Inconsistent system behavior causes unpredictable performance which is known to stress users; making the system perform consistently should remove this source of user stress. Operating systems currently provide the illusion that each application runs on a dedicated Virtual Machine. This paper proposes incorporating performance into this abstraction, resulting in a Virtual Private Machine. The VPM abstraction aims to improve user-perceived performance by increasing performance consistency, and it is applicable to any user-visible application, from word processors to web servers. To provide VPMs, per-resource performance models allow resources to be scheduled to meet target response times calculated for each user-visible action.
{"title":"Virtual private machines: user-centric performance","authors":"D. B. Stewart, R. Mortier","doi":"10.1145/1133572.1133595","DOIUrl":"https://doi.org/10.1145/1133572.1133595","url":null,"abstract":"Inconsistent system behavior causes unpredictable performance which is known to stress users; making the system perform consistently should remove this source of user stress. Operating systems currently provide the illusion that each application runs on a dedicated Virtual Machine. This paper proposes incorporating performance into this abstraction, resulting in a Virtual Private Machine. The VPM abstraction aims to improve user-perceived performance by increasing performance consistency, and it is applicable to any user-visible application, from word processors to web servers. To provide VPMs, per-resource performance models allow resources to be scheduled to meet target response times calculated for each user-visible action.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126633846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wireless ad hoc networks of sensor nodes are envisioned to be deployed in the physical environment to monitor a wide variety of real-world phenomena. Almost any sensor network application requires some form of self-configuration, where sensor nodes take on specific functions or roles in the network without manual intervention. These roles may be based on varying sensor node properties (e.g., available sensors, location, network neighbors) and may be used to support applications requiring heterogeneous node functionality (e.g., clustering, data aggregation). In this paper we argue that the assignment of user-defined roles is a fundamental part of a wide range of sensor network applications. Consequently, a framework for assignment of roles to sensor nodes in an application-specific manner could significantly ease sensor network programming. We outline the general structure of such a framework and present a first approach to its realization. We demonstrate its utility and feasibility using a number of concrete examples.
{"title":"Generic role assignment for wireless sensor networks","authors":"K. Römer, C. Frank, P. Marrón, C. Becker","doi":"10.1145/1133572.1133588","DOIUrl":"https://doi.org/10.1145/1133572.1133588","url":null,"abstract":"Wireless ad hoc networks of sensor nodes are envisioned to be deployed in the physical environment to monitor a wide variety of real-world phenomena. Almost any sensor network application requires some form of self-configuration, where sensor nodes take on specific functions or roles in the network without manual intervention. These roles may be based on varying sensor node properties (e.g., available sensors, location, network neighbors) and may be used to support applications requiring heterogeneous node functionality (e.g., clustering, data aggregation). In this paper we argue that the assignment of user-defined roles is a fundamental part of a wide range of sensor network applications. Consequently, a framework for assignment of roles to sensor nodes in an application-specific manner could significantly ease sensor network programming. We outline the general structure of such a framework and present a first approach to its realization. We demonstrate its utility and feasibility using a number of concrete examples.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125321065","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Blanquer, Antoni Batchelli, K. Schauser, R. Wolski
In this paper we argue that the best approach to providing Quality of Service (QoS) guarantees to current Internet services is to use admission control and traffic shaping techniques at the entrance points of Internet hosting sites. We propose a black-box approach that does not require knowledge, instrumentation, or modification of the system (hardware and software) that implements the services provided by the site.We maintain that such a non-intrusive QoS solution achieves better resource utilization, has lower cost, and is more flexible than the current approaches of physical partitioning and hardware over-provisioning. Furthermore, we contend that our solution is easier to deploy, less complex to implement, and easier to maintain than more intrusive approaches which embed the QoS logic into the operating system, distributed middleware, or application code. We demonstrate empirically that despite being decoupled from the internal mechanisms implementing the site, a black-box approach provides effective response times and capacity guarantees.
{"title":"QoS for internet services: done right","authors":"J. Blanquer, Antoni Batchelli, K. Schauser, R. Wolski","doi":"10.1145/1133572.1133596","DOIUrl":"https://doi.org/10.1145/1133572.1133596","url":null,"abstract":"In this paper we argue that the best approach to providing Quality of Service (QoS) guarantees to current Internet services is to use admission control and traffic shaping techniques at the entrance points of Internet hosting sites. We propose a black-box approach that does not require knowledge, instrumentation, or modification of the system (hardware and software) that implements the services provided by the site.We maintain that such a non-intrusive QoS solution achieves better resource utilization, has lower cost, and is more flexible than the current approaches of physical partitioning and hardware over-provisioning. Furthermore, we contend that our solution is easier to deploy, less complex to implement, and easier to maintain than more intrusive approaches which embed the QoS logic into the operating system, distributed middleware, or application code. We demonstrate empirically that despite being decoupled from the internal mechanisms implementing the site, a black-box approach provides effective response times and capacity guarantees.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"203 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123045905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The architecture of an operating system, e.g. micro kernel or monolithic kernel, is usually seen as something static. Even during the long lasting evolution of operating system code it is extremely hard and, thus, expensive to change the architecture. However, our experience is that architectural evolution is often required and an architecture-neutral way to develop operating system components should be found. After analyzing why architectural flexibility is so difficult to achieve, we propose Aspect-Oriented Programming (AOP) as a solution. An example from the PURE OS family, which is implemented in an aspect-oriented programming language called AspectC++, will demonstrate the usefulness of the approach, which allows to separate the code that implements architectural properties from the core functionality.
{"title":"Using AOP to develop architectural-neutral operating system components","authors":"O. Spinczyk, D. Lohmann","doi":"10.1145/1133572.1133582","DOIUrl":"https://doi.org/10.1145/1133572.1133582","url":null,"abstract":"The architecture of an operating system, e.g. micro kernel or monolithic kernel, is usually seen as something static. Even during the long lasting evolution of operating system code it is extremely hard and, thus, expensive to change the architecture. However, our experience is that architectural evolution is often required and an architecture-neutral way to develop operating system components should be found. After analyzing why architectural flexibility is so difficult to achieve, we propose Aspect-Oriented Programming (AOP) as a solution. An example from the PURE OS family, which is implemented in an aspect-oriented programming language called AspectC++, will demonstrate the usefulness of the approach, which allows to separate the code that implements architectural properties from the core functionality.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"353 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122792017","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
E. G. Sirer, Sharad Goel, Mark E Robson, Dogan Engin
Anonymity is increasingly important for networked applications amidst concerns over censorship and privacy. This paper outlines the design of HerbivoreFS, a scalable and efficient file sharing system that provides strong anonymity. HerbivoreFS provides computational guarantees that even adversaries able to monitor all network traffic cannot deduce the identity of a sender or receiver beyond an anonymizing clique of k peers. HerbivoreFS achieves scalability by partitioning the global network into smaller anonymizing cliques. Measurements on PlanetLab indicate that the system achieves high anonymous bandwidth when deployed on the Internet.
{"title":"Eluding carnivores: file sharing with strong anonymity","authors":"E. G. Sirer, Sharad Goel, Mark E Robson, Dogan Engin","doi":"10.1145/1133572.1133611","DOIUrl":"https://doi.org/10.1145/1133572.1133611","url":null,"abstract":"Anonymity is increasingly important for networked applications amidst concerns over censorship and privacy. This paper outlines the design of HerbivoreFS, a scalable and efficient file sharing system that provides strong anonymity. HerbivoreFS provides computational guarantees that even adversaries able to monitor all network traffic cannot deduce the identity of a sender or receiver beyond an anonymizing clique of k peers. HerbivoreFS achieves scalability by partitioning the global network into smaller anonymizing cliques. Measurements on PlanetLab indicate that the system achieves high anonymous bandwidth when deployed on the Internet.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125739337","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wireless local area networks (WLANs) based on a family of 802.11 technologies are becoming ubiquitous. These technologies support multiple data transmission rates. Transmitting at a lower data rate (by using a more resilient modulation scheme) increases the frame transmission time but reduces the bit error rate. In non-cooperative environments such as public hot-spots, individual nodes attempt to maximize their achieved throughput by adjusting the data rate or frame size used, irrespective of the impact of this on overall system performance.In a series of experiments, we demonstrate that the existing distributed MAC protocol encourages non-cooperative nodes to use globally inefficient transmission strategies that lead to degraded aggregate throughputs. We also show that by establishing independence between the allocation of the shared channel time and the strategies used by individual nodes, an improved MAC protocol can lead rational but non-cooperative nodes to make choices that increase aggregate throughputs by as much as 30% under some conditions.
{"title":"Long-term time-share guarantees are necessary for wireless LANs","authors":"Godfrey Tan, J. Guttag","doi":"10.1145/1133572.1133583","DOIUrl":"https://doi.org/10.1145/1133572.1133583","url":null,"abstract":"Wireless local area networks (WLANs) based on a family of 802.11 technologies are becoming ubiquitous. These technologies support multiple data transmission rates. Transmitting at a lower data rate (by using a more resilient modulation scheme) increases the frame transmission time but reduces the bit error rate. In non-cooperative environments such as public hot-spots, individual nodes attempt to maximize their achieved throughput by adjusting the data rate or frame size used, irrespective of the impact of this on overall system performance.In a series of experiments, we demonstrate that the existing distributed MAC protocol encourages non-cooperative nodes to use globally inefficient transmission strategies that lead to degraded aggregate throughputs. We also show that by establishing independence between the allocation of the shared channel time and the strategies used by individual nodes, an improved MAC protocol can lead rational but non-cooperative nodes to make choices that increase aggregate throughputs by as much as 30% under some conditions.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114648712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
K. Keeton, D. Beyer, J. Chase, A. Merchant, Cipriano A. Santos, J. Wilkes
Designing and managing dependable systems is a difficult endeavor. In this paper, we describe challenges in this vast problem space, including provisioning and allocating shared resources, adaptively managing system dependability, expressing dependability goals, interactively exploring the design space, and designing end-to-end service dependability. We outline the optimization-based approach we've used to tackle the data dependability portion of this space, and describe how we can extend that approach to address an even larger dependability scope.
