252 research outputs found
Glider: A GPU Library Driver for Improved System Security
Legacy device drivers implement both device resource management and
isolation. This results in a large code base with a wide high-level interface
making the driver vulnerable to security attacks. This is particularly
problematic for increasingly popular accelerators like GPUs that have large,
complex drivers. We solve this problem with library drivers, a new driver
architecture. A library driver implements resource management as an untrusted
library in the application process address space, and implements isolation as a
kernel module that is smaller and has a narrower lower-level interface (i.e.,
closer to hardware) than a legacy driver. We articulate a set of device and
platform hardware properties that are required to retrofit a legacy driver into
a library driver. To demonstrate the feasibility and superiority of library
drivers, we present Glider, a library driver implementation for two GPUs of
popular brands, Radeon and Intel. Glider reduces the TCB size and attack
surface by about 35% and 84% respectively for a Radeon HD 6450 GPU and by about
38% and 90% respectively for an Intel Ivy Bridge GPU. Moreover, it incurs no
performance cost. Indeed, Glider outperforms a legacy driver for applications
requiring intensive interactions with the device driver, such as applications
using the OpenGL immediate mode API
Towards User-Programmable Schedulers in the Operating System Kernel
International audienc
LibrettOS: A Dynamically Adaptable Multiserver-Library OS
We present LibrettOS, an OS design that fuses two paradigms to simultaneously
address issues of isolation, performance, compatibility, failure
recoverability, and run-time upgrades. LibrettOS acts as a microkernel OS that
runs servers in an isolated manner. LibrettOS can also act as a library OS
when, for better performance, selected applications are granted exclusive
access to virtual hardware resources such as storage and networking.
Furthermore, applications can switch between the two OS modes with no
interruption at run-time. LibrettOS has a uniquely distinguishing advantage in
that, the two paradigms seamlessly coexist in the same OS, enabling users to
simultaneously exploit their respective strengths (i.e., greater isolation,
high performance). Systems code, such as device drivers, network stacks, and
file systems remain identical in the two modes, enabling dynamic mode switching
and reducing development and maintenance costs.
To illustrate these design principles, we implemented a prototype of
LibrettOS using rump kernels, allowing us to reuse existent, hardened NetBSD
device drivers and a large ecosystem of POSIX/BSD-compatible applications. We
use hardware (VM) virtualization to strongly isolate different rump kernel
instances from each other. Because the original rumprun unikernel targeted a
much simpler model for uniprocessor systems, we redesigned it to support
multicore systems. Unlike kernel-bypass libraries such as DPDK, applications
need not be modified to benefit from direct hardware access. LibrettOS also
supports indirect access through a network server that we have developed.
Applications remain uninterrupted even when network components fail or need to
be upgraded. Finally, to efficiently use hardware resources, applications can
dynamically switch between the indirect and direct modes based on their I/O
load at run-time.
[full abstract is in the paper]Comment: 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution
Environments (VEE '20), March 17, 2020, Lausanne, Switzerlan
A Study of Dynamic Optimization Techniques: Lessons and Directions in Kernel Design
The Synthesis kernel [21,22,23,27,28] showed that dynamic code generation, software feedback, and fine-grain modular kernel organization are useful implementation techniques for improving the performance of operating system kernels. In addition, and perhaps more importantly, we discovered that there are strong interactions between the techniques. Hence, a careful and systematic combination of the techniques can be very powerful even though each one by itself may have serious limitations. By identifying these interactions we illustrate the problems of applying each technique in isolation to existing kernels. We also highlight the important common under-pinnings of the Synthesis experience and present our ideas on future operating system design and implementation. Finally, we outline a more uniform approach to dynamic optimizations called incremental partial evaluation
CubicleOS: A library OS with software componentisation for practical isolation
Library OSs have been proposed to deploy applications isolated inside containers, VMs, or trusted execution environments. They often follow a highly modular design in which third-party components are combined to offer the OS functionality needed by an application, and they are customised at compilation and deployment time to fit application requirements. Yet their monolithic design lacks isolation across components: when applications and OS components contain security-sensitive data (e.g., cryptographic keys or user data), the lack of isolation renders library OSs open to security breaches via malicious or vulnerable third-party components
CubicleOS: A library OS with software componentisation for practical isolation
Library OSs have been proposed to deploy applications isolated inside containers, VMs, or trusted execution environments. They often follow a highly modular design in which third-party components are combined to offer the OS functionality needed by an application, and they are customised at compilation and deployment time to fit application requirements. Yet their monolithic design lacks isolation across components: when applications and OS components contain security-sensitive data (e.g., cryptographic keys or user data), the lack of isolation renders library OSs open to security breaches via malicious or vulnerable third-party components
- âŠ