首页 > 最新文献

Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles最新文献

英文 中文
ResilientFL '21: Proceedings of the First Workshop on Systems Challenges in Reliable and Secure Federated Learning, Virtual Event / Koblenz, Germany, 25 October 2021 《首届可靠安全联邦学习系统挑战研讨会论文集》,虚拟事件/德国科布伦茨,2021年10月25日
{"title":"ResilientFL '21: Proceedings of the First Workshop on Systems Challenges in Reliable and Secure Federated Learning, Virtual Event / Koblenz, Germany, 25 October 2021","authors":"","doi":"10.1145/3477114","DOIUrl":"https://doi.org/10.1145/3477114","url":null,"abstract":"","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"29 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80440707","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SOSP '21: ACM SIGOPS 28th Symposium on Operating Systems Principles, Virtual Event / Koblenz, Germany, October 26-29, 2021 SOSP '21: ACM SIGOPS第28届操作系统原理研讨会,虚拟事件/德国科布伦茨,2021年10月26-29日
{"title":"SOSP '21: ACM SIGOPS 28th Symposium on Operating Systems Principles, Virtual Event / Koblenz, Germany, October 26-29, 2021","authors":"","doi":"10.1145/3477132","DOIUrl":"https://doi.org/10.1145/3477132","url":null,"abstract":"","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"9 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84485993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Application Performance Monitoring: Trade-Off between Overhead Reduction and Maintainability 应用程序性能监控:减少开销和可维护性之间的权衡
J. Waller, Florian Fittkau, W. Hasselbring
Monitoring of a software system provides insights into its runtime behavior, improving system analysis and comprehension. System-level monitoring approaches focus, e.g., on network monitoring, providing information on externally visible system behavior. Application-level performance monitoring frameworks, such as Kieker or Dapper, allow to observe the internal application behavior, but introduce runtime overhead depending on the number of instrumentation probes. We report on how we were able to significantly reduce the runtime overhead of the Kieker monitoring framework. For achieving this optimization, we employed micro-benchmarks with a structured performance engineering approach. During optimization, we kept track of the impact on maintainability of the framework. In this paper, we discuss the emerged trade-off between performance and maintainability in this context. To the best of our knowledge, publications on monitoring frameworks provide none or only weak performance evaluations, making comparisons cumbersome. However, our micro-benchmark, presented in this paper, provides a basis for such comparisons. Our experiment code and data are available as open source software such that interested researchers may repeat or extend our experiments for comparison on other hardware platforms or with other monitoring frameworks.
对软件系统的监视提供了对其运行时行为的洞察,从而改进了系统分析和理解。系统级监视方法侧重于,例如,网络监视,提供关于外部可见的系统行为的信息。应用程序级性能监视框架(如Kieker或Dapper)允许观察内部应用程序行为,但会引入运行时开销,这取决于检测探测的数量。我们将报告我们如何能够显著降低Kieker监视框架的运行时开销。为了实现这种优化,我们采用了带有结构化性能工程方法的微基准测试。在优化过程中,我们跟踪了对框架可维护性的影响。在本文中,我们讨论了在这种情况下出现的性能和可维护性之间的权衡。据我们所知,关于监控框架的出版物没有提供或只提供较弱的性能评估,这使得比较很麻烦。然而,我们在本文中提出的微观基准为这种比较提供了基础。我们的实验代码和数据作为开源软件提供,这样感兴趣的研究人员可以重复或扩展我们的实验,以便在其他硬件平台或其他监测框架上进行比较。
{"title":"Application Performance Monitoring: Trade-Off between Overhead Reduction and Maintainability","authors":"J. Waller, Florian Fittkau, W. Hasselbring","doi":"10.5281/ZENODO.11428","DOIUrl":"https://doi.org/10.5281/ZENODO.11428","url":null,"abstract":"Monitoring of a software system provides insights into its runtime behavior, improving system analysis and comprehension. System-level monitoring approaches focus, e.g., on network monitoring, providing information on externally visible system behavior. Application-level performance monitoring frameworks, such as Kieker or Dapper, allow to observe the internal application behavior, but introduce runtime overhead depending on the number of instrumentation probes. \u0000 \u0000We report on how we were able to significantly reduce the runtime overhead of the Kieker monitoring framework. For achieving this optimization, we employed micro-benchmarks with a structured performance engineering approach. During optimization, we kept track of the impact on maintainability of the framework. In this paper, we discuss the emerged trade-off between performance and maintainability in this context. \u0000 \u0000To the best of our knowledge, publications on monitoring frameworks provide none or only weak performance evaluations, making comparisons cumbersome. However, our micro-benchmark, presented in this paper, provides a basis for such comparisons. Our experiment code and data are available as open source software such that interested researchers may repeat or extend our experiments for comparison on other hardware platforms or with other monitoring frameworks.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"1 1","pages":"46-69"},"PeriodicalIF":0.0,"publicationDate":"2014-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82853286","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Detecting and surviving data races using complementary schedules 使用互补调度检测和保存数据竞争
