首页 > 最新文献

Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles最新文献

英文 中文
Hibernator: helping disk arrays sleep through the winter 冬眠者:帮助磁盘阵列冬眠过冬
Pub Date : 2005-10-23 DOI: 10.1145/1095810.1095828
Qingbo Zhu, Z. Chen, Lin Tan, Yuanyuan Zhou, K. Keeton, J. Wilkes
Energy consumption has become an important issue in high-end data centers, and disk arrays are one of the largest energy consumers within them. Although several attempts have been made to improve disk array energy management, the existing solutions either provide little energy savings or significantly degrade performance for data center workloads.Our solution, Hibernator, is a disk array energy management system that provides improved energy savings while meeting performance goals. Hibernator combines a number of techniques to achieve this: the use of disks that can spin at different speeds, a coarse-grained approach for dynamically deciding which disks should spin at which speeds, efficient ways to migrate the right data to an appropriate-speed disk automatically, and automatic performance boosts if there is a risk that performance goals might not be met due to disk energy management.In this paper, we describe the Hibernator design, and present evaluations of it using both trace-driven simulations and a hybrid system comprised of a real database server (IBM DB2) and an emulated storage server with multi-speed disks. Our file-system and on-line transaction processing (OLTP) simulation results show that Hibernator can provide up to 65% energy savings while continuing to satisfy performance goals (6.5--26 times better than previous solutions). Our OLTP emulated system results show that Hibernator can save more energy (29%) than previous solutions, while still providing an OLTP transaction rate comparable to a RAID5 array with no energy management.
能源消耗已经成为高端数据中心的一个重要问题,而磁盘阵列是其中最大的能源消耗者之一。尽管已经进行了一些改进磁盘阵列能源管理的尝试,但现有的解决方案要么很少节省能源,要么显著降低数据中心工作负载的性能。我们的解决方案,Hibernator,是一个磁盘阵列能源管理系统,在满足性能目标的同时提供更好的能源节约。Hibernator结合了许多技术来实现这一点:使用可以以不同速度旋转的磁盘,动态决定哪个磁盘应该以什么速度旋转的粗粒度方法,将正确的数据自动迁移到适当速度的磁盘的有效方法,以及在存在由于磁盘能量管理而无法满足性能目标的风险时自动提高性能。在本文中,我们描述了Hibernator的设计,并使用跟踪驱动仿真和一个混合系统对其进行了评估,该系统由一个真实的数据库服务器(IBM DB2)和一个具有多速度磁盘的模拟存储服务器组成。我们的文件系统和联机事务处理(OLTP)模拟结果表明,Hibernator可以在继续满足性能目标的同时节省高达65%的能源(比以前的解决方案好6.5- 26倍)。我们的OLTP仿真系统结果表明,Hibernator可以比以前的解决方案节省更多的能量(29%),同时仍然提供与没有能量管理的RAID5阵列相当的OLTP事务率。
{"title":"Hibernator: helping disk arrays sleep through the winter","authors":"Qingbo Zhu, Z. Chen, Lin Tan, Yuanyuan Zhou, K. Keeton, J. Wilkes","doi":"10.1145/1095810.1095828","DOIUrl":"https://doi.org/10.1145/1095810.1095828","url":null,"abstract":"Energy consumption has become an important issue in high-end data centers, and disk arrays are one of the largest energy consumers within them. Although several attempts have been made to improve disk array energy management, the existing solutions either provide little energy savings or significantly degrade performance for data center workloads.Our solution, Hibernator, is a disk array energy management system that provides improved energy savings while meeting performance goals. Hibernator combines a number of techniques to achieve this: the use of disks that can spin at different speeds, a coarse-grained approach for dynamically deciding which disks should spin at which speeds, efficient ways to migrate the right data to an appropriate-speed disk automatically, and automatic performance boosts if there is a risk that performance goals might not be met due to disk energy management.In this paper, we describe the Hibernator design, and present evaluations of it using both trace-driven simulations and a hybrid system comprised of a real database server (IBM DB2) and an emulated storage server with multi-speed disks. Our file-system and on-line transaction processing (OLTP) simulation results show that Hibernator can provide up to 65% energy savings while continuing to satisfy performance goals (6.5--26 times better than previous solutions). Our OLTP emulated system results show that Hibernator can save more energy (29%) than previous solutions, while still providing an OLTP transaction rate comparable to a RAID5 array with no energy management.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"53 4 1","pages":"177-190"},"PeriodicalIF":0.0,"publicationDate":"2005-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78967757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 334
