Andrea Maioli, Kevin A. Quinones, Saad Ahmed, Muhammad H. Alizai, Luca Mottola
We present hardware/software techniques to intelligently regulate supply voltage and clock frequency of intermittently-computing devices. These devices rely on ambient energy harvesting to power their operation and small capacitors as energy buffers. Statically setting their clock frequency fails to capture the unique relations these devices expose between capacitor voltage, energy efficiency at a given operating frequency, and the corresponding operating range. Existing dynamic voltage and frequency scaling techniques are also largely inapplicable due to extreme energy scarcity and peculiar hardware features. We introduce two hardware/software co-designs that accommodate the distinct hardware features and function within a constrained energy envelope, offering varied trade-offs and functionalities. Our experimental evaluation combines tests on custom-manufactured hardware and detailed emulation experiments. The data gathered indicate that our approaches result in up to 3.75x reduced energy consumption and 12x swifter execution times compared to the considered baselines, all while utilizing smaller capacitors to accomplish identical workloads.
{"title":"Dynamic Voltage and Frequency Scaling for Intermittent Computing","authors":"Andrea Maioli, Kevin A. Quinones, Saad Ahmed, Muhammad H. Alizai, Luca Mottola","doi":"arxiv-2401.08710","DOIUrl":"https://doi.org/arxiv-2401.08710","url":null,"abstract":"We present hardware/software techniques to intelligently regulate supply\u0000voltage and clock frequency of intermittently-computing devices. These devices\u0000rely on ambient energy harvesting to power their operation and small capacitors\u0000as energy buffers. Statically setting their clock frequency fails to capture\u0000the unique relations these devices expose between capacitor voltage, energy\u0000efficiency at a given operating frequency, and the corresponding operating\u0000range. Existing dynamic voltage and frequency scaling techniques are also\u0000largely inapplicable due to extreme energy scarcity and peculiar hardware\u0000features. We introduce two hardware/software co-designs that accommodate the\u0000distinct hardware features and function within a constrained energy envelope,\u0000offering varied trade-offs and functionalities. Our experimental evaluation\u0000combines tests on custom-manufactured hardware and detailed emulation\u0000experiments. The data gathered indicate that our approaches result in up to\u00003.75x reduced energy consumption and 12x swifter execution times compared to\u0000the considered baselines, all while utilizing smaller capacitors to accomplish\u0000identical workloads.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"81 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139500450","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Compartmentalization effectively prevents initial corruption from turning into a successful attack. This paper presents O2C, a pioneering system designed to enforce OS kernel compartmentalization on the fly. It not only provides immediate remediation for sudden threats but also maintains consistent system availability through the enforcement process. O2C is empowered by the newest advancements of the eBPF ecosystem which allows to instrument eBPF programs that perform enforcement actions into the kernel at runtime. O2C takes the lead in embedding a machine learning model into eBPF programs, addressing unique challenges in on-the-fly compartmentalization. Our comprehensive evaluation shows that O2C effectively confines damage within the compartment. Further, we validate that decision tree is optimally suited for O2C owing to its advantages in processing tabular data, its explainable nature, and its compliance with the eBPF ecosystem. Last but not least, O2C is lightweight, showing negligible overhead and excellent sacalability system-wide.
{"title":"When eBPF Meets Machine Learning: On-the-fly OS Kernel Compartmentalization","authors":"Zicheng Wang, Tiejin Chen, Qinrun Dai, Yueqi Chen, Hua Wei, Qingkai Zeng","doi":"arxiv-2401.05641","DOIUrl":"https://doi.org/arxiv-2401.05641","url":null,"abstract":"Compartmentalization effectively prevents initial corruption from turning\u0000into a successful attack. This paper presents O2C, a pioneering system designed\u0000to enforce OS kernel compartmentalization on the fly. It not only provides\u0000immediate remediation for sudden threats but also maintains consistent system\u0000availability through the enforcement process. O2C is empowered by the newest advancements of the eBPF ecosystem which\u0000allows to instrument eBPF programs that perform enforcement actions into the\u0000kernel at runtime. O2C takes the lead in embedding a machine learning model\u0000into eBPF programs, addressing unique challenges in on-the-fly\u0000compartmentalization. Our comprehensive evaluation shows that O2C effectively\u0000confines damage within the compartment. Further, we validate that decision tree\u0000is optimally suited for O2C owing to its advantages in processing tabular data,\u0000its explainable nature, and its compliance with the eBPF ecosystem. Last but\u0000not least, O2C is lightweight, showing negligible overhead and excellent\u0000sacalability system-wide.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139462566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Windows authentication infrastructure relies on the Local Security Authority (LSA) system, with its integral component being lsass.exe. Regrettably, this framework is not impervious, presenting vulnerabilities that attract threat actors with malicious intent. By exploiting documented vulnerabilities sourced from the CVE database or leveraging sophisticated tools such as mimikatz, adversaries can successfully compromise user password-address information. In this comprehensive analysis, we delve into proactive measures aimed at fortifying the local authentication subsystem against potential threats. Moreover, we present empirical evidence derived from practical assessments of various defensive methodologies, including those articulated previously. This examination not only underscores the importance of proactive security measures but also assesses the practical efficacy of these strategies in real-world contexts.
