131,909 research outputs found
Network emulation focusing on QoS-Oriented satellite communication
This chapter proposes network emulation basics and a complete case study of QoS-oriented Satellite Communication
Enabling preemptive multiprogramming on GPUs
GPUs are being increasingly adopted as compute accelerators in many domains, spanning environments from mobile systems to cloud computing. These systems are usually running multiple applications, from one or several users. However GPUs do not provide the support for resource sharing traditionally expected in these scenarios. Thus, such systems are unable to provide key multiprogrammed workload requirements, such as responsiveness, fairness or quality of service. In this paper, we propose a set of hardware extensions that allow GPUs to efficiently support multiprogrammed GPU workloads. We argue for preemptive multitasking and design two preemption mechanisms that can be used to implement GPU scheduling policies. We extend the architecture to allow concurrent execution of GPU kernels from different user processes and implement a scheduling policy that dynamically distributes the GPU cores among concurrently running kernels, according to their priorities. We extend the NVIDIA GK110 (Kepler) like GPU architecture with our proposals and evaluate them on a set of multiprogrammed workloads with up to eight concurrent processes. Our proposals improve execution time of high-priority processes by 15.6x, the average application turnaround time between 1.5x to 2x, and system fairness up to 3.4x.We would like to thank the anonymous reviewers, Alexan-
der Veidenbaum, Carlos Villavieja, Lluis Vilanova, Lluc Al-
varez, and Marc Jorda on their comments and help improving
our work and this paper. This work is supported by Euro-
pean Commission through TERAFLUX (FP7-249013), Mont-
Blanc (FP7-288777), and RoMoL (GA-321253) projects,
NVIDIA through the CUDA Center of Excellence program,
Spanish Government through Programa Severo Ochoa (SEV-2011-0067) and Spanish Ministry of Science and Technology
through TIN2007-60625 and TIN2012-34557 projects.Peer ReviewedPostprint (author’s final draft
Cuckoo: a Language for Implementing Memory- and Thread-safe System Services
This paper is centered around the design of a thread- and memory-safe language, primarily for the compilation of application-specific services for extensible operating systems. We describe various issues that have influenced the design of our language, called Cuckoo, that guarantees safety of programs with potentially asynchronous flows of control. Comparisons are drawn between Cuckoo and related software safety techniques, including Cyclone and software-based fault isolation (SFI), and performance results suggest our prototype compiler is capable of generating safe code that executes with low runtime overheads, even without potential code optimizations. Compared to Cyclone, Cuckoo is able to safely guard accesses to memory when programs are multithreaded. Similarly, Cuckoo is capable of enforcing memory safety in situations that are potentially troublesome for techniques such as SFI
Dynamic and Transparent Analysis of Commodity Production Systems
We propose a framework that provides a programming interface to perform
complex dynamic system-level analyses of deployed production systems. By
leveraging hardware support for virtualization available nowadays on all
commodity machines, our framework is completely transparent to the system under
analysis and it guarantees isolation of the analysis tools running on its top.
Thus, the internals of the kernel of the running system needs not to be
modified and the whole platform runs unaware of the framework. Moreover, errors
in the analysis tools do not affect the running system and the framework. This
is accomplished by installing a minimalistic virtual machine monitor and
migrating the system, as it runs, into a virtual machine. In order to
demonstrate the potentials of our framework we developed an interactive kernel
debugger, nicknamed HyperDbg. HyperDbg can be used to debug any critical kernel
component, and even to single step the execution of exception and interrupt
handlers.Comment: 10 pages, To appear in the 25th IEEE/ACM International Conference on
Automated Software Engineering, Antwerp, Belgium, 20-24 September 201
On Making Emerging Trusted Execution Environments Accessible to Developers
New types of Trusted Execution Environment (TEE) architectures like TrustLite
and Intel Software Guard Extensions (SGX) are emerging. They bring new features
that can lead to innovative security and privacy solutions. But each new TEE
environment comes with its own set of interfaces and programming paradigms,
thus raising the barrier for entry for developers who want to make use of these
TEEs. In this paper, we motivate the need for realizing standard TEE interfaces
on such emerging TEE architectures and show that this exercise is not
straightforward. We report on our on-going work in mapping GlobalPlatform
standard interfaces to TrustLite and SGX.Comment: Author's version of article to appear in 8th Internation Conference
of Trust & Trustworthy Computing, TRUST 2015, Heraklion, Crete, Greece,
August 24-26, 201
Quire: Lightweight Provenance for Smart Phone Operating Systems
Smartphone apps often run with full privileges to access the network and
sensitive local resources, making it difficult for remote systems to have any
trust in the provenance of network connections they receive. Even within the
phone, different apps with different privileges can communicate with one
another, allowing one app to trick another into improperly exercising its
privileges (a Confused Deputy attack). In Quire, we engineered two new security
mechanisms into Android to address these issues. First, we track the call chain
of IPCs, allowing an app the choice of operating with the diminished privileges
of its callers or to act explicitly on its own behalf. Second, a lightweight
signature scheme allows any app to create a signed statement that can be
verified anywhere inside the phone. Both of these mechanisms are reflected in
network RPCs, allowing remote systems visibility into the state of the phone
when an RPC is made. We demonstrate the usefulness of Quire with two example
applications. We built an advertising service, running distinctly from the app
which wants to display ads, which can validate clicks passed to it from its
host. We also built a payment service, allowing an app to issue a request which
the payment service validates with the user. An app cannot not forge a payment
request by directly connecting to the remote server, nor can the local payment
service tamper with the request
VXA: A Virtual Architecture for Durable Compressed Archives
Data compression algorithms change frequently, and obsolete decoders do not
always run on new hardware and operating systems, threatening the long-term
usability of content archived using those algorithms. Re-encoding content into
new formats is cumbersome, and highly undesirable when lossy compression is
involved. Processor architectures, in contrast, have remained comparatively
stable over recent decades. VXA, an archival storage system designed around
this observation, archives executable decoders along with the encoded content
it stores. VXA decoders run in a specialized virtual machine that implements an
OS-independent execution environment based on the standard x86 architecture.
The VXA virtual machine strictly limits access to host system services, making
decoders safe to run even if an archive contains malicious code. VXA's adoption
of a "native" processor architecture instead of type-safe language technology
allows reuse of existing "hand-optimized" decoders in C and assembly language,
and permits decoders access to performance-enhancing architecture features such
as vector processing instructions. The performance cost of VXA's virtualization
is typically less than 15% compared with the same decoders running natively.
The storage cost of archived decoders, typically 30-130KB each, can be
amortized across many archived files sharing the same compression method.Comment: 14 pages, 7 figures, 2 table
- …