{"title":"Lessons and challenges in automating data dependability","authors":"K. Keeton, D. Beyer, J. Chase, A. Merchant, Cipriano A. Santos, J. Wilkes","doi":"10.1145/1133572.1133591","DOIUrl":"https://doi.org/10.1145/1133572.1133591","url":null,"abstract":"Designing and managing dependable systems is a difficult endeavor. In this paper, we describe challenges in this vast problem space, including provisioning and allocating shared resources, adaptively managing system dependability, expressing dependability goals, interactively exploring the design space, and designing end-to-end service dependability. We outline the optimization-based approach we've used to tackle the data dependability portion of this space, and describe how we can extend that approach to address an even larger dependability scope.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122586720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Transactions ensure simple and correct handling of concurrency and failures but are often considered too expensive for use in file systems. This paper argues that performance is not a barrier to running transactions. It presents a simple mechanism that substantially lowers the cost of read-only transactions (which constitute the bulk of operations in a file system). The approach is inexpensive: it requires modest additional storage, but storage is cheap. It causes read-only transactions to run slightly in the past, but guarantees that they nevertheless see a consistent state.
{"title":"Transactional file systems can be fast","authors":"B. Liskov, R. Rodrigues","doi":"10.1145/1133572.1133592","DOIUrl":"https://doi.org/10.1145/1133572.1133592","url":null,"abstract":"Transactions ensure simple and correct handling of concurrency and failures but are often considered too expensive for use in file systems. This paper argues that performance is not a barrier to running transactions. It presents a simple mechanism that substantially lowers the cost of read-only transactions (which constitute the bulk of operations in a file system). The approach is inexpensive: it requires modest additional storage, but storage is cheap. It causes read-only transactions to run slightly in the past, but guarantees that they nevertheless see a consistent state.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"125 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116179101","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Computer systems are complex and unforgiving. Users need environments more tolerant of errors, allowing them to correct mistakes and explore alternatives. This is the aim of Joyce. Joyce records application usage across the system in such a way that the semantic relationships between individual operations are preserved. Using this information Joyce enables an exploratory model of undo/redo; the user can navigate, visualize, edit and experiment with the history of the system safe in the knowledge that any history change will not have unforeseen and irreversible effects.
{"title":"Undo for anyone, anywhere, anytime","authors":"James O'Brien, M. Shapiro","doi":"10.1145/1133572.1133579","DOIUrl":"https://doi.org/10.1145/1133572.1133579","url":null,"abstract":"Computer systems are complex and unforgiving. Users need environments more tolerant of errors, allowing them to correct mistakes and explore alternatives. This is the aim of Joyce. Joyce records application usage across the system in such a way that the semantic relationships between individual operations are preserved. Using this information Joyce enables an exploratory model of undo/redo; the user can navigate, visualize, edit and experiment with the history of the system safe in the knowledge that any history change will not have unforeseen and irreversible effects.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129247216","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Michael Hohmuth, M. Peter, Hermann Härtig, J. Shapiro
Secure systems are best built on top of a small trusted operating system: The smaller the operating system, the easier it can be assured or verified for correctness.In this paper, we oppose the view that virtual-machine monitors (VMMs) are the smallest systems that provide secure isolation because they have been specifically designed to provide little more than this property. The problem with this assertion is that VMMs typically do not support interprocess communication, complicating the use of untrusted components inside a secure systems.We propose extending traditional VMMs with features for secure message passing and memory sharing to enable the use of untrusted components in secure systems. We argue that moving system components out of the TCB into the untrusted part of the system and communicating with them using IPC reduces the overall size of the TCB.We argue that many secure applications can make use of untrusted components through trusted wrappers without risking security properties such as confidentiality and integrity.
{"title":"Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors","authors":"Michael Hohmuth, M. Peter, Hermann Härtig, J. Shapiro","doi":"10.1145/1133572.1133615","DOIUrl":"https://doi.org/10.1145/1133572.1133615","url":null,"abstract":"Secure systems are best built on top of a small trusted operating system: The smaller the operating system, the easier it can be assured or verified for correctness.In this paper, we oppose the view that virtual-machine monitors (VMMs) are the smallest systems that provide secure isolation because they have been specifically designed to provide little more than this property. The problem with this assertion is that VMMs typically do not support interprocess communication, complicating the use of untrusted components inside a secure systems.We propose extending traditional VMMs with features for secure message passing and memory sharing to enable the use of untrusted components in secure systems. We argue that moving system components out of the TCB into the untrusted part of the system and communicating with them using IPC reduces the overall size of the TCB.We argue that many secure applications can make use of untrusted components through trusted wrappers without risking security properties such as confidentiality and integrity.","PeriodicalId":285758,"journal":{"name":"EW 11","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129684906","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: