Abstract models are given which reflect the properties of most existing mechanisms for enforcing protection or access control, together with some possible implementations. The properties of existing systems are explicated in terms of the model and implementations.
{"title":"Protection","authors":"B. Lampson","doi":"10.1145/775265.775268","DOIUrl":"https://doi.org/10.1145/775265.775268","url":null,"abstract":"Abstract models are given which reflect the properties of most existing mechanisms for enforcing protection or access control, together with some possible implementations. The properties of existing systems are explicated in terms of the model and implementations.","PeriodicalId":7046,"journal":{"name":"ACM SIGOPS Oper. Syst. Rev.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78299585","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zi Yan, J. Veselý, Guilherme Cox, A. Bhattacharjee
To improve system performance, operating systems (OSes) often undertake activities that require modification of virtual-to-physical address translations. For example, the OS may migrate data between physical pages to manage heterogeneous memory devices. We refer to such activities as page remappings. Unfortunately, page remappings are expensive. We show that a big part of this cost arises from address translation coherence, particularly on systems employing virtualization. In response, we propose hardware translation invalidation and coherence or HATRIC, a readily implementable hardware mechanism to piggyback translation coherence atop existing cache coherence protocols. We perform detailed studies using KVM-based virtualization, showing that HATRIC achieves up to 30% performance and 10% energy benefits, for per-CPU area overheads of 0.2%. We also quantify HATRIC's benefits on systems running Xen and find up to 33% performance improvements.
{"title":"Hardware Translation Coherence for Virtualized Systems","authors":"Zi Yan, J. Veselý, Guilherme Cox, A. Bhattacharjee","doi":"10.1145/3273982.3273988","DOIUrl":"https://doi.org/10.1145/3273982.3273988","url":null,"abstract":"To improve system performance, operating systems (OSes) often undertake activities that require modification of virtual-to-physical address translations. For example, the OS may migrate data between physical pages to manage heterogeneous memory devices. We refer to such activities as page remappings. Unfortunately, page remappings are expensive. We show that a big part of this cost arises from address translation coherence, particularly on systems employing virtualization. In response, we propose hardware translation invalidation and coherence or HATRIC, a readily implementable hardware mechanism to piggyback translation coherence atop existing cache coherence protocols. We perform detailed studies using KVM-based virtualization, showing that HATRIC achieves up to 30% performance and 10% energy benefits, for per-CPU area overheads of 0.2%. We also quantify HATRIC's benefits on systems running Xen and find up to 33% performance improvements.","PeriodicalId":7046,"journal":{"name":"ACM SIGOPS Oper. Syst. Rev.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88206861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
ARM servers are becoming increasingly common, making server technologies such as virtualization for ARM of growing importance. We present the first study of ARM virtualization performance on server hardware, including multi-core measurements of two popular ARM and x86 hypervisors, KVM and Xen. We show how ARM hardware support for virtualization can enable much faster transitions between VMs and the hypervisor, a key hypervisor operation. However, current hypervisor designs, including both Type 1 hypervisors such as Xen and Type 2 hypervisors such as KVM, are not able to leverage this performance benefit for real application workloads on ARMv8.0. We discuss the reasons why and show that other factors related to hypervisor software design and implementation have a larger role in overall performance. Based on our measurements, we discuss software changes and new hardware features, the Virtualization Host Extensions (VHE), added in ARMv8.1 that bridge the gap and bring ARM's faster VM-to-hypervisor transition mechanism to modern Type 2 hypervisors running real applications.