Pub Date : 2011-10-23 DOI: 10.1145/2043556.2043590
K. Veeraraghavan, Peter M. Chen, J. Flinn, S. Narayanasamy
Data races are a common source of errors in multithreaded programs. In this paper, we show how to protect a program from data race errors at runtime by executing multiple replicas of the program with complementary thread schedules. Complementary schedules are a set of replica thread schedules crafted to ensure that replicas diverge only if a data race occurs and to make it very likely that harmful data races cause divergences. Our system, called Frost, uses complementary schedules to cause at least one replica to avoid the order of racing instructions that leads to incorrect program execution for most harmful data races. Frost introduces outcome-based race detection, which detects data races by comparing the state of replicas executing complementary schedules. We show that this method is substantially faster than existing dynamic race detectors for unmanaged code. To help programs survive bugs in production, Frost also diagnoses the data race bug and selects an appropriate recovery strategy, such as choosing a replica that is likely to be correct or executing more replicas to gather additional information. Frost controls the thread schedules of replicas by running all threads of a replica non-preemptively on a single core. To scale the program to multiple cores, Frost runs a third replica in parallel to generate checkpoints of the program's likely future states --- these checkpoints let Frost divide program execution into multiple epochs, which it then runs in parallel. We evaluate Frost using 11 real data race bugs in desktop and server applications. Frost both detects and survives all of these data races. Since Frost runs three replicas, its utilization cost is 3x. However, if there are spare cores to absorb this increased utilization, Frost adds only 3--12% overhead to application runtime.
数据竞争是多线程程序中常见的错误来源。在本文中,我们展示了如何在运行时通过执行具有互补线程调度的程序的多个副本来保护程序免受数据竞争错误的影响。互补调度是一组副本线程调度,旨在确保只有在发生数据争用时副本才会发散,并使有害的数据争用很可能导致发散。我们的系统称为Frost,它使用互补调度来产生至少一个副本,以避免在大多数有害的数据竞争中导致程序执行错误的指令顺序。Frost引入了基于结果的竞争检测,它通过比较执行互补调度的副本的状态来检测数据竞争。我们证明,对于非托管代码,这种方法比现有的动态竞争检测器要快得多。为了帮助程序在生产环境中幸存下来,Frost还诊断数据竞争错误并选择适当的恢复策略,例如选择可能正确的副本或执行更多副本以收集额外信息。Frost通过在单个核心上非抢占地运行副本的所有线程来控制副本的线程调度。为了将程序扩展到多个核心,Frost并行运行第三个副本,以生成程序可能的未来状态的检查点——这些检查点让Frost将程序执行分为多个时代,然后并行运行。我们使用桌面和服务器应用程序中的11个真实数据竞赛错误来评估Frost。Frost既能检测到这些数据竞争,又能存活下来。因为Frost运行三个副本,它的使用成本是3x。然而,如果有备用核来吸收增加的利用率,Frost只会在应用程序运行时增加3- 12%的开销。
{"title":"Detecting and surviving data races using complementary schedules","authors":"K. Veeraraghavan, Peter M. Chen, J. Flinn, S. Narayanasamy","doi":"10.1145/2043556.2043590","DOIUrl":"https://doi.org/10.1145/2043556.2043590","url":null,"abstract":"Data races are a common source of errors in multithreaded programs. In this paper, we show how to protect a program from data race errors at runtime by executing multiple replicas of the program with complementary thread schedules. Complementary schedules are a set of replica thread schedules crafted to ensure that replicas diverge only if a data race occurs and to make it very likely that harmful data races cause divergences. Our system, called Frost, uses complementary schedules to cause at least one replica to avoid the order of racing instructions that leads to incorrect program execution for most harmful data races. Frost introduces outcome-based race detection, which detects data races by comparing the state of replicas executing complementary schedules. We show that this method is substantially faster than existing dynamic race detectors for unmanaged code. To help programs survive bugs in production, Frost also diagnoses the data race bug and selects an appropriate recovery strategy, such as choosing a replica that is likely to be correct or executing more replicas to gather additional information. Frost controls the thread schedules of replicas by running all threads of a replica non-preemptively on a single core. To scale the program to multiple cores, Frost runs a third replica in parallel to generate checkpoints of the program's likely future states --- these checkpoints let Frost divide program execution into multiple epochs, which it then runs in parallel. We evaluate Frost using 11 real data race bugs in desktop and server applications. Frost both detects and survives all of these data races. Since Frost runs three replicas, its utilization cost is 3x. However, if there are spare cores to absorb this increased utilization, Frost adds only 3--12% overhead to application runtime.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"40 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2011-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79787642","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 93
