30,160 research outputs found
Identifying Native Applications with High Assurance
The work described in this paper investigates the problem
of identifying and deterring stealthy malicious processes on
a host. We point out the lack of strong application iden-
tication in main stream operating systems. We solve the
application identication problem by proposing a novel iden-
tication model in which user-level applications are required
to present identication proofs at run time to be authenti-
cated by the kernel using an embedded secret key. The se-
cret key of an application is registered with a trusted kernel
using a key registrar and is used to uniquely authenticate
and authorize the application. We present a protocol for
secure authentication of applications. Additionally, we de-
velop a system call monitoring architecture that uses our
model to verify the identity of applications when making
critical system calls. Our system call monitoring can be
integrated with existing policy specication frameworks to
enforce application-level access rights. We implement and
evaluate a prototype of our monitoring architecture in Linux
as device drivers with nearly no modication of the ker-
nel. The results from our extensive performance evaluation
shows that our prototype incurs low overhead, indicating the
feasibility of our model
A Hardware Time Manager Implementation for the Xenomai Real-Time Kernel of Embedded Linux
Nowadays, the use of embedded operating systems in different embedded
projects is subject to a tremendous growth. Embedded Linux is becoming one of
those most popular EOSs due to its modularity, efficiency, reliability, and
cost. One way to make it hard real-time is to include a real-time kernel like
Xenomai. One of the key characteristics of a Real-Time Operating System (RTOS)
is its ability to meet execution time deadlines deterministically. So, the more
precise and flexible the time management can be, the better it can handle
efficiently the determinism for different embedded applications. RTOS time
precision is characterized by a specific periodic interrupt service controlled
by a software time manager. The smaller the period of the interrupt, the better
the precision of the RTOS, the more it overloads the CPU, and though reduces
the overall efficiency of the RTOS. In this paper, we propose to drastically
reduce these overheads by migrating the time management service of Xenomai into
a configurable hardware component to relieve the CPU. The hardware component is
implemented in a Field Programmable Gate Array coupled to the CPU. This work
was achieved in a Master degree project where students could apprehend many
fields of embedded systems: RTOS programming, hardware design, performance
evaluation, etc.Comment: Embed With Linux (EWiLi) workshop, Lorient : France (2012
Linux kernel compaction through cold code swapping
There is a growing trend to use general-purpose operating systems like Linux in embedded systems. Previous research focused on using compaction and specialization techniques to adapt a general-purpose OS to the memory-constrained environment, presented by most, embedded systems. However, there is still room for improvement: it has been shown that even after application of the aforementioned techniques more than 50% of the kernel code remains unexecuted under normal system operation. We introduce a new technique that reduces the Linux kernel code memory footprint, through on-demand code loading of infrequently executed code, for systems that support virtual memory. In this paper, we describe our general approach, and we study code placement algorithms to minimize the performance impact of the code loading. A code, size reduction of 68% is achieved, with a 2.2% execution speedup of the system-mode execution time, for a case study based on the MediaBench II benchmark suite
EbbRT: a customizable operating system for cloud applications
Efficient use of hardware requires operating system components be customized to the application workload. Our general purpose operating systems are ill-suited for this task. We present Genesis, a new operating system that enables per-application customizations for cloud applications. Genesis achieves this through a novel heterogeneous distributed structure, a partitioned object model, and an event-driven execution environment. This paper describes the design and prototype implementation of Genesis, and evaluates its ability to improve the performance of common cloud applications. The evaluation of the Genesis prototype demonstrates memcached, run within a VM, can outperform memcached run on an unvirtualized Linux. The prototype evaluation also demonstrates an 14% performance improvement of a V8 JavaScript engine benchmark, and a node.js webserver that achieves a 50% reduction in 99th percentile latency compared to it run on Linux
- …