{"title":"ARM Virtualization","authors":"Chris Dall, Shih-wei Li, J. Lim, Jason Nieh","doi":"10.1145/3273982.3273987","DOIUrl":"https://doi.org/10.1145/3273982.3273987","url":null,"abstract":"ARM servers are becoming increasingly common, making server technologies such as virtualization for ARM of growing importance. We present the first study of ARM virtualization performance on server hardware, including multi-core measurements of two popular ARM and x86 hypervisors, KVM and Xen. We show how ARM hardware support for virtualization can enable much faster transitions between VMs and the hypervisor, a key hypervisor operation. However, current hypervisor designs, including both Type 1 hypervisors such as Xen and Type 2 hypervisors such as KVM, are not able to leverage this performance benefit for real application workloads on ARMv8.0. We discuss the reasons why and show that other factors related to hypervisor software design and implementation have a larger role in overall performance. Based on our measurements, we discuss software changes and new hardware features, the Virtualization Host Extensions (VHE), added in ARMv8.1 that bridge the gap and bring ARM's faster VM-to-hypervisor transition mechanism to modern Type 2 hypervisors running real applications.","PeriodicalId":7046,"journal":{"name":"ACM SIGOPS Oper. Syst. Rev.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76725115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Pettit, Ben Pfaff, Joe Stringer, Cheng-Chun Tu, B. Blanco, Alex Tessmer
VMware NSX virtualizes network functionality in a manner anal- ogous to how hypervisors virtualize compute resources. To do this, NSX must faithfully recreate virtual versions of network compo- nents, such as switches, routers, and firewalls. As this functionality becomes commoditized, NSX must move "up the stack" to provide more advanced features, such as load-balancers, IDS/IPS (intrusion detection and prevention systems), and DPI (deep packet inspec- tion) for classification. NSX is designed to work in all types of deployments-even those without any other VMware software. It integrates with ESXi, Linux KVM, and Hyper-V hypervisors; it is even being made to work on systems without a hypervisor, such as containers and third- party clouds. Each of these platforms has its own native forwarding plane. For the best user experience, all of the forwarding planes should provide the same behavior, but the disparate implemen- tations make this difficult in practice. As network functions be- come more complex and as NSX supports more forwarding planes, both duplication of effort and undesirable diversity of behavior in- creases. We propose a new approach to building advanced network func- tions in NSX. Under this approach, identical code runs on all of NSX's supported platforms. Applications will run at or near native performance, but with better security and identical cross-platform behavior. We demonstrate this by writing a single application to provide DPI functionality that runs in the fast paths of each of NSX's primary platforms: ESXi, Linux, and Edge gateway appli- ance. We evaluate the performance and correctness of our imple- mentation on the three platforms.
{"title":"Bringing Platform Harmony to VMware NSX","authors":"J. Pettit, Ben Pfaff, Joe Stringer, Cheng-Chun Tu, B. Blanco, Alex Tessmer","doi":"10.1145/3273982.3273994","DOIUrl":"https://doi.org/10.1145/3273982.3273994","url":null,"abstract":"VMware NSX virtualizes network functionality in a manner anal- ogous to how hypervisors virtualize compute resources. To do this, NSX must faithfully recreate virtual versions of network compo- nents, such as switches, routers, and firewalls. As this functionality becomes commoditized, NSX must move \"up the stack\" to provide more advanced features, such as load-balancers, IDS/IPS (intrusion detection and prevention systems), and DPI (deep packet inspec- tion) for classification. NSX is designed to work in all types of deployments-even those without any other VMware software. It integrates with ESXi, Linux KVM, and Hyper-V hypervisors; it is even being made to work on systems without a hypervisor, such as containers and third- party clouds. Each of these platforms has its own native forwarding plane. For the best user experience, all of the forwarding planes should provide the same behavior, but the disparate implemen- tations make this difficult in practice. As network functions be- come more complex and as NSX supports more forwarding planes, both duplication of effort and undesirable diversity of behavior in- creases. We propose a new approach to building advanced network func- tions in NSX. Under this approach, identical code runs on all of NSX's supported platforms. Applications will run at or near native performance, but with better security and identical cross-platform behavior. We demonstrate this by writing a single application to provide DPI functionality that runs in the fast paths of each of NSX's primary platforms: ESXi, Linux, and Edge gateway appli- ance. We evaluate the performance and correctness of our imple- mentation on the three platforms.","PeriodicalId":7046,"journal":{"name":"ACM SIGOPS Oper. Syst. Rev.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73202503","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shaolin Xie, S. Davidson, Ikuo Magaki, M. Khazraee, Luis Vega, Lu Zhang, M. Taylor
Planet-scale applications are driving the exponential growth of the cloud, and datacenter specialization is the key enabler of this trend, providing order of magnitudes improvements in cost-effectiveness and energy-efficiency. While exascale computing remains a goal for supercomputing, specialized datacenters have emerged and have demonstrated beyond-exascale performance and efficiency in specific domains. This paper generalizes the applications, design methodology, and deployment challenges of the most extreme form of specialized datacenter: ASIC Clouds. It analyzes two game-changing, real-world ASIC Clouds-Bitcoin Cryptocurrency Clouds and Tensor Processing Clouds-discuss their incentives, the empowering technologies and how they benefit from the specialized ASICs. Their business models, architectures and deployment methods are useful for envisioning future potential ASIC Clouds and forecasting how they will transform computing, the economy and society.
{"title":"Extreme Datacenter Specialization for Planet-Scale Computing: ASIC Clouds","authors":"Shaolin Xie, S. Davidson, Ikuo Magaki, M. Khazraee, Luis Vega, Lu Zhang, M. Taylor","doi":"10.1145/3273982.3273991","DOIUrl":"https://doi.org/10.1145/3273982.3273991","url":null,"abstract":"Planet-scale applications are driving the exponential growth of the cloud, and datacenter specialization is the key enabler of this trend, providing order of magnitudes improvements in cost-effectiveness and energy-efficiency. While exascale computing remains a goal for supercomputing, specialized datacenters have emerged and have demonstrated beyond-exascale performance and efficiency in specific domains. This paper generalizes the applications, design methodology, and deployment challenges of the most extreme form of specialized datacenter: ASIC Clouds. It analyzes two game-changing, real-world ASIC Clouds-Bitcoin Cryptocurrency Clouds and Tensor Processing Clouds-discuss their incentives, the empowering technologies and how they benefit from the specialized ASICs. Their business models, architectures and deployment methods are useful for envisioning future potential ASIC Clouds and forecasting how they will transform computing, the economy and society.","PeriodicalId":7046,"journal":{"name":"ACM SIGOPS Oper. Syst. Rev.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74467593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Drumond, Alexandros Daglis, Nooshin Mirzadeh, Dmitrii Ustiugov, Javier Picorel, B. Falsafi, Boris Grot, D. Pnevmatikatos
With mainstream technologies to couple logic tightly with memory on the horizon, near-memory processing has re-emerged as a promising approach to improving performance and energy for data-centric computing. DRAM, however, is primarily designed for density and low cost, with a rigid internal organization that favors coarse-grain streaming rather than byte-level random access. This paper makes the case that treating DRAM as a block-oriented streaming device yields significant efficiency and performance benefits, which motivate for algorithm/architecture co-design to favor streaming access patterns, even at the price of a higher order algorithmic complexity. We present the Mondrian Data Engine that drastically improves the runtime and energy efficiency of basic in-memory analytic operators, despite doing more work as compared to traditional CPU-optimized algorithms, which heavily rely on random accesses and deep cache hierarchies
{"title":"Algorithm/Architecture Co-Design for Near-Memory Processing","authors":"M. Drumond, Alexandros Daglis, Nooshin Mirzadeh, Dmitrii Ustiugov, Javier Picorel, B. Falsafi, Boris Grot, D. Pnevmatikatos","doi":"10.1145/3273982.3273992","DOIUrl":"https://doi.org/10.1145/3273982.3273992","url":null,"abstract":"With mainstream technologies to couple logic tightly with memory on the horizon, near-memory processing has re-emerged as a promising approach to improving performance and energy for data-centric computing. DRAM, however, is primarily designed for density and low cost, with a rigid internal organization that favors coarse-grain streaming rather than byte-level random access. This paper makes the case that treating DRAM as a block-oriented streaming device yields significant efficiency and performance benefits, which motivate for algorithm/architecture co-design to favor streaming access patterns, even at the price of a higher order algorithmic complexity. We present the Mondrian Data Engine that drastically improves the runtime and energy efficiency of basic in-memory analytic operators, despite doing more work as compared to traditional CPU-optimized algorithms, which heavily rely on random accesses and deep cache hierarchies","PeriodicalId":7046,"journal":{"name":"ACM SIGOPS Oper. Syst. Rev.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89827186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In Software Defined Infrastructure (SDI), virtualization techniques are used to decouple applications and higher-level services from their underlying physical compute, storage, and network resources. The approach offers a set of powerful new capabilities (isolation, encapsulation, portability, interposition), including the formation of a software-based, infrastructure-wide control plane for orchestrated management. In this position paper, we identify opportunities for revisiting ongoing cybersecurity challenges using SDI as a powerful new toolset. Benefits of this approach can be broadly utilized in public, private, and hybrid clouds, data centers, enterprise computing, IoT deployments, and more. The discussion motivates the research challenge underlying VMware's partnership with the National Science Foundation to fund novel and foundational research in this area. Known as the NSF/VMware Partnership on Software Defined Infrastructure as a Foundation for Clean-Slate Computing Security (SDI-CSCS), the jointly funded university research program is set to begin in the fall of 2017.
{"title":"Software Defined Infrastructure: Rethinking Cybersecurity with a More Capable Toolset","authors":"David E. Ott","doi":"10.1145/3273982.3273995","DOIUrl":"https://doi.org/10.1145/3273982.3273995","url":null,"abstract":"In Software Defined Infrastructure (SDI), virtualization techniques are used to decouple applications and higher-level services from their underlying physical compute, storage, and network resources. The approach offers a set of powerful new capabilities (isolation, encapsulation, portability, interposition), including the formation of a software-based, infrastructure-wide control plane for orchestrated management. In this position paper, we identify opportunities for revisiting ongoing cybersecurity challenges using SDI as a powerful new toolset. Benefits of this approach can be broadly utilized in public, private, and hybrid clouds, data centers, enterprise computing, IoT deployments, and more. The discussion motivates the research challenge underlying VMware's partnership with the National Science Foundation to fund novel and foundational research in this area. Known as the NSF/VMware Partnership on Software Defined Infrastructure as a Foundation for Clean-Slate Computing Security (SDI-CSCS), the jointly funded university research program is set to begin in the fall of 2017.","PeriodicalId":7046,"journal":{"name":"ACM SIGOPS Oper. Syst. Rev.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88496373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hyper-converged storage is the state-of-the-art for enterprise deployments. VMware's vSAN is the industry leader in this space. This article takes a look at some of vSAN's internal architecture and analysis frameworks to illustrate how modern distributed storage is designed and debugged.
{"title":"vSAN: Modern Distributed Storage","authors":"Bryan Fink, E. Knauft, Gene Zhang","doi":"10.1145/3139645.3139651","DOIUrl":"https://doi.org/10.1145/3139645.3139651","url":null,"abstract":"Hyper-converged storage is the state-of-the-art for enterprise deployments. VMware's vSAN is the industry leader in this space. This article takes a look at some of vSAN's internal architecture and analysis frameworks to illustrate how modern distributed storage is designed and debugged.","PeriodicalId":7046,"journal":{"name":"ACM SIGOPS Oper. Syst. Rev.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74834218","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Medhavi Dhawan, Gurprit Johal, Jim Stabile, Vjekoslav Brajkovic, James Chang, K. Goyal, Kevin James, Zeeshan Lokhandwala, Anny Martínez, Roger Michoud, Maithem Munshed, Srinivas Neginhal, K. Spirov, M. Wei, S. Fritchie, C. Rossbach, Ittai Abraham, D. Malkhi
The NSX R&D team and VMware Research team are using Corfu to build breakthrough, auto-configurable, auto-managed clustering management tools.
{"title":"Consistent Clustered Applications with Corfu","authors":"Medhavi Dhawan, Gurprit Johal, Jim Stabile, Vjekoslav Brajkovic, James Chang, K. Goyal, Kevin James, Zeeshan Lokhandwala, Anny Martínez, Roger Michoud, Maithem Munshed, Srinivas Neginhal, K. Spirov, M. Wei, S. Fritchie, C. Rossbach, Ittai Abraham, D. Malkhi","doi":"10.1145/3139645.3139658","DOIUrl":"https://doi.org/10.1145/3139645.3139658","url":null,"abstract":"The NSX R&D team and VMware Research team are using Corfu to build breakthrough, auto-configurable, auto-managed clustering management tools.","PeriodicalId":7046,"journal":{"name":"ACM SIGOPS Oper. Syst. Rev.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79466854","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sustainability is increasingly important as datacenters continue to consume vast quantities of resources worldwide. VMware is already well-positioned to reduce power consumption by increasing server consolidation, as a recent IDC report attests. However, improved server consolidation is only one piece of the sustainability puzzle, and individual engineers may be hard-pressed to understand how they can individually contribute to improving sustainability. The conventional methods for demonstrating sustainability do not provide a true measure of the amount of impact an individual engineer can make.� In this paper, we explore the sustainability life cycle of our products, not just from the perspective of an end consumer, but also from an internal developer perspective. We take three simple use cases and explore how optimizations can implicitly lead to improved sustainability. From these use cases, we discuss various ways in which sustainability can be quantified. We argue that VMware should start recording and publishing sustainability metrics and use these metrics to help drive customer adoption and help drive internal productivity improvements.
{"title":"Sustainability as a first-class metric for developers and end-users","authors":"V. Soundararajan, Joshua Schnee","doi":"10.1145/3139645.3139655","DOIUrl":"https://doi.org/10.1145/3139645.3139655","url":null,"abstract":"Sustainability is increasingly important as datacenters continue to consume vast quantities of resources worldwide. VMware is already well-positioned to reduce power consumption by increasing server consolidation, as a recent IDC report attests. However, improved server consolidation is only one piece of the sustainability puzzle, and individual engineers may be hard-pressed to understand how they can individually contribute to improving sustainability. The conventional methods for demonstrating sustainability do not provide a true measure of the amount of impact an individual engineer can make.\u0000 In this paper, we explore the sustainability life cycle of our products, not just from the perspective of an end consumer, but also from an internal developer perspective. We take three simple use cases and explore how optimizations can implicitly lead to improved sustainability. From these use cases, we discuss various ways in which sustainability can be quantified. We argue that VMware should start recording and publishing sustainability metrics and use these metrics to help drive customer adoption and help drive internal productivity improvements.","PeriodicalId":7046,"journal":{"name":"ACM SIGOPS Oper. Syst. Rev.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83907003","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: