, armazenar e catalogar images de máquinas
virtuais de forma eficiente a partir de outras ”clouds”, mantendo um único repositório e serviço
centralizado. Esta necessidade torna-se especialmente importante quando se considera a gestão
de múltiplas ”clouds” heterogéneas. Na verdade, apesar da promoção extrema do ”Cloud Computing”, ainda existem barreiras à sua adoção generalizada. Entre elas, a interoperabilidade
entre ”clouds” é um dos constrangimentos mais notáveis. As limitações de interoperabilidade
surgem do fato de as ofertas de ”cloud” atuais possuírem interfaces proprietárias, e de os seus
serviços estarem vinculados às suas próprias necessidades. Os utilizadores enfrentam assim
problemas de compatibilidade e integração difíceis de gerir, ao lidar com ”clouds” de diferentes fornecedores. A gestão e disponibilização de imagens de máquinas virtuais entre diferentes
”clouds” é um exemplo de tais restrições de interoperabilidade.
Esta dissertação apresenta o VISOR, o qual é um repositório e serviço de gestão de imagens de máquinas virtuais genérico. O nosso trabalho em torno do VISOR visa proporcionar um
serviço que não foi concebido para lidar com uma ”cloud” específica, mas sim para superar as
limitações de interoperabilidade entre ”clouds”. Com o VISOR, a gestão da interoperabilidade
entre ”clouds” é abstraída dos detalhes subjacentes. Desta forma pretende-se proporcionar
aos utilizadores a capacidade de gerir e expor imagens entre ”clouds” heterogéneas, mantendo
um repositório e serviço de gestão centralizados. O VISOR é um software de código livre com
um processo de desenvolvimento aberto. O mesmo pode ser livremente personalizado e melhorado por qualquer pessoa. Os testes realizados para avaliar o seu desempenho e a taxa de
utilização de recursos mostraram o VISOR como sendo um serviço estável e de alto desempenho,
mesmo quando comparado com outros serviços já em utilização. Por fim, colocar as ”clouds”
como principal público-alvo não representa uma limitação para outros tipos de utilização. Na
verdade, as imagens de máquinas virtuais e a virtualização não estão exclusivamente ligadas a
ambientes de ”cloud”. Assim sendo, e tendo em conta as preocupações tidas no desenho de um
serviço genérico, também é possível adaptar o nosso serviço a outros cenários de utilização
Recommended from our members
System Design for Software Packet Processing
The role of software in computer networks has never been more crucial than today, with the advent of Internet-scale services and cloud computing. The trend toward software-based network dataplane—as in network function virtualization—requires software packet processing to meet challenging perfomance requirements, such as supporting exponentially increasing link bandwidth and microsecond-order latency. Many architectural aspects of existing software systems for packet processing, however, are decades old and ill-suited totoday’s network I/O workloads.In this dissertation, we explore the design space of high-performance software packet processing systems in the context of two application domains, . First, we start by discussingthe limitations of BSD Socket, which is a de-facto standard in network I/O for server applications. We quantify its performance limitations and propose a clean-slate API, called MegaPipe, as an alternative to BSD Socket. In the second part of this dissertation, we switch our focus to in-network software systems for network functions, such as network switches and middleboxes. We present Berkeley Extensible Software Switch (BESS), a modular framework for building extensible network functions. BESS introduces various novel techniques to achieve high-performance software packet processing, without compromising on either programmability or flexibility