The taser intrusion recovery system 泰瑟入侵恢复系统
Pub Date : 2005-10-23 DOI: 10.1145/1095810.1095826
Ashvin Goel, Kenneth Po, K. Farhadi, Zheng Li, E. D. Lara
Recovery from intrusions is typically a very time-consuming operation in current systems. At a time when the cost of human resources dominates the cost of computing resources, we argue that next generation systems should be built with automated intrusion recovery as a primary goal. In this paper, we describe the design of Taser, a system that helps in selectively recovering legitimate file-system data after an attack or local damage occurs. Taser reverts tainted, i.e. attack-dependent, file-system operations but preserves legitimate operations. This process is difficult for two reasons. First, the set of tainted operations is not known precisely. Second, the recovery process can cause conflicts when legitimate operations depend on tainted operations. Taser provides several analysis policies that aid in determining the set of tainted operations. To handle conflicts, Taser uses automated resolution policies that isolate the tainted operations. Our evaluation shows that Taser is effective in recovering from a wide range of intrusions as well as damage caused by system management errors.
在当前系统中,从入侵中恢复通常是一项非常耗时的操作。在人力资源成本主导计算资源成本的时代,我们认为下一代系统应该以自动入侵恢复为主要目标。在本文中,我们描述了Taser的设计,这是一个帮助在攻击或局部损坏发生后选择性恢复合法文件系统数据的系统。Taser恢复受污染的(即依赖于攻击的)文件系统操作,但保留合法操作。这一过程之所以困难,有两个原因。首先,受污染操作的集合是不准确的。其次,当合法操作依赖于受污染的操作时,恢复过程可能会导致冲突。Taser提供了几个分析策略,帮助确定受污染的操作集。为了处理冲突,Taser使用自动解决策略来隔离受污染的操作。我们的评估表明,泰瑟是有效的恢复从大范围的入侵,以及由系统管理错误造成的损害。
{"title":"The taser intrusion recovery system","authors":"Ashvin Goel, Kenneth Po, K. Farhadi, Zheng Li, E. D. Lara","doi":"10.1145/1095810.1095826","DOIUrl":"https://doi.org/10.1145/1095810.1095826","url":null,"abstract":"Recovery from intrusions is typically a very time-consuming operation in current systems. At a time when the cost of human resources dominates the cost of computing resources, we argue that next generation systems should be built with automated intrusion recovery as a primary goal. In this paper, we describe the design of Taser, a system that helps in selectively recovering legitimate file-system data after an attack or local damage occurs. Taser reverts tainted, i.e. attack-dependent, file-system operations but preserves legitimate operations. This process is difficult for two reasons. First, the set of tainted operations is not known precisely. Second, the recovery process can cause conflicts when legitimate operations depend on tainted operations. Taser provides several analysis policies that aid in determining the set of tainted operations. To handle conflicts, Taser uses automated resolution policies that isolate the tainted operations. Our evaluation shows that Taser is effective in recovering from a wide range of intrusions as well as damage caused by system management errors.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"54 1","pages":"163-176"},"PeriodicalIF":0.0,"publicationDate":"2005-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86523092","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 187
IRON file systems IRON文件系统
Pub Date : 2005-10-23 DOI: 10.1145/1095810.1095830
Vijayan Prabhakaran, Lakshmi N. Bairavasundaram, Nitin Agrawal, Haryadi S. Gunawi, A. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau
Commodity file systems trust disks to either work or fail completely, yet modern disks exhibit more complex failure modes. We suggest a new fail-partial failure model for disks, which incorporates realistic localized faults such as latent sector errors and block corruption. We then develop and apply a novel failure-policy fingerprinting framework, to investigate how commodity file systems react to a range of more realistic disk failures. We classify their failure policies in a new taxonomy that measures their Internal RObustNess (IRON), which includes both failure detection and recovery techniques. We show that commodity file system failure policies are often inconsistent, sometimes buggy, and generally inadequate in their ability to recover from partial disk failures. Finally, we design, implement, and evaluate a prototype IRON file system, Linux ixt3, showing that techniques such as in-disk checksumming, replication, and parity greatly enhance file system robustness while incurring minimal time and space overheads.