Windows 身份验证基础架构依赖于本地安全授权(LSA)系统,其不可或缺的组成部分是 lsass.exe。遗憾的是,这个框架并不是无懈可击的,它所存在的漏洞吸引着怀有恶意的威胁者。通过利用 CVE 数据库中记录的漏洞或利用 mimikatz 等复杂工具,对手可以成功入侵用户密码地址信息。在这篇综合分析报告中,我们深入探讨了旨在加强本地身份验证子系统应对潜在威胁的前瞻性措施。此外,我们还介绍了对各种防御方法(包括之前阐述的方法)进行实际评估后得出的经验证据。这项研究不仅强调了主动安全措施的重要性,还评估了这些策略在现实环境中的实际效果。
{"title":"RASP for LSASS: Preventing Mimikatz-Related Attacks","authors":"Anna Revazova, Igor Korkin","doi":"arxiv-2401.00316","DOIUrl":"https://doi.org/arxiv-2401.00316","url":null,"abstract":"The Windows authentication infrastructure relies on the Local Security\u0000Authority (LSA) system, with its integral component being lsass.exe.\u0000Regrettably, this framework is not impervious, presenting vulnerabilities that\u0000attract threat actors with malicious intent. By exploiting documented\u0000vulnerabilities sourced from the CVE database or leveraging sophisticated tools\u0000such as mimikatz, adversaries can successfully compromise user password-address\u0000information. In this comprehensive analysis, we delve into proactive measures aimed at\u0000fortifying the local authentication subsystem against potential threats.\u0000Moreover, we present empirical evidence derived from practical assessments of\u0000various defensive methodologies, including those articulated previously. This\u0000examination not only underscores the importance of proactive security measures\u0000but also assesses the practical efficacy of these strategies in real-world\u0000contexts.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"62 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139077898","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The purpose of this study is to evaluate the possibility of implementing an attack on ALPC connection in the Windows operating system through the kernel without closing the connection covertly from programs and the operating system and to propose a method of protection against this type of attacks. Asynchronous Local Procedure Call technology (ALPC) is used in various Windows information protection systems, including antivirus systems (AV) and Endpoint Detection and Response systems (EDR). To ensure the concealment of malicious software, attackers need to disrupt the operation of AV, EDR tools, which in turn can be achieved by destructive impact on the components of the ALPC technology. Examples of such attacks already exist and are covered in this paper. To counteract such new threats, it is necessary to advance the improvement of information security systems and the ALPC security research was conducted. The most difficult case, Windows kernel driver attack, was considered. Three attacks on the ALPC connection were carried out, based on changing the ALPC structures in the kernel memory, which led to creation of illegitimate connections in the system and the disruption of correct connections. ALPChecker protection tool has been developed. The tool was successfully tested on three demonstrated attacks.
本研究的目的是评估通过内核对 Windows 操作系统中的 ALPC 连接实施攻击的可能性,而不从程序和操作系统隐蔽地关闭连接,并提出一种防范此类攻击的方法。异步本地过程调用技术(ALPC)用于各种 Windows 信息保护系统,包括防病毒系统(AV)和端点检测与响应系统(EDR)。为确保隐藏恶意软件,攻击者需要破坏 AV 和 EDR 工具的运行,而这可以通过对 ALPC 技术组件的破坏性影响来实现。此类攻击的例子已经存在,本文将对此进行介绍。为了应对此类新威胁,有必要推进信息安全系统的改进,因此开展了 ALPC 安全研究。研究考虑了最困难的情况,即 Windows 内核驱动程序攻击。通过改变内核内存中的 ALPC 结构,对 ALPC 连接进行了三次攻击,从而在系统中创建了非法连接并破坏了正确的连接。ALPChecker 保护工具已经开发出来。该工具在三次演示攻击中进行了成功测试。
{"title":"ALPC Is In Danger: ALPChecker Detects Spoofing and Blinding","authors":"Anastasiia Kropova, Igor Korkin","doi":"arxiv-2401.01376","DOIUrl":"https://doi.org/arxiv-2401.01376","url":null,"abstract":"The purpose of this study is to evaluate the possibility of implementing an\u0000attack on ALPC connection in the Windows operating system through the kernel\u0000without closing the connection covertly from programs and the operating system\u0000and to propose a method of protection against this type of attacks.\u0000Asynchronous Local Procedure Call technology (ALPC) is used in various Windows\u0000information protection systems, including antivirus systems (AV) and Endpoint\u0000Detection and Response systems (EDR). To ensure the concealment of malicious\u0000software, attackers need to disrupt the operation of AV, EDR tools, which in\u0000turn can be achieved by destructive impact on the components of the ALPC\u0000technology. Examples of such attacks already exist and are covered in this\u0000paper. To counteract such new threats, it is necessary to advance the\u0000improvement of information security systems and the ALPC security research was\u0000conducted. The most difficult case, Windows kernel driver attack, was\u0000considered. Three attacks on the ALPC connection were carried out, based on\u0000changing the ALPC structures in the kernel memory, which led to creation of\u0000illegitimate connections in the system and the disruption of correct\u0000connections. ALPChecker protection tool has been developed. The tool was\u0000successfully tested on three demonstrated attacks.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"87 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139096135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pengmiao Zhang, Neelesh Gupta, Rajgopal Kannan, Viktor K. Prasanna
Attention-based Neural Networks (NN) have demonstrated their effectiveness in accurate memory access prediction, an essential step in data prefetching. However, the substantial computational overheads associated with these models result in high inference latency, limiting their feasibility as practical prefetchers. To close the gap, we propose a new approach based on tabularization that significantly reduces model complexity and inference latency without sacrificing prediction accuracy. Our novel tabularization methodology takes as input a distilled, yet highly accurate attention-based model for memory access prediction and efficiently converts its expensive matrix multiplications into a hierarchy of fast table lookups. As an exemplar of the above approach, we develop DART, a prefetcher comprised of a simple hierarchy of tables. With a modest 0.09 drop in F1-score, DART reduces 99.99% of arithmetic operations from the large attention-based model and 91.83% from the distilled model. DART accelerates the large model inference by 170x and the distilled model by 9.4x. DART has comparable latency and storage costs as state-of-the-art rule-based prefetcher BO but surpasses it by 6.1% in IPC improvement, resulting in a 37.6% speed-up. DART outperforms state-of-the-art NN-based prefetchers TransFetch by 33.1% and Voyager by 37.2% in terms of IPC improvement, primarily due to its low prefetching latency.
{"title":"Attention, Distillation, and Tabularization: Towards Practical Neural Network-Based Prefetching","authors":"Pengmiao Zhang, Neelesh Gupta, Rajgopal Kannan, Viktor K. Prasanna","doi":"arxiv-2401.06362","DOIUrl":"https://doi.org/arxiv-2401.06362","url":null,"abstract":"Attention-based Neural Networks (NN) have demonstrated their effectiveness in\u0000accurate memory access prediction, an essential step in data prefetching.\u0000However, the substantial computational overheads associated with these models\u0000result in high inference latency, limiting their feasibility as practical\u0000prefetchers. To close the gap, we propose a new approach based on\u0000tabularization that significantly reduces model complexity and inference\u0000latency without sacrificing prediction accuracy. Our novel tabularization\u0000methodology takes as input a distilled, yet highly accurate attention-based\u0000model for memory access prediction and efficiently converts its expensive\u0000matrix multiplications into a hierarchy of fast table lookups. As an exemplar\u0000of the above approach, we develop DART, a prefetcher comprised of a simple\u0000hierarchy of tables. With a modest 0.09 drop in F1-score, DART reduces 99.99%\u0000of arithmetic operations from the large attention-based model and 91.83% from\u0000the distilled model. DART accelerates the large model inference by 170x and the\u0000distilled model by 9.4x. DART has comparable latency and storage costs as\u0000state-of-the-art rule-based prefetcher BO but surpasses it by 6.1% in IPC\u0000improvement, resulting in a 37.6% speed-up. DART outperforms state-of-the-art\u0000NN-based prefetchers TransFetch by 33.1% and Voyager by 37.2% in terms of IPC\u0000improvement, primarily due to its low prefetching latency.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"27 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-12-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139470795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper introduces PowerInfer, a high-speed Large Language Model (LLM) inference engine on a personal computer (PC) equipped with a single consumer-grade GPU. The key underlying the design of PowerInfer is exploiting the high locality inherent in LLM inference, characterized by a power-law distribution in neuron activation. This distribution indicates that a small subset of neurons, termed hot neurons, are consistently activated across inputs, while the majority, cold neurons, vary based on specific inputs. PowerInfer exploits such an insight to design a GPU-CPU hybrid inference engine: hot-activated neurons are preloaded onto the GPU for fast access, while cold-activated neurons are computed on the CPU, thus significantly reducing GPU memory demands and CPU-GPU data transfers. PowerInfer further integrates adaptive predictors and neuron-aware sparse operators, optimizing the efficiency of neuron activation and computational sparsity. Evaluation shows that PowerInfer attains an average token generation rate of 13.20 tokens/s, with a peak of 29.08 tokens/s, across various LLMs (including OPT-175B) on a single NVIDIA RTX 4090 GPU, only 18% lower than that achieved by a top-tier server-grade A100 GPU. This significantly outperforms llama.cpp by up to 11.69x while retaining model accuracy.
