School of ComputingJanos Project Processes in KaffeOS: Isolation, Resource Management, and Sharing in Java Godmar Back Wilson HsiehJay Lepreau School of.

Slides:

Advertisements

Similar presentations

An Implementation of Mostly- Copying GC on Ruby VM Tomoharu Ugawa The University of Electro-Communications, Japan.

Advertisements

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Janos A Java-oriented Active Network Operating System Jay Lepreau, Patrick Tullmann, Kristin Wright Wilson Hsieh, Godmar Back, many more... University.

Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science CRAMM: Virtual Memory Support for Garbage-Collected Applications Ting Yang, Emery.

The Alta Operating System Patrick Tullmann Masters Thesis Defense University of Utah.

User-Level Interprocess Communication for Shared Memory Multiprocessors Bershad, B. N., Anderson, T. E., Lazowska, E.D., and Levy, H. M. Presented by Chris.

Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

6/12/20011 KaffeOS: Isolation, Resource Management and Sharing in Java Godmar Back School of Computing University of Utah Dissertation Defense.

Multitasking JVMs Isolates and KaffeOS Presentation by James Rose.

Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.

1 Reducing Generational Copy Reserve Overhead with Fallback Compaction Phil McGachey and Antony L. Hosking June 2006.

1 Janos Patrick Tullmann Flux Research Group University of Utah.

Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.

Threads. Processes and Threads  Two characteristics of “processes” as considered so far: Unit of resource allocation Unit of dispatch  Characteristics.

User-Level Interprocess Communication for Shared Memory Multiprocessors Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented.

KaffeOS: Controlling Resources In A Multi-Process Java Virtual Machine Godmar Back.

 Introduction Introduction  Definition of Operating System Definition of Operating System  Abstract View of OperatingSystem Abstract View of OperatingSystem.

Embedded Java Research Geoffrey Beers Peter Jantz December 18, 2001.

Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.

 What is an operating system? What is an operating system?  Where does the OS fit in? Where does the OS fit in?  Services provided by an OS Services.

Silberschatz, Galvin and Gagne ©2009Operating System Concepts – 8 th Edition Chapter 4: Threads.

Overview of implementations openBGP (and openOSPF) –Active development Zebra –Commercialized Quagga –Active development XORP –Hot Gated –Dead/commercialized.

1 Liquid Software Larry Peterson Princeton University John Hartman University of Arizona

February 24, 1998Salt Lake Java SIG Processes In Java Patrick Tullmann Flux Research Group University of Utah.

{ Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Cristiano Giuffrida, Anton Kuijsten & Andrew S.Tanenbaum.

Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Vikram Reddy Enukonda.

Nested Java Processes: OS Structure for Mobile Code Patrick Tullmann & Jay Lepreau September 10, 1998 Flux Project University of Utah

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 1 Automatic Heap Sizing: Taking Real Memory into Account Ting Yang, Emery Berger,

PART II OPERATING SYSTEMS LECTURE 8 SO TAXONOMY Ştefan Stăncescu 1.

Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.

The Mach System Abraham Silberschatz, Peter Baer Galvin, Greg Gagne Presentation By: Agnimitra Roy.

A summary by Nick Rayner for PSU CS533, Spring 2006

The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM

CS533 - Concepts of Operating Systems 1 The Mach System Presented by Catherine Vilhauer.

Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.

Challenges and Solutions for Embedded Java Michael Wortley Computer Integrated Surgery March 1, 2001.

Operating Systems Security

® July 21, 2004GC Summer School1 Cycles to Recycle: Copy GC Without Stopping the World The Sapphire Collector Richard L. Hudson J. Eliot B. Moss Originally.

Unit 4: Processes, Threads & Deadlocks June 2012 Kaplan University 1.

Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

CS533 Concepts of Operating Systems Jonathan Walpole.

Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Lecture #20: Profiling NetBeans Profiler 6.0.

Chapter 4: Threads 羅習五. Chapter 4: Threads Motivation and Overview Multithreading Models Threading Issues Examples – Pthreads – Windows XP Threads – Linux.

DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

NUMA Optimization of Java VM

Eliminating External Fragmentation in a Non-Moving Garbage Collector for Java Author: Fridtjof Siebert, CASES 2000 Michael Sallas Object-Oriented Languages.

Memory Protection: Kernel and User Address Spaces Andy Wang Operating Systems COP 4610 / CGS 5765.

CS 5204 Operating Systems Kernel Structures Godmar Back.

Multitasking without Compromise: a Virtual Machine Evolution

Before You Begin Nahla Abuel-ola /WIT.

Interpreted languages Jakub Yaghob

Memory Protection: Kernel and User Address Spaces

Presentation by Omar Abu-Azzah

Operating System Structure

Concepts of programming languages

Memory Protection: Kernel and User Address Spaces

Memory Protection: Kernel and User Address Spaces

Memory Protection: Kernel and User Address Spaces

The Operating System Memory Manager

CS 5204 Operating Systems Lecture 12

Lecture Topics: 11/1 General Operating System Concepts Processes

CS510 - Portland State University

Memory Protection: Kernel and User Address Spaces

Presentation transcript:

School of ComputingJanos Project Processes in KaffeOS: Isolation, Resource Management, and Sharing in Java Godmar Back Wilson HsiehJay Lepreau School of Computing University of Utah

School of Computing 2 Motivation l Java Applications –Untrusted code: possibly malicious or buggy –Multiple applications on behalf of multiple users l Efficient use of resources –Resource-constrained environments: “small” systems (handhelds, embedded systems) –Increased scalability

School of Computing 3 What is KaffeOS l A Java operating system: –Enhanced JVM that provides operating system functionality l Features: –Separation –Resource management –Direct sharing l Focus on memory (GC) and CPU management l Architectural concepts taken from OS l Mechanisms taken from garbage collection

School of Computing 4 - Multiple apps in one JVM - One app per JVM in different OS processes Current Options App 1 App 2 App 3 Base OS JVM App 1 App 2 App 3 JVM Base OS

School of Computing 5 Java Operating System App 1 App 2 App 3 App 4 Java OS Base OS + Good separation + Good resource management + Allows some direct sharing

School of Computing 6 KaffeOS Design Principles l Process separation l Full reclamation of memory l Precise memory and CPU accounting l Direct sharing l Safe termination of processes l Hierarchical memory management

School of Computing 7 Process Separation l Protecting access to a process’s objects –Via Java type safety, via Java name spaces l Define a user/kernel boundary –Protect integrity of kernel –Guarantee safe termination [HotOS ’99] l Separation of resources –Memory, CPU, garbage collection

School of Computing 8 Heap Structure (user heaps) user heap kernel heap

School of Computing 9 Full Reclamation l Assumption: do not have MMU to unmap memory –Rely on garbage collection to free objects l References can make objects unreclaimable –Define and enforce set of rules for writes that create references l Define heap structure

School of Computing 10 Heap Structure (user heaps) user heap kernel heap X

School of Computing 11 Enforcing Heap Structure l Certain cross-heap pointers are illegal –User-user pointers are illegal l Use GC “write barrier” to enforce –Check heaps on every write –Throw SegmentationViolationError if illegal l Small cost on legal write (common case) –Microbenchmarks (tight loop, hot cache) »41 cycles without memory overhead »25 cycles with slight memory overhead

School of Computing 12 Memory and CPU Accounting l Accurate and complete per-process accounting –Minimize number of objects on kernel heap –Minimize amount of time spent in kernel code l Separate garbage collection –Minimize unaccounted resource use –Avoid priority inversion –Maintain isolation

School of Computing 13 Heap Structure (separate GC) user heap kernel heap vx e

School of Computing 14 Heap Structure (resolving cycles) user heap kernel heap user heap

School of Computing 15 Direct Sharing l As Interprocess Communication Mechanism l Objects may contain pointers to other objects –Preserve Java model l Accounting of shared objects –Sharers are all charged for shared heaps: double charging –Non-double charging does not work l Reclamation –As soon as garbage collector detects that nothing on shared heap is referenced

School of Computing 16 Heap Structure (shared heaps) user heap kernel heap shared heap X

School of Computing 17 Performance Results l Overhead for well-behaved applications –SpecJVM98 benchmarks: 2-8% l Comparing –IBM JDK –Base JVM: Kaffe ( »Current version: Kaffe00 (June 2000) –KaffeOS with unoptimized write barrier –KaffeOS with optimized write barrier (memory overhead)

School of Computing 18 SpecJVM Performance of KaffeOS

School of Computing 19 MemHog DoS Scenario l Off-the-shelf Servlet engine –Linux 2.2.x w/ 256MB, Apache , JServ 1.1, JSDK 2.0 l How would we deal with this? –Run 1 servlet per IBM JVM (IBM/1) –Run all servlets on one IBM JVM (IBM/n) –Run each servlet in a KaffeOS process IBM/1IBM/NKaffeOS IBM/1, MemHogIBM/N, MemHogKaffeOS, MemHog

School of Computing 20 Service Under DoS Attack

School of Computing 21 Related Work l Other Java Operating Systems –J-Kernel/JRes [Hawblitzel ’98, Czajkowski ‘98], Alta [Tullmann ‘99], Java Nucleus [van Doorn ’00] l Java VM extensions –Multiprocess JVM [Balfanz ‘98], IBM [Dillenberger ‘00], Oracle 8i l Java language extensions –Luna [Hawblitzel] –Java Realtime Extensions [Sun ‘00] l Operating Systems –Opal [Chase ‘94] –Pilot [Redell et al. ‘80], Cedar [Swineheart et al. ‘86], –Spin [Bershad ‘95], Inferno [Dorward et al. ‘97]

School of Computing 22 Ongoing Work & Open Issues l Running other DoS attacks –GarbageHog: allocate and abandon lots of memory –CPUHog: execute for too long l Create bigger applications that use direct sharing model for IPC l Demonstrate safe termination claim experimentally

School of Computing 23 Summary l Java operating systems are necessary to support untrusted Java applications efficiently l KaffeOS –Architectural concepts taken from operating systems –Mechanisms taken from garbage collection »Distributed GC »Write barriers l Big issue: dealing with memory/GC l Resource-based denial-of-service attacks can be stopped