商品文件系统相信磁盘要么完全工作,要么完全失败,但现代磁盘表现出更复杂的故障模式。我们提出了一种新的磁盘失效-局部失效模型,该模型包含了潜在扇区错误和块损坏等实际局部故障。然后,我们开发并应用了一个新的故障策略指纹识别框架,以研究商品文件系统如何对一系列更实际的磁盘故障做出反应。我们用一种新的分类法对它们的故障策略进行分类,该分类法测量它们的内部鲁棒性(IRON),其中包括故障检测和恢复技术。我们表明,商品文件系统故障策略通常不一致,有时有错误,并且通常无法从部分磁盘故障中恢复。最后,我们设计、实现并评估了一个原型IRON文件系统Linux ixt3,表明磁盘内校验和、复制和奇偶校验等技术极大地增强了文件系统的健壮性,同时减少了时间和空间开销。
{"title":"IRON file systems","authors":"Vijayan Prabhakaran, Lakshmi N. Bairavasundaram, Nitin Agrawal, Haryadi S. Gunawi, A. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau","doi":"10.1145/1095810.1095830","DOIUrl":"https://doi.org/10.1145/1095810.1095830","url":null,"abstract":"Commodity file systems trust disks to either work or fail completely, yet modern disks exhibit more complex failure modes. We suggest a new fail-partial failure model for disks, which incorporates realistic localized faults such as latent sector errors and block corruption. We then develop and apply a novel failure-policy fingerprinting framework, to investigate how commodity file systems react to a range of more realistic disk failures. We classify their failure policies in a new taxonomy that measures their Internal RObustNess (IRON), which includes both failure detection and recovery techniques. We show that commodity file system failure policies are often inconsistent, sometimes buggy, and generally inadequate in their ability to recover from partial disk failures. Finally, we design, implement, and evaluate a prototype IRON file system, Linux ixt3, showing that techniques such as in-disk checksumming, replication, and parity greatly enhance file system robustness while incurring minimal time and space overheads.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"46 1","pages":"206-220"},"PeriodicalIF":0.0,"publicationDate":"2005-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84711041","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 281
Scalability, fidelity, and containment in the potemkin virtual honeyfarm 波坦金虚拟蜜场的可扩展性、保真度和包容性
Pub Date : 2005-10-23 DOI: 10.1145/1095810.1095825
Michael Vrable, Justin Ma, Jay Chen, D. Moore, Erik Vandekieft, A. Snoeren, G. Voelker, S. Savage
The rapid evolution of large-scale worms, viruses and bot-nets have made Internet malware a pressing concern. Such infections are at the root of modern scourges including DDoS extortion, on-line identity theft, SPAM, phishing, and piracy. However, the most widely used tools for gathering intelligence on new malware -- network honeypots -- have forced investigators to choose between monitoring activity at a large scale or capturing behavior with high fidelity. In this paper, we describe an approach to minimize this tension and improve honeypot scalability by up to six orders of magnitude while still closely emulating the execution behavior of individual Internet hosts. We have built a prototype honeyfarm system, called Potemkin, that exploits virtual machines, aggressive memory sharing, and late binding of resources to achieve this goal. While still an immature implementation, Potemkin has emulated over 64,000 Internet honeypots in live test runs, using only a handful of physical servers.