{"title":"PowerInfer: Fast Large Language Model Serving with a Consumer-grade GPU","authors":"Yixin Song, Zeyu Mi, Haotong Xie, Haibo Chen","doi":"arxiv-2312.12456","DOIUrl":"https://doi.org/arxiv-2312.12456","url":null,"abstract":"This paper introduces PowerInfer, a high-speed Large Language Model (LLM)\u0000inference engine on a personal computer (PC) equipped with a single\u0000consumer-grade GPU. The key underlying the design of PowerInfer is exploiting\u0000the high locality inherent in LLM inference, characterized by a power-law\u0000distribution in neuron activation. This distribution indicates that a small\u0000subset of neurons, termed hot neurons, are consistently activated across\u0000inputs, while the majority, cold neurons, vary based on specific inputs.\u0000PowerInfer exploits such an insight to design a GPU-CPU hybrid inference\u0000engine: hot-activated neurons are preloaded onto the GPU for fast access, while\u0000cold-activated neurons are computed on the CPU, thus significantly reducing GPU\u0000memory demands and CPU-GPU data transfers. PowerInfer further integrates\u0000adaptive predictors and neuron-aware sparse operators, optimizing the\u0000efficiency of neuron activation and computational sparsity. Evaluation shows\u0000that PowerInfer attains an average token generation rate of 13.20 tokens/s,\u0000with a peak of 29.08 tokens/s, across various LLMs (including OPT-175B) on a\u0000single NVIDIA RTX 4090 GPU, only 18% lower than that achieved by a top-tier\u0000server-grade A100 GPU. This significantly outperforms llama.cpp by up to 11.69x\u0000while retaining model accuracy.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"58 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138825467","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Divyanshu Saxena, Nihal Sharma, Donghyun Kim, Rohit Dwivedula, Jiayi Chen, Chenxi Yang, Sriram Ravula, Zichao Hu, Aditya Akella, Sebastian Angel, Joydeep Biswas, Swarat Chaudhuri, Isil Dillig, Alex Dimakis, P. Brighten Godfrey, Daehyeok Kim, Chris Rossbach, Gang Wang
This paper lays down the research agenda for a domain-specific foundation model for operating systems (OSes). Our case for a foundation model revolves around the observations that several OS components such as CPU, memory, and network subsystems are interrelated and that OS traces offer the ideal dataset for a foundation model to grasp the intricacies of diverse OS components and their behavior in varying environments and workloads. We discuss a wide range of possibilities that then arise, from employing foundation models as policy agents to utilizing them as generators and predictors to assist traditional OS control algorithms. Our hope is that this paper spurs further research into OS foundation models and creating the next generation of operating systems for the evolving computing landscape.
