3,164 research outputs found
An Experimental Nexos Laboratory Using Virtual Xinu
The Nexos Project is a joint effort between Marquette University, the University of Buffalo, and the University of Mississippi to build curriculum materials and a supporting experimental laboratory for hands-on projects in computer systems courses. The approach focuses on inexpensive, flexible, commodity embedded hardware, freely available development and debugging tools, and a fresh implementation of a classic operating system, Embedded Xinu, that is ideal for student exploration. This paper describes an extension to the Nexos laboratory that includes a new target platform composed of Qemu virtual machines. Virtual Xinu addresses two challenges that limit the effectiveness of Nexos. First, potential faculty adopters have clearly indicated that even with the current minimal monetary cost of installation, the hardware modifications, and time investment remain troublesome factors that scare off interested educators. Second, overcoming the inherent complications that arise due to the shared subnet that result in students\u27 projects interfering with each other in ways that are difficult to recreate, debug, and understand. Specifically, this paper discusses porting the Xinu operating systems to Qemu virtual hardware, developing the virtual networking platform, and results showing success using Virtual Xinu in the classroom during one semester of Operating Systems at the University of Mississippi
TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone
The rapid evolution of Internet-of-Things (IoT) technologies has led to an
emerging need to make it smarter. A variety of applications now run
simultaneously on an ARM-based processor. For example, devices on the edge of
the Internet are provided with higher horsepower to be entrusted with storing,
processing and analyzing data collected from IoT devices. This significantly
improves efficiency and reduces the amount of data that needs to be transported
to the cloud for data processing, analysis and storage. However, commodity OSes
are prone to compromise. Once they are exploited, attackers can access the data
on these devices. Since the data stored and processed on the devices can be
sensitive, left untackled, this is particularly disconcerting.
In this paper, we propose a new system, TrustShadow that shields legacy
applications from untrusted OSes. TrustShadow takes advantage of ARM TrustZone
technology and partitions resources into the secure and normal worlds. In the
secure world, TrustShadow constructs a trusted execution environment for
security-critical applications. This trusted environment is maintained by a
lightweight runtime system that coordinates the communication between
applications and the ordinary OS running in the normal world. The runtime
system does not provide system services itself. Rather, it forwards requests
for system services to the ordinary OS, and verifies the correctness of the
responses. To demonstrate the efficiency of this design, we prototyped
TrustShadow on a real chip board with ARM TrustZone support, and evaluated its
performance using both microbenchmarks and real-world applications. We showed
TrustShadow introduces only negligible overhead to real-world applications.Comment: MobiSys 201
Design of a Hybrid Modular Switch
Network Function Virtualization (NFV) shed new light for the design,
deployment, and management of cloud networks. Many network functions such as
firewalls, load balancers, and intrusion detection systems can be virtualized
by servers. However, network operators often have to sacrifice programmability
in order to achieve high throughput, especially at networks' edge where complex
network functions are required.
Here, we design, implement, and evaluate Hybrid Modular Switch (HyMoS). The
hybrid hardware/software switch is designed to meet requirements for modern-day
NFV applications in providing high-throughput, with a high degree of
programmability. HyMoS utilizes P4-compatible Network Interface Cards (NICs),
PCI Express interface and CPU to act as line cards, switch fabric, and fabric
controller respectively. In our implementation of HyMos, PCI Express interface
is turned into a non-blocking switch fabric with a throughput of hundreds of
Gigabits per second.
Compared to existing NFV infrastructure, HyMoS offers modularity in hardware
and software as well as a higher degree of programmability by supporting a
superset of P4 language
- …