A file is not a file: understanding the I/O behavior of Apple desktop applications 文件不是文件:理解苹果桌面应用程序的I/O行为
Pub Date : 2011-10-23 DOI: 10.1145/2043556.2043564
T. Harter, Chris Dragga, Michael Vaughn, A. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau
We analyze the I/O behavior of iBench, a new collection of productivity and multimedia application workloads. Our analysis reveals a number of differences between iBench and typical file-system workload studies, including the complex organization of modern files, the lack of pure sequential access, the influence of underlying frameworks on I/O patterns, the widespread use of file synchronization and atomic operations, and the prevalence of threads. Our results have strong ramifications for the design of next generation local and cloud-based storage systems.
我们分析了iBench的I/O行为,iBench是一个新的生产力和多媒体应用程序工作负载集合。我们的分析揭示了iBench与典型文件系统工作负载研究之间的许多差异,包括现代文件的复杂组织、纯顺序访问的缺乏、底层框架对I/O模式的影响、文件同步和原子操作的广泛使用以及线程的流行。我们的研究结果对下一代本地和基于云的存储系统的设计有很强的影响。
{"title":"A file is not a file: understanding the I/O behavior of Apple desktop applications","authors":"T. Harter, Chris Dragga, Michael Vaughn, A. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau","doi":"10.1145/2043556.2043564","DOIUrl":"https://doi.org/10.1145/2043556.2043564","url":null,"abstract":"We analyze the I/O behavior of iBench, a new collection of productivity and multimedia application workloads. Our analysis reveals a number of differences between iBench and typical file-system workload studies, including the complex organization of modern files, the lack of pure sequential access, the influence of underlying frameworks on I/O patterns, the widespread use of file synchronization and atomic operations, and the prevalence of threads. Our results have strong ramifications for the design of next generation local and cloud-based storage systems.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"18 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2011-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82096940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Fay: extensible distributed tracing from kernels to clusters Fay:从内核到集群的可扩展分布式跟踪
Pub Date : 2011-10-23 DOI: 10.1145/2043556.2043585
Ú. Erlingsson, Marcus Peinado, Simon Peter, M. Budiu
Fay is a flexible platform for the efficient collection, processing, and analysis of software execution traces. Fay provides dynamic tracing through use of runtime instrumentation and distributed aggregation within machines and across clusters. At the lowest level, Fay can be safely extended with new tracing primitives, including even untrusted, fully-optimized machine code, and Fay can be applied to running user-mode or kernel-mode software without compromising system stability. At the highest level, Fay provides a unified, declarative means of specifying what events to trace, as well as the aggregation, processing, and analysis of those events. We have implemented the Fay tracing platform for Windows and integrated it with two powerful, expressive systems for distributed programming. Our implementation is easy to use, can be applied to unmodified production systems, and provides primitives that allow the overhead of tracing to be greatly reduced, compared to previous dynamic tracing platforms. To show the generality of Fay tracing, we reimplement, in experiments, a range of tracing strategies and several custom mechanisms from existing tracing frameworks. Fay shows that modern techniques for high-level querying and data-parallel processing of disaggregated data streams are well suited to comprehensive monitoring of software execution in distributed systems. Revisiting a lesson from the late 1960's [15], Fay also demonstrates the efficiency and extensibility benefits of using safe, statically-verified machine code as the basis for low-level execution tracing. Finally, Fay establishes that, by automatically deriving optimized query plans and code for safe extensions, the expressiveness and performance of high-level tracing queries can equal or even surpass that of specialized monitoring tools.