{"title":"On a Foundation Model for Operating Systems","authors":"Divyanshu Saxena, Nihal Sharma, Donghyun Kim, Rohit Dwivedula, Jiayi Chen, Chenxi Yang, Sriram Ravula, Zichao Hu, Aditya Akella, Sebastian Angel, Joydeep Biswas, Swarat Chaudhuri, Isil Dillig, Alex Dimakis, P. Brighten Godfrey, Daehyeok Kim, Chris Rossbach, Gang Wang","doi":"arxiv-2312.07813","DOIUrl":"https://doi.org/arxiv-2312.07813","url":null,"abstract":"This paper lays down the research agenda for a domain-specific foundation\u0000model for operating systems (OSes). Our case for a foundation model revolves\u0000around the observations that several OS components such as CPU, memory, and\u0000network subsystems are interrelated and that OS traces offer the ideal dataset\u0000for a foundation model to grasp the intricacies of diverse OS components and\u0000their behavior in varying environments and workloads. We discuss a wide range\u0000of possibilities that then arise, from employing foundation models as policy\u0000agents to utilizing them as generators and predictors to assist traditional OS\u0000control algorithms. Our hope is that this paper spurs further research into OS\u0000foundation models and creating the next generation of operating systems for the\u0000evolving computing landscape.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"20 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138632265","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
People living with Type 1 Diabetes (T1D) lose the ability to produce insulin naturally. To compensate, they inject synthetic insulin. One common way to inject insulin is through automated insulin delivery systems, which use sensors to monitor their metabolic state and an insulin pump device to adjust insulin to adapt. In this paper, we present the Metabolic Operating System, a new automated insulin delivery system that we designed from the ground up using security first principles. From an architecture perspective, we apply separation principles to simplify the core system and isolate non-critical functionality from the core closed-loop algorithm. From an algorithmic perspective, we evaluate trends in insulin technology and formulate a simple, but effective, algorithm given the state-of-the-art. From a safety perspective, we build in multiple layers of redundancy to ensure that the person using our system remains safe. Fundamentally, this paper is a paper on real-world experiences building and running an automated insulin delivery system. We report on the design iterations we make based on experiences working with one individual using our system. Our evaluation shows that an automated insulin delivery system built from the ground up using security first principles can still help manage T1D effectively. Our source code is open source and available on GitHub (link omitted).
{"title":"Security, extensibility, and redundancy in the Metabolic Operating System","authors":"Samuel T. King","doi":"arxiv-2401.01357","DOIUrl":"https://doi.org/arxiv-2401.01357","url":null,"abstract":"People living with Type 1 Diabetes (T1D) lose the ability to produce insulin\u0000naturally. To compensate, they inject synthetic insulin. One common way to\u0000inject insulin is through automated insulin delivery systems, which use sensors\u0000to monitor their metabolic state and an insulin pump device to adjust insulin\u0000to adapt. In this paper, we present the Metabolic Operating System, a new automated\u0000insulin delivery system that we designed from the ground up using security\u0000first principles. From an architecture perspective, we apply separation\u0000principles to simplify the core system and isolate non-critical functionality\u0000from the core closed-loop algorithm. From an algorithmic perspective, we\u0000evaluate trends in insulin technology and formulate a simple, but effective,\u0000algorithm given the state-of-the-art. From a safety perspective, we build in\u0000multiple layers of redundancy to ensure that the person using our system\u0000remains safe. Fundamentally, this paper is a paper on real-world experiences building and\u0000running an automated insulin delivery system. We report on the design\u0000iterations we make based on experiences working with one individual using our\u0000system. Our evaluation shows that an automated insulin delivery system built\u0000from the ground up using security first principles can still help manage T1D\u0000effectively. Our source code is open source and available on GitHub (link omitted).","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"215 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139096273","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yusheng Zheng, Yiwei Yang, Maolin Chen, Andrew Quinn
The ability to modify and extend an operating system is an important feature for improving a system's security, reliability, and performance. The extended Berkeley Packet Filters (eBPF) ecosystem has emerged as the standard mechanism for extending the Linux kernel and has recently been ported to Windows. eBPF programs inject new logic into the kernel that the system will execute before or after existing logic. While the eBPF ecosystem provides a flexible mechanism for kernel extension, it is difficult for developers to write eBPF programs today. An eBPF developer must have deep knowledge of the internals of the operating system to determine where to place logic and cope with programming limitations on the control flow and data accesses of their eBPF program enforced by the eBPF verifier. This paper presents KEN, an alternative framework that alleviates the difficulty of writing an eBPF program by allowing Kernel Extensions to be written in Natural language. KEN uses recent advances in large language models (LLMs) to synthesize an eBPF program given a user's English language prompt. To ensure that LLM's output is semantically equivalent to the user's prompt, KEN employs a combination of LLM-empowered program comprehension, symbolic execution, and a series of feedback loops. KEN's key novelty is the combination of these techniques. In particular, the system uses symbolic execution in a novel structure that allows it to combine the results of program synthesis and program comprehension and build on the recent success that LLMs have shown for each of these tasks individually. To evaluate KEN, we developed a new corpus of natural language prompts for eBPF programs. We show that KEN produces correct eBPF programs on 80% which is an improvement of a factor of 2.67 compared to an LLM-empowered program synthesis baseline.