大规模蠕虫、病毒和僵尸网络的快速发展使互联网恶意软件成为一个紧迫的问题。这种感染是DDoS勒索、在线身份盗窃、垃圾邮件、网络钓鱼和盗版等现代祸害的根源。然而,用于收集新恶意软件情报的最广泛使用的工具——网络蜜罐——迫使调查人员在大规模监控活动和高保真捕获行为之间做出选择。在本文中,我们描述了一种方法来最小化这种紧张,并将蜜罐可伸缩性提高多达六个数量级,同时仍然密切模拟单个互联网主机的执行行为。我们已经建立了一个原型蜜场系统,称为Potemkin,它利用虚拟机,积极的内存共享和资源的后期绑定来实现这一目标。虽然Potemkin仍然是一个不成熟的实现,但它已经在实时测试中模拟了超过64,000个Internet蜜罐,只使用了少量的物理服务器。
{"title":"Scalability, fidelity, and containment in the potemkin virtual honeyfarm","authors":"Michael Vrable, Justin Ma, Jay Chen, D. Moore, Erik Vandekieft, A. Snoeren, G. Voelker, S. Savage","doi":"10.1145/1095810.1095825","DOIUrl":"https://doi.org/10.1145/1095810.1095825","url":null,"abstract":"The rapid evolution of large-scale worms, viruses and bot-nets have made Internet malware a pressing concern. Such infections are at the root of modern scourges including DDoS extortion, on-line identity theft, SPAM, phishing, and piracy. However, the most widely used tools for gathering intelligence on new malware -- network honeypots -- have forced investigators to choose between monitoring activity at a large scale or capturing behavior with high fidelity. In this paper, we describe an approach to minimize this tension and improve honeypot scalability by up to six orders of magnitude while still closely emulating the execution behavior of individual Internet hosts. We have built a prototype honeyfarm system, called Potemkin, that exploits virtual machines, aggressive memory sharing, and late binding of resources to achieve this goal. While still an immature implementation, Potemkin has emulated over 64,000 Internet honeypots in live test runs, using only a handful of physical servers.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"51 1","pages":"148-162"},"PeriodicalIF":0.0,"publicationDate":"2005-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85107753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 390
PersiFS: a versioned file system with an efficient representation PersiFS:具有有效表示的版本化文件系统
Pub Date : 2005-10-23 DOI: 10.1145/1095810.1118598
Dan R. K. Ports, A. Clements, E. Demaine
The availability of previous file versions is invaluable for recovering from file corruption or user errors such as accidental deletions. Versioned file systems address this need by retaining earlier versions of changed files. Many existing file systems, such as Plan 9, WAFL, AFS, and others, use a snap-shotting approach: they record and archive the state of the file system at periodic intervals. However, this fails to capture modifications that are made between snapshots. Our system, PersiFS, is continuously versioned, meaning that it stores every modification, and thus allows access to the file system state as it appeared at any specified time. To make this feasible, we use a number of efficient data structures to optimize both access time and disk space.
以前的文件版本的可用性对于从文件损坏或用户错误(如意外删除)中恢复是无价的。版本化文件系统通过保留更改文件的早期版本来解决这一需求。许多现有的文件系统,如Plan 9、WAFL、AFS等,都使用快照方法:它们定期记录和归档文件系统的状态。但是,这无法捕获在快照之间进行的修改。我们的系统PersiFS是连续版本控制的,这意味着它存储每一次修改,因此允许访问在任何指定时间出现的文件系统状态。为了实现这一点,我们使用了许多有效的数据结构来优化访问时间和磁盘空间。
{"title":"PersiFS: a versioned file system with an efficient representation","authors":"Dan R. K. Ports, A. Clements, E. Demaine","doi":"10.1145/1095810.1118598","DOIUrl":"https://doi.org/10.1145/1095810.1118598","url":null,"abstract":"The availability of previous file versions is invaluable for recovering from file corruption or user errors such as accidental deletions. Versioned file systems address this need by retaining earlier versions of changed files. Many existing file systems, such as Plan 9, WAFL, AFS, and others, use a snap-shotting approach: they record and archive the state of the file system at periodic intervals. However, this fails to capture modifications that are made between snapshots. Our system, PersiFS, is continuously versioned, meaning that it stores every modification, and thus allows access to the file system state as it appeared at any specified time. To make this feasible, we use a number of efficient data structures to optimize both access time and disk space.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"49 1","pages":"1-2"},"PeriodicalIF":0.0,"publicationDate":"2005-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91396654","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Fault-scalable Byzantine fault-tolerant services 可伸缩的拜占庭式容错服务
Pub Date : 2005-10-23 DOI: 10.1145/1095810.1095817
M. Abd-El-Malek, G. Ganger, G. Goodson, M. Reiter, J. Wylie
A fault-scalable service can be configured to tolerate increasing numbers of faults without significant decreases in performance. The Query/Update (Q/U) protocol is a new tool that enables construction of fault-scalable Byzantine fault-tolerant services. The optimistic quorum-based nature of the Q/U protocol allows it to provide better throughput and fault-scalability than replicated state machines using agreement-based protocols. A prototype service built using the Q/U protocol outperforms the same service built using a popular replicated state machine implementation at all system sizes in experiments that permit an optimistic execution. Moreover, the performance of the Q/U protocol decreases by only 36% as the number of Byzantine faults tolerated increases from one to five, whereas the performance of the replicated state machine decreases by 83%.
故障可伸缩的服务可以配置为容忍越来越多的故障,而不会显著降低性能。查询/更新(Q/U)协议是一种新的工具,它支持构建可伸缩的拜占庭式容错服务。与使用基于协议的协议的复制状态机相比,Q/U协议基于乐观群体的特性允许它提供更好的吞吐量和故障可伸缩性。在允许乐观执行的实验中,使用Q/U协议构建的原型服务在所有系统大小上都优于使用流行的复制状态机实现构建的相同服务。此外,当容忍的拜占庭故障数量从1个增加到5个时,Q/U协议的性能仅下降36%,而复制状态机的性能下降83%。
{"title":"Fault-scalable Byzantine fault-tolerant services","authors":"M. Abd-El-Malek, G. Ganger, G. Goodson, M. Reiter, J. Wylie","doi":"10.1145/1095810.1095817","DOIUrl":"https://doi.org/10.1145/1095810.1095817","url":null,"abstract":"A fault-scalable service can be configured to tolerate increasing numbers of faults without significant decreases in performance. The Query/Update (Q/U) protocol is a new tool that enables construction of fault-scalable Byzantine fault-tolerant services. The optimistic quorum-based nature of the Q/U protocol allows it to provide better throughput and fault-scalability than replicated state machines using agreement-based protocols. A prototype service built using the Q/U protocol outperforms the same service built using a popular replicated state machine implementation at all system sizes in experiments that permit an optimistic execution. Moreover, the performance of the Q/U protocol decreases by only 36% as the number of Byzantine faults tolerated increases from one to five, whereas the performance of the replicated state machine decreases by 83%.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"17 1","pages":"59-74"},"PeriodicalIF":0.0,"publicationDate":"2005-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73626487","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 436
Implementing declarative overlays 实现声明性覆盖
Pub Date : 2005-10-23 DOI: 10.1145/1095810.1095818
B. T. Loo, Tyson Condie, J. Hellerstein, Petros Maniatis, Timothy Roscoe, I. Stoica
Overlay networks are used today in a variety of distributed systems ranging from file-sharing and storage systems to communication infrastructures. However, designing, building and adapting these overlays to the intended application and the target environment is a difficult and time consuming process.To ease the development and the deployment of such overlay networks we have implemented P2, a system that uses a declarative logic language to express overlay networks in a highly compact and reusable form. P2 can express a Narada-style mesh network in 16 rules, and the Chord structured overlay in only 47 rules. P2 directly parses and executes such specifications using a dataflow architecture to construct and maintain overlay networks. We describe the P2 approach, how our implementation works, and show by experiment its promising trade-off point between specification complexity and performance.
覆盖网络今天被用于各种分布式系统,从文件共享和存储系统到通信基础设施。然而,设计、构建和调整这些覆盖以适应预期的应用程序和目标环境是一个困难且耗时的过程。为了简化这种覆盖网络的开发和部署,我们实现了P2,这是一个使用声明性逻辑语言以高度紧凑和可重用的形式表达覆盖网络的系统。P2可以用16条规则表达一个narada风格的网状网络,而Chord结构覆盖只用47条规则。P2使用数据流架构直接解析和执行这些规范,以构建和维护覆盖网络。我们描述了P2方法,我们的实现是如何工作的,并通过实验展示了它在规范复杂性和性能之间的折衷点。
{"title":"Implementing declarative overlays","authors":"B. T. Loo, Tyson Condie, J. Hellerstein, Petros Maniatis, Timothy Roscoe, I. Stoica","doi":"10.1145/1095810.1095818","DOIUrl":"https://doi.org/10.1145/1095810.1095818","url":null,"abstract":"Overlay networks are used today in a variety of distributed systems ranging from file-sharing and storage systems to communication infrastructures. However, designing, building and adapting these overlays to the intended application and the target environment is a difficult and time consuming process.To ease the development and the deployment of such overlay networks we have implemented P2, a system that uses a declarative logic language to express overlay networks in a highly compact and reusable form. P2 can express a Narada-style mesh network in 16 rules, and the Chord structured overlay in only 47 rules. P2 directly parses and executes such specifications using a dataflow architecture to construct and maintain overlay networks. We describe the P2 approach, how our implementation works, and show by experiment its promising trade-off point between specification complexity and performance.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"56 1","pages":"75-90"},"PeriodicalIF":0.0,"publicationDate":"2005-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79442081","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 377
Vigilante: end-to-end containment of internet worms 治安维持者:端到端的互联网蠕虫控制
Pub Date : 2005-10-23 DOI: 10.1145/1095810.1095824
Manuel Costa, J. Crowcroft, M. Castro, A. Rowstron, Lidong Zhou, Lintao Zhang, P. Barham
Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed network-level techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. We propose Vigilante, a new end-to-end approach to contain worms automatically that addresses these limitations. Vigilante relies on collaborative worm detection at end hosts, but does not require hosts to trust each other. Hosts run instrumented software to detect worms and broadcast self-certifying alerts (SCAs) upon worm detection. SCAs are proofs of vulnerability that can be inexpensively verified by any vulnerable host. When hosts receive an SCA, they generate filters that block infection by analysing the SCA-guided execution of the vulnerable software. We show that Vigilante can automatically contain fast-spreading worms that exploit unknown vulnerabilities without blocking innocuous traffic.
蠕虫的控制必须是自动的,因为蠕虫的传播速度太快,人类无法做出反应。最近的工作提出了网络级技术来自动遏制蠕虫;这些技术具有局限性,因为没有关于蠕虫在网络级别利用的漏洞的信息。我们提出了Vigilante,一种新的端到端方法来自动控制蠕虫,解决了这些限制。Vigilante依赖于终端主机的协同蠕虫检测,但不需要主机之间的相互信任。主机运行检测软件检测蠕虫,并在检测到蠕虫时广播sca (self- certifiting alerts)。sca是漏洞的证明,任何易受攻击的主机都可以廉价地对其进行验证。当主机接收到SCA时,它们会生成过滤器,通过分析SCA引导的易受攻击软件的执行来阻止感染。我们展示了治安维持者可以自动控制利用未知漏洞的快速传播的蠕虫,而不会阻止无害的流量。
{"title":"Vigilante: end-to-end containment of internet worms","authors":"Manuel Costa, J. Crowcroft, M. Castro, A. Rowstron, Lidong Zhou, Lintao Zhang, P. Barham","doi":"10.1145/1095810.1095824","DOIUrl":"https://doi.org/10.1145/1095810.1095824","url":null,"abstract":"Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed network-level techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. We propose Vigilante, a new end-to-end approach to contain worms automatically that addresses these limitations. Vigilante relies on collaborative worm detection at end hosts, but does not require hosts to trust each other. Hosts run instrumented software to detect worms and broadcast self-certifying alerts (SCAs) upon worm detection. SCAs are proofs of vulnerability that can be inexpensively verified by any vulnerable host. When hosts receive an SCA, they generate filters that block infection by analysing the SCA-guided execution of the vulnerable software. We show that Vigilante can automatically contain fast-spreading worms that exploit unknown vulnerabilities without blocking innocuous traffic.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"1 1","pages":"133-147"},"PeriodicalIF":0.0,"publicationDate":"2005-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74541967","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 536
THINC: a virtual display architecture for thin-client computing THINC:用于瘦客户机计算的虚拟显示架构
Pub Date : 2005-10-23 DOI: 10.1145/1095810.1095837
Ricardo A. Baratto, Leonard N. Kim, Jason Nieh
Rapid improvements in network bandwidth, cost, and ubiquity combined with the security hazards and high total cost of ownership of personal computers have created a growing market for thin-client computing. We introduce THINC, a virtual display architecture for high-performance thin-client computing in both LAN and WAN environments. THINC virtualizes the display at the device driver interface to transparently intercept application display commands and translate them into a few simple low-level commands that can be easily supported by widely used client hardware. THINC's translation mechanism efficiently leverages display semantic information through novel optimizations such as offscreen drawing awareness, native video support, and server-side screen scaling. This is integrated with an update delivery architecture that uses shortest command first scheduling and non-blocking operation. THINC leverages existing display system functionality and works seamlessly with unmodified applications, window systems, and operating systems.We have implemented THINC in an X/Linux environment and compared its performance against widely used commercial approaches, including Citrix MetaFrame, Microsoft RDP, GoToMyPC, X, NX, VNC, and Sun Ray. Our experimental results on web and audio/video applications demonstrate that THINC can provide up to 4.8 times faster web browsing performance and two orders of magnitude better audio/video performance. THINC is the only thin client capable of transparently playing full-screen video and audio at full frame rate in both LAN and WAN environments. Our results also show for the first time that thin clients can even provide good performance using remote clients located in other countries around the world.
网络带宽、成本和普遍性的快速改进,再加上安全隐患和个人计算机的高总拥有成本,为瘦客户机计算创造了一个不断增长的市场。我们介绍了THINC,一种在局域网和广域网环境中用于高性能瘦客户机计算的虚拟显示架构。THINC在设备驱动程序接口虚拟化显示,以透明地拦截应用程序显示命令,并将其转换为一些简单的低级命令,这些命令可以很容易地被广泛使用的客户端硬件支持。THINC的翻译机制通过新的优化,如屏幕外绘图感知、本地视频支持和服务器端屏幕缩放,有效地利用了显示语义信息。这与使用最短命令优先调度和非阻塞操作的更新交付体系结构集成在一起。THINC利用现有的显示系统功能,并与未经修改的应用程序、窗口系统和操作系统无缝协作。我们在X/Linux环境中实现了THINC,并将其性能与广泛使用的商业方法(包括Citrix MetaFrame、Microsoft RDP、GoToMyPC、X、NX、VNC和Sun Ray)进行了比较。我们在网络和音频/视频应用上的实验结果表明,THINC可以提供高达4.8倍的网页浏览性能和两个数量级的音频/视频性能提升。THINC是唯一能够在LAN和WAN环境中以全帧速率透明地播放全屏视频和音频的瘦客户端。我们的结果还首次表明,瘦客户机甚至可以使用位于世界其他国家的远程客户机提供良好的性能。
{"title":"THINC: a virtual display architecture for thin-client computing","authors":"Ricardo A. Baratto, Leonard N. Kim, Jason Nieh","doi":"10.1145/1095810.1095837","DOIUrl":"https://doi.org/10.1145/1095810.1095837","url":null,"abstract":"Rapid improvements in network bandwidth, cost, and ubiquity combined with the security hazards and high total cost of ownership of personal computers have created a growing market for thin-client computing. We introduce THINC, a virtual display architecture for high-performance thin-client computing in both LAN and WAN environments. THINC virtualizes the display at the device driver interface to transparently intercept application display commands and translate them into a few simple low-level commands that can be easily supported by widely used client hardware. THINC's translation mechanism efficiently leverages display semantic information through novel optimizations such as offscreen drawing awareness, native video support, and server-side screen scaling. This is integrated with an update delivery architecture that uses shortest command first scheduling and non-blocking operation. THINC leverages existing display system functionality and works seamlessly with unmodified applications, window systems, and operating systems.We have implemented THINC in an X/Linux environment and compared its performance against widely used commercial approaches, including Citrix MetaFrame, Microsoft RDP, GoToMyPC, X, NX, VNC, and Sun Ray. Our experimental results on web and audio/video applications demonstrate that THINC can provide up to 4.8 times faster web browsing performance and two orders of magnitude better audio/video performance. THINC is the only thin client capable of transparently playing full-screen video and audio at full frame rate in both LAN and WAN environments. Our results also show for the first time that thin clients can even provide good performance using remote clients located in other countries around the world.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"1 1","pages":"277-290"},"PeriodicalIF":0.0,"publicationDate":"2005-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77905540","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 165
Mondrix: memory isolation for linux using mondriaan memory protection 使用mondriaan内存保护的linux内存隔离
Pub Date : 2005-10-23 DOI: 10.1145/1095810.1095814
E. Witchel, J. Rhee, K. Asanović
This paper presents the design and an evaluation of Mondrix, a version of the Linux kernel with Mondriaan Memory Protection (MMP). MMP is a combination of hardware and software that provides efficient fine-grained memory protection between multiple protection domains sharing a linear address space. Mondrix uses MMP to enforce isolation between kernel modules which helps detect bugs, limits their damage, and improves kernel robustness and maintainability. During development, MMP exposed two kernel bugs in common, heavily-tested code, and during fault injection experiments, it prevented three of five file system corruptions.The Mondrix implementation demonstrates how MMP can bring memory isolation to modules that already exist in a large software application. It shows the benefit of isolation for robustness and error detection and prevention, while validating previous claims that the protection abstractions MMP offers are a good fit for software. This paper describes the design of the memory supervisor, the kernel module which implements permissions policy.We present an evaluation of Mondrix using full-system simulation of large kernel-intensive workloads. Experiments with several benchmarks where MMP was used extensively indicate the additional space taken by the MMP data structures reduce the kernel's free memory by less than 10%, and the kernel's runtime increases less than 15% relative to an unmodified kernel.
本文介绍了带有Mondriaan内存保护(MMP)的Linux内核版本Mondrix的设计和评估。MMP是硬件和软件的组合,它在共享线性地址空间的多个保护域之间提供有效的细粒度内存保护。Mondrix使用MMP来强制内核模块之间的隔离,这有助于检测bug,限制它们的破坏,并提高内核的健壮性和可维护性。在开发期间,MMP暴露了经过严格测试的常见代码中的两个内核错误,在错误注入实验期间,它防止了五分之三的文件系统损坏。Mondrix实现演示了MMP如何为大型软件应用程序中已经存在的模块带来内存隔离。它展示了隔离对健壮性、错误检测和预防的好处,同时验证了先前关于MMP提供的保护抽象非常适合软件的说法。本文介绍了实现权限策略的核心模块——内存管理器的设计。我们使用大型内核密集型工作负载的全系统模拟对Mondrix进行了评估。在几个广泛使用MMP的基准测试中进行的实验表明,与未修改的内核相比,MMP数据结构占用的额外空间使内核的空闲内存减少了不到10%,内核的运行时增加了不到15%。
{"title":"Mondrix: memory isolation for linux using mondriaan memory protection","authors":"E. Witchel, J. Rhee, K. Asanović","doi":"10.1145/1095810.1095814","DOIUrl":"https://doi.org/10.1145/1095810.1095814","url":null,"abstract":"This paper presents the design and an evaluation of Mondrix, a version of the Linux kernel with Mondriaan Memory Protection (MMP). MMP is a combination of hardware and software that provides efficient fine-grained memory protection between multiple protection domains sharing a linear address space. Mondrix uses MMP to enforce isolation between kernel modules which helps detect bugs, limits their damage, and improves kernel robustness and maintainability. During development, MMP exposed two kernel bugs in common, heavily-tested code, and during fault injection experiments, it prevented three of five file system corruptions.The Mondrix implementation demonstrates how MMP can bring memory isolation to modules that already exist in a large software application. It shows the benefit of isolation for robustness and error detection and prevention, while validating previous claims that the protection abstractions MMP offers are a good fit for software. This paper describes the design of the memory supervisor, the kernel module which implements permissions policy.We present an evaluation of Mondrix using full-system simulation of large kernel-intensive workloads. Experiments with several benchmarks where MMP was used extensively indicate the additional space taken by the MMP data structures reduce the kernel's free memory by less than 10%, and the kernel's runtime increases less than 15% relative to an unmodified kernel.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"94 1","pages":"31-44"},"PeriodicalIF":0.0,"publicationDate":"2005-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80733097","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 129
期刊
Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1