Fay是一个灵活的平台,用于有效地收集、处理和分析软件执行跟踪。Fay通过使用运行时检测和机器内和集群间的分布式聚合提供动态跟踪。在最低级别,Fay可以安全地扩展新的跟踪原语,甚至包括不受信任的、完全优化的机器码,并且Fay可以应用于运行用户模式或内核模式软件,而不会影响系统稳定性。在最高级别,Fay提供了一种统一的声明性方法,用于指定要跟踪的事件,以及对这些事件的聚合、处理和分析。我们已经为Windows实现了Fay跟踪平台,并将其与两个强大的、富有表现力的分布式编程系统集成在一起。我们的实现易于使用,可以应用于未经修改的生产系统,并且与以前的动态跟踪平台相比,提供了允许大大减少跟踪开销的原语。为了展示Fay跟踪的通用性,我们在实验中重新实现了一系列跟踪策略和来自现有跟踪框架的几个自定义机制。Fay表明,用于高级查询和分解数据流的数据并行处理的现代技术非常适合于分布式系统中软件执行的全面监控。Fay回顾了20世纪60年代末的一个教训[15],他还展示了使用安全的、静态验证的机器码作为底层执行跟踪的基础所带来的效率和可扩展性的好处。最后,Fay指出,通过自动为安全扩展生成优化的查询计划和代码,高级跟踪查询的表现力和性能可以与专门的监视工具相媲美,甚至超过它们。
{"title":"Fay: extensible distributed tracing from kernels to clusters","authors":"Ú. Erlingsson, Marcus Peinado, Simon Peter, M. Budiu","doi":"10.1145/2043556.2043585","DOIUrl":"https://doi.org/10.1145/2043556.2043585","url":null,"abstract":"Fay is a flexible platform for the efficient collection, processing, and analysis of software execution traces. Fay provides dynamic tracing through use of runtime instrumentation and distributed aggregation within machines and across clusters. At the lowest level, Fay can be safely extended with new tracing primitives, including even untrusted, fully-optimized machine code, and Fay can be applied to running user-mode or kernel-mode software without compromising system stability. At the highest level, Fay provides a unified, declarative means of specifying what events to trace, as well as the aggregation, processing, and analysis of those events. We have implemented the Fay tracing platform for Windows and integrated it with two powerful, expressive systems for distributed programming. Our implementation is easy to use, can be applied to unmodified production systems, and provides primitives that allow the overhead of tracing to be greatly reduced, compared to previous dynamic tracing platforms. To show the generality of Fay tracing, we reimplement, in experiments, a range of tracing strategies and several custom mechanisms from existing tracing frameworks. Fay shows that modern techniques for high-level querying and data-parallel processing of disaggregated data streams are well suited to comprehensive monitoring of software execution in distributed systems. Revisiting a lesson from the late 1960's [15], Fay also demonstrates the efficiency and extensibility benefits of using safe, statically-verified machine code as the basis for low-level execution tracing. Finally, Fay establishes that, by automatically deriving optimized query plans and code for safe extensions, the expressiveness and performance of high-level tracing queries can equal or even surpass that of specialized monitoring tools.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2011-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83727012","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 110
Dthreads: efficient deterministic multithreading Dthreads:高效的确定性多线程
Pub Date : 2011-10-23 DOI: 10.1145/2043556.2043587
Tongping Liu, Charlie Curtsinger, E. Berger
Multithreaded programming is notoriously difficult to get right. A key problem is non-determinism, which complicates debugging, testing, and reproducing errors. One way to simplify multithreaded programming is to enforce deterministic execution, but current deterministic systems for C/C++ are incomplete or impractical. These systems require program modification, do not ensure determinism in the presence of data races, do not work with general-purpose multithreaded programs, or run up to 8.4× slower than pthreads. This paper presents Dthreads, an efficient deterministic multithreading system for unmodified C/C++ applications that replaces the pthreads library. Dthreads enforces determinism in the face of data races and deadlocks. Dthreads works by exploding multithreaded applications into multiple processes, with private, copy-on-write mappings to shared memory. It uses standard virtual memory protection to track writes, and deterministically orders updates by each thread. By separating updates from different threads, Dthreads has the additional benefit of eliminating false sharing. Experimental results show that Dthreads substantially outperforms a state-of-the-art deterministic runtime system, and for a majority of the benchmarks evaluated here, matches and occasionally exceeds the performance of pthreads.
众所周知,多线程编程很难做到正确。一个关键问题是不确定性,它使调试、测试和再现错误变得复杂。简化多线程编程的一种方法是强制执行确定性,但是当前用于C/ c++的确定性系统是不完整的或不切实际的。这些系统需要修改程序,不能确保存在数据竞争时的确定性,不能与通用多线程程序一起工作,或者运行速度比pthread慢8.4倍。本文介绍了Dthreads,一个高效的确定性多线程系统,用于未修改的C/ c++应用程序,取代了pthreads库。在面对数据竞争和死锁时,dthread强制执行确定性。Dthreads的工作原理是将多线程应用程序分解为多个进程,并使用私有的、写时复制的映射到共享内存。它使用标准的虚拟内存保护来跟踪写操作,并确定每个线程的更新顺序。通过分离来自不同线程的更新,Dthreads还具有消除错误共享的额外好处。实验结果表明,dthread的性能大大优于最先进的确定性运行时系统,并且对于本文评估的大多数基准测试,dthread的性能与pthread相当,有时甚至超过了pthread。
{"title":"Dthreads: efficient deterministic multithreading","authors":"Tongping Liu, Charlie Curtsinger, E. Berger","doi":"10.1145/2043556.2043587","DOIUrl":"https://doi.org/10.1145/2043556.2043587","url":null,"abstract":"Multithreaded programming is notoriously difficult to get right. A key problem is non-determinism, which complicates debugging, testing, and reproducing errors. One way to simplify multithreaded programming is to enforce deterministic execution, but current deterministic systems for C/C++ are incomplete or impractical. These systems require program modification, do not ensure determinism in the presence of data races, do not work with general-purpose multithreaded programs, or run up to 8.4× slower than pthreads. This paper presents Dthreads, an efficient deterministic multithreading system for unmodified C/C++ applications that replaces the pthreads library. Dthreads enforces determinism in the face of data races and deadlocks. Dthreads works by exploding multithreaded applications into multiple processes, with private, copy-on-write mappings to shared memory. It uses standard virtual memory protection to track writes, and deterministically orders updates by each thread. By separating updates from different threads, Dthreads has the additional benefit of eliminating false sharing. Experimental results show that Dthreads substantially outperforms a state-of-the-art deterministic runtime system, and for a majority of the benchmarks evaluated here, matches and occasionally exceeds the performance of pthreads.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"34 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2011-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79389283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 254
Session details: Geo-replication 会话详细信息:两地复制
Ant Rowstron
{"title":"Session details: Geo-replication","authors":"Ant Rowstron","doi":"10.1145/3247980","DOIUrl":"https://doi.org/10.1145/3247980","url":null,"abstract":"","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"45 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2011-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88490722","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Reality 会议详情:现实
George Candea
{"title":"Session details: Reality","authors":"George Candea","doi":"10.1145/3247975","DOIUrl":"https://doi.org/10.1145/3247975","url":null,"abstract":"","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"66 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2011-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90361706","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Software fault isolation with API integrity and multi-principal modules 具有API完整性和多主体模块的软件故障隔离
Pub Date : 2011-10-23 DOI: 10.1145/2043556.2043568
Yandong Mao, Haogang Chen, Dong Zhou, Xi Wang, N. Zeldovich, M. Kaashoek
The security of many applications relies on the kernel being secure, but history suggests that kernel vulnerabilities are routinely discovered and exploited. In particular, exploitable vulnerabilities in kernel modules are common. This paper proposes LXFI, a system which isolates kernel modules from the core kernel so that vulnerabilities in kernel modules cannot lead to a privilege escalation attack. To safely give kernel modules access to complex kernel APIs, LXFI introduces the notion of API integrity, which captures the set of contracts assumed by an interface. To partition the privileges within a shared module, LXFI introduces module principals. Programmers specify principals and API integrity rules through capabilities and annotations. Using a compiler plugin, LXFI instruments the generated code to grant, check, and transfer capabilities between modules, according to the programmer's annotations. An evaluation with Linux shows that the annotations required on kernel functions to support a new module are moderate, and that LXFI is able to prevent three known privilege-escalation vulnerabilities. Stress tests of a network driver module also show that isolating this module using LXFI does not hurt TCP throughput but reduces UDP throughput by 35%, and increases CPU utilization by 2.2-3.7x.
许多应用程序的安全性依赖于内核的安全性,但历史表明,内核漏洞经常被发现和利用。特别是,内核模块中的可利用漏洞很常见。本文提出了LXFI系统,它将内核模块与内核隔离开来,使内核模块中的漏洞不会导致特权升级攻击。为了让内核模块安全地访问复杂的内核API, LXFI引入了API完整性的概念,它捕获接口所假定的一组契约。为了在共享模块内对特权进行分区,LXFI引入了模块主体。程序员通过功能和注释指定主体和API完整性规则。通过使用编译器插件,LXFI根据程序员的注释对生成的代码进行检测,以便在模块之间授予、检查和传输功能。对Linux的评估表明,支持新模块所需的内核函数注释是适度的,并且LXFI能够防止三个已知的特权升级漏洞。网络驱动模块的压力测试也表明,使用LXFI隔离该模块不会影响TCP吞吐量,但会使UDP吞吐量降低35%,并使CPU利用率提高2.2-3.7倍。
{"title":"Software fault isolation with API integrity and multi-principal modules","authors":"Yandong Mao, Haogang Chen, Dong Zhou, Xi Wang, N. Zeldovich, M. Kaashoek","doi":"10.1145/2043556.2043568","DOIUrl":"https://doi.org/10.1145/2043556.2043568","url":null,"abstract":"The security of many applications relies on the kernel being secure, but history suggests that kernel vulnerabilities are routinely discovered and exploited. In particular, exploitable vulnerabilities in kernel modules are common. This paper proposes LXFI, a system which isolates kernel modules from the core kernel so that vulnerabilities in kernel modules cannot lead to a privilege escalation attack. To safely give kernel modules access to complex kernel APIs, LXFI introduces the notion of API integrity, which captures the set of contracts assumed by an interface. To partition the privileges within a shared module, LXFI introduces module principals. Programmers specify principals and API integrity rules through capabilities and annotations. Using a compiler plugin, LXFI instruments the generated code to grant, check, and transfer capabilities between modules, according to the programmer's annotations. An evaluation with Linux shows that the annotations required on kernel functions to support a new module are moderate, and that LXFI is able to prevent three known privilege-escalation vulnerabilities. Stress tests of a network driver module also show that isolating this module using LXFI does not hurt TCP throughput but reduces UDP throughput by 35%, and increases CPU utilization by 2.2-3.7x.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"45 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2011-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88894959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 112
期刊
Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1