{"title":"KEN: Kernel Extensions using Natural Language","authors":"Yusheng Zheng, Yiwei Yang, Maolin Chen, Andrew Quinn","doi":"arxiv-2312.05531","DOIUrl":"https://doi.org/arxiv-2312.05531","url":null,"abstract":"The ability to modify and extend an operating system is an important feature\u0000for improving a system's security, reliability, and performance. The extended\u0000Berkeley Packet Filters (eBPF) ecosystem has emerged as the standard mechanism\u0000for extending the Linux kernel and has recently been ported to Windows. eBPF\u0000programs inject new logic into the kernel that the system will execute before\u0000or after existing logic. While the eBPF ecosystem provides a flexible mechanism\u0000for kernel extension, it is difficult for developers to write eBPF programs\u0000today. An eBPF developer must have deep knowledge of the internals of the\u0000operating system to determine where to place logic and cope with programming\u0000limitations on the control flow and data accesses of their eBPF program\u0000enforced by the eBPF verifier. This paper presents KEN, an alternative\u0000framework that alleviates the difficulty of writing an eBPF program by allowing\u0000Kernel Extensions to be written in Natural language. KEN uses recent advances\u0000in large language models (LLMs) to synthesize an eBPF program given a user's\u0000English language prompt. To ensure that LLM's output is semantically equivalent\u0000to the user's prompt, KEN employs a combination of LLM-empowered program\u0000comprehension, symbolic execution, and a series of feedback loops. KEN's key\u0000novelty is the combination of these techniques. In particular, the system uses\u0000symbolic execution in a novel structure that allows it to combine the results\u0000of program synthesis and program comprehension and build on the recent success\u0000that LLMs have shown for each of these tasks individually. To evaluate KEN, we\u0000developed a new corpus of natural language prompts for eBPF programs. We show\u0000that KEN produces correct eBPF programs on 80% which is an improvement of a\u0000factor of 2.67 compared to an LLM-empowered program synthesis baseline.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"81 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138575611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jun Lu, Zhenya Ma, Yinggang Gao, Ju Ren, Yaoxue Zhang
Traditional executable delivery models pose challenges for IoT devices with limited storage, necessitating the download of complete executables and dependencies. Network solutions like NFS, designed for data files, encounter high IO overhead for irregular access patterns. This paper introduces SYSFLOW, a lightweight network-based executable delivery system for IoT. SYSFLOW delivers on-demand, redirecting local disk IO to the server through optimized network IO. To optimize cache hit rates, SYSFLOW employs server-side action-based prefetching, reducing latency by 45.1% to 75.8% compared to native Linux filesystems on SD cards. In wired environments, SYSFLOW's latency is up to 67.7% lower than NFS. In wireless scenarios, SYSFLOW performs 22.9% worse than Linux, comparable with Linux and outperforming NFS by up to 60.7%. While SYSFLOW's power consumption may be 6.7% higher than NFS, it offers energy savings due to lower processing time.
{"title":"SYSFLOW: Efficient Execution Platform for IoT Devices","authors":"Jun Lu, Zhenya Ma, Yinggang Gao, Ju Ren, Yaoxue Zhang","doi":"arxiv-2312.04871","DOIUrl":"https://doi.org/arxiv-2312.04871","url":null,"abstract":"Traditional executable delivery models pose challenges for IoT devices with\u0000limited storage, necessitating the download of complete executables and\u0000dependencies. Network solutions like NFS, designed for data files, encounter\u0000high IO overhead for irregular access patterns. This paper introduces SYSFLOW,\u0000a lightweight network-based executable delivery system for IoT. SYSFLOW\u0000delivers on-demand, redirecting local disk IO to the server through optimized\u0000network IO. To optimize cache hit rates, SYSFLOW employs server-side\u0000action-based prefetching, reducing latency by 45.1% to 75.8% compared to native\u0000Linux filesystems on SD cards. In wired environments, SYSFLOW's latency is up\u0000to 67.7% lower than NFS. In wireless scenarios, SYSFLOW performs 22.9% worse\u0000than Linux, comparable with Linux and outperforming NFS by up to 60.7%. While\u0000SYSFLOW's power consumption may be 6.7% higher than NFS, it offers energy\u0000savings due to lower processing time.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138575829","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}