1 Hybrid Resource Control for Active Extensions Parveen Patel Jay Lepreau University of Utah.

Slides:



Advertisements
Similar presentations
NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
Advertisements

1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.
Middleware and Management Support for Programmable QoS-Network Architectures Miguel Rio (joint work with Hermann De Meer, Wolfgang Emmerich, Cecilia Mascolo,
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
01/05/2015Leiden Institute of Advanced Computer Science 1 The Open Kernel Environment - spinning Linux - Herbert Bos Bart Samwel
Binary Component Adaptation Ralph Keller and Urs Hölzle Dept. of Computer Science University of California, Santa Barbara 1998.
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Janos A Java-oriented Active Network Operating System Jay Lepreau, Patrick Tullmann, Kristin Wright Wilson Hsieh, Godmar Back, many more... University.
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
Song Han, Xiuming Zhu, Al Mok University of Texas at Austin
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.
4 July 2005 overview Traineeship: Mapping of data structures in multiprocessor systems Nick de Koning
VIA and Its Extension To TCP/IP Network Yingping Lu Based on Paper “Queue Pair IP, …” by Philip Buonadonna.
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)
Attacks on Three Tank System Three Tank System Testing Model-Based Security Features Experimental Platform for Model-Based Design of Embedded Systems Matt.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
G Robert Grimm New York University Extensibility: SPIN and exokernels.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Understanding Linux Kernel to Build Software Routers (Qualitative Discussion) Shiv Kalyanaraman,
9/8/001 Knit: Practical Components for System Software Alastair Reid Flux Research Group University of Utah.
1 Bees: A Secure, Resource-Controlled, Java-Based Execution Environment Tim Stack Eric Eide Jay Lepreau University of Utah April 5, 2003.
Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.
1 Upgrading Transport Protocols using Untrusted Mobile Code Parveen Patel Andrew Whitaker Jay Lepreau David Wetherall Tim Stack (Univ. of Washington) (Univ.
1 TCP Meets Mobile Code Parveen PatelDavid Wetherall Jay Lepreau Andrew Whitaker (Univ. of Utah) (Univ. of Washington)
The Structuring of Systems Using Upcalls David D. Clark 4/26/20111Frank Sliz, CS533, Upcalls.
5 th Biennial Ptolemy Miniconference Berkeley, CA, May 9, 2003 The Component Interaction Domain: Modeling Event-Driven and Demand- Driven Applications.
Router modeling using Ptolemy Xuanming Dong and Amit Mahajan May 15, 2002 EE290N.
BRASS Analysis of QuasiStatic Scheduling Techniques in a Virtualized Reconfigurable Machine Yury Markovskiy, Eylon Caspi, Randy Huang, Joseph Yeh, Michael.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Adaptive CPU Allocation for Software based Router Systems Puneet Zaroo.
Secure Web Applications via Automatic Partitioning Stephen Chong, Jed Liu, Andrew C. Meyers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng. Cornell University.
Integrated Services (RFC 1633) r Architecture for providing QoS guarantees to individual application sessions r Call setup: a session requiring QoS guarantees.
Promile A Management Architecture for Programmable Modular Routers Miguel Rio (joint work with Nicola Pezzi, Luca Zanolin, Hermann De Meer, Wolfgang Emmerich.
SpaceWire-RT Steve Parkes, Albert Ferrer-Florit
LiNK: An Operating System Architecture for Network Processors Steve Muir, Jonathan Smith Princeton University, University of Pennsylvania
Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.
A RISC ARCHITECTURE EXTENDED BY AN EFFICIENT TIGHTLY COUPLED RECONFIGURABLE UNIT Nikolaos Vassiliadis N. Kavvadias, G. Theodoridis, S. Nikolaidis Section.
Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network  perf overhead.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
Access Control for Federation of Emulab-based Network Testbeds Ted Faber, John Wroclawski 28 July 2008
Static Program Analysis of Embedded Software Ramakrishnan Venkitaraman Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.
How to Minimize Transport Protocol Processing: Implementation and Evaluation of Network Level Framing Pål Halvorsen, Thomas Plagemann, and Vera Goebel.
Static Program Analysis of Embedded Software Ramakrishnan Venkitaraman Graduate Student, Computer Science Advisor: Dr. Gopal Gupta
P1394.1/BR050R00March 25th, 1999 Simple Routing Method 1/13 Simple Routing Method application to P Philippe Boucachard
TCP/IP Protocol Suite DHCP The Dynamic Host Configuration Protocol (DHCP) provides static and dynamic address allocation that can be manual or automatic.
LRPC Firefly RPC, Lightweight RPC, Winsock Direct and VIA.
SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.
An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.
Forwarding Programming in Protocol- Oblivious Instruction Set Author : Jingzhou Yu, Xiaozhong Wang, Jian Song, Yuanming Zheng, Haoyu Song Conference: 2014.
March 4, 2008http://csg.csail.mit.edu/arvindDF3-1 Dynamic Dataflow Arvind Computer Science & Artificial Intelligence Lab Massachusetts Institute of Technology.
High-Bandwidth Packet Switching on the Raw General-Purpose Architecture Gleb Chuvpilo Saman Amarasinghe MIT LCS Computer Architecture Group January 9,
CS533 Concepts of Operating Systems Jonathan Walpole.
An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
On-time Network On-Chip: Analysis and Architecture CS252 Project Presentation Dai Bui.
BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,
InterVLAN Routing 1. InterVLAN Routing 2. Multilayer Switching.
CSCE 548 Secure Software Development Risk-Based Security Testing
SwitchWare Active Network Architecture
Zueyong Zhu† and J. William Atwood‡
Type Checking, and Scopes
ANTS Goals Today’s networks lack flexibility …
On-time Network On-chip
Integrating Active Networking and Commercial-Grade Routing Platforms
Object Oriented Design
Presentation transcript:

