Presentation is loading. Please wait.

Presentation is loading. Please wait.

School of ComputingJanos Project Processes in KaffeOS: Isolation, Resource Management, and Sharing in Java Godmar Back Wilson HsiehJay Lepreau School of.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "School of ComputingJanos Project Processes in KaffeOS: Isolation, Resource Management, and Sharing in Java Godmar Back Wilson HsiehJay Lepreau School of."— Presentation transcript:

1 School of ComputingJanos Project Processes in KaffeOS: Isolation, Resource Management, and Sharing in Java Godmar Back Wilson HsiehJay Lepreau School of Computing University of Utah

2 School of Computing 2 Motivation l Java Applications –Untrusted code: possibly malicious or buggy –Multiple applications on behalf of multiple users l Efficient use of resources –Resource-constrained environments: “small” systems (handhelds, embedded systems) –Increased scalability

3 School of Computing 3 What is KaffeOS l A Java operating system: –Enhanced JVM that provides operating system functionality l Features: –Separation –Resource management –Direct sharing l Focus on memory (GC) and CPU management l Architectural concepts taken from OS l Mechanisms taken from garbage collection

4 School of Computing 4 - Multiple apps in one JVM - One app per JVM in different OS processes Current Options App 1 App 2 App 3 Base OS JVM App 1 App 2 App 3 JVM Base OS

5 School of Computing 5 Java Operating System App 1 App 2 App 3 App 4 Java OS Base OS + Good separation + Good resource management + Allows some direct sharing

6 School of Computing 6 KaffeOS Design Principles l