4 research outputs found
Building Resilient Cloud Over Unreliable Commodity Infrastructure
Cloud Computing has emerged as a successful computing paradigm for
efficiently utilizing managed compute infrastructure such as high speed
rack-mounted servers, connected with high speed networking, and reliable
storage. Usually such infrastructure is dedicated, physically secured and has
reliable power and networking infrastructure. However, much of our idle compute
capacity is present in unmanaged infrastructure like idle desktops, lab
machines, physically distant server machines, and laptops. We present a scheme
to utilize this idle compute capacity on a best-effort basis and provide high
availability even in face of failure of individual components or facilities.
We run virtual machines on the commodity infrastructure and present a cloud
interface to our end users. The primary challenge is to maintain availability
in the presence of node failures, network failures, and power failures. We run
multiple copies of a Virtual Machine (VM) redundantly on geographically
dispersed physical machines to achieve availability. If one of the running
copies of a VM fails, we seamlessly switchover to another running copy. We use
Virtual Machine Record/Replay capability to implement this redundancy and
switchover. In current progress, we have implemented VM Record/Replay for
uniprocessor machines over Linux/KVM and are currently working on VM
Record/Replay on shared-memory multiprocessor machines. We report initial
experimental results based on our implementation.Comment: Oral presentation at IEEE "Cloud Computing for Emerging Markets",
Oct. 11-12, 2012, Bangalore, Indi
CGuard: Efficient Spatial Safety for C
Spatial safety violations are the root cause of many security attacks and
unexpected behavior of applications. Existing techniques to enforce spatial
safety work broadly at either object or pointer granularity. Object-based
approaches tend to incur high CPU overheads, whereas pointer-based approaches
incur both high CPU and memory overheads. SGXBounds, an object-based approach,
is so far the most efficient technique that provides complete out-of-bounds
protection for objects. However, a major drawback of this approach is that it
can't support address space larger than 32-bit.
In this paper, we present CGuard, a tool that provides object-bounds
protection for C applications with comparable overheads to SGXBounds without
restricting the application address space. CGuard stores the bounds information
just before the base address of an object and encodes the relative offset of
the base address in the spare bits of the virtual address available in x86_64
architecture. For an object that can't fit in the spare bits, CGuard uses a
custom memory layout that enables it to find the base address of the object in
just one memory access. Our study revealed spatial safety violations in the gcc
and x264 benchmarks from the SPEC CPU2017 benchmark suite and the string_match
benchmark from the Phoenix benchmark suite. The execution time overheads for
the SPEC CPU2017 and Phoenix benchmark suites were 42% and 26% respectively,
whereas the reduction in the throughput for the Apache webserver when the CPUs
were fully saturated was 30%. These results indicate that CGuard can be highly
effective while maintaining a reasonable degree of efficiency