1 Hybrid Resource Control for Active Extensions Parveen Patel Jay Lepreau University of Utah

2 The Problem Resource-greedy active code Resource control of untrusted code  CPU, memory, network bandwidth Context: Active Extensions  Code downloaded via the control channel  Examples: Application Layer Gateways, Multicast scoping agents

3 Current Solution #1: Dynamic “Sandbox” the active code Run-time checks in the critical path Asynchronous termination  Requires checks at the “user-kernel” boundary to protect integrity of the “kernel” code Flexible Examples: Janos, Smart Packets, RCANE, OKE Corral

4 Current Solution #2: Static Analysis Constrained programming model bounds resource consumption Admission control == Resource control Examples: PLAN, SNAP, PCC Issue: Existing work does not yet address the problem with pessimistic estimates, valid code gets rejected.

5 Current Solutions - Summary dynamic checking dynamic checking  run-time overhead  asynchronous termination static checking is very conservative static checking is very conservative

6 Hybrid Resource Control #1 Static checking  Constrained programming model to bound the resources and guarantee termination  Static analysis rejects resource greedy code from the “kernel” fast-path environment  Liberal resource limits

7 Hybrid resource control #2 Dynamic resource accounting  Detects misbehavior  Misbehaving code is detected and unloaded only when idle (between packets)  Limits overall resource consumption

8 Poll points Extension could cause packet drops at device input queue Split the active extension code and poll network interfaces Adds some runtime cost

9 Merits of Hybrid Resource Control No asynchronous termination  Implies no runtime checks at the “user-kernel” boundary Reduced runtime overhead  Runtime accounting checks are inexpensive Flexibility via “poll points” DoS prevention

10 Outline Prototype: resource bounded Click or RBClick  Building blocks  The big picture  Preliminary evaluation

11 Cyclone Cyclone: typesafe C-like language from Cornell and AT&T  Region-based memory management  control over data-representation  Easy to interface with C  Namespaces

12 Resource-bounded Cyclone Namespace control Restricted programming constructs (bounded loops) Memory management via 4 distinct dynamic regions  Per-packet  Packet-cache  Inter-packet  Global memory

13 Click Modular router toolkit from MIT Data-flow programming model Has an increasingly large base of router extensions FromDeviceClassifier ToDeviceARPResponder CounterDrop

14 Prototype: Architecture An active extension is a special Click graph  Mix of trusted and untrusted elements  Statically analyzed Admitted to kernel fast-path

15 An Active Extension Untrusted RBCyclone Element D Trusted C++ Element C AB E

16 The big picture D C AB E Code Analysis Tool Element Resource bounds

17 The big picture D C AB E Graph Analysis Tool Overall Resource bounds Element Resource bounds C AB E D P Poll Element

18 Loop configuration D C AB E Graph Analysis Tool Overall Resource bounds Element Resource bounds C AB E D L Loop Element

19 Evaluation Flexibility of programming model Experimental performance gains

20 Classification of Click elements Categorized all 234 Click v1.2.1 elements into 7 different classes based on their resource use  E1 - Constant resource consumption  E2 - ~ length of the packet  E3 - ~ length of some protocol header  E4 - ~ length of element configuration  E5 - ~ some value in the configuration of an element.  E6 - ~ field in a protocol header  E7 - Potentially unbounded

21 Evaluation: flexibility Results:  88% resource-bounded  The rest can be easily rewritten to be bounded Demonstrates that RBClick can reuse a rich set of Click elements Strongly suggests that RBCyclone programming model is sufficiently expressive

22 Prototype Context Janos

23 Evaluation – experiment configurations

24 Evaluation: performance

25 Conclusion Hybrid resource control  Static analysis reduces runtime overhead  Dynamic accounting allows liberal admission control RBCyclone is expressive and practical (“tastes great”) RBClick doubles forwarding rate in Janos (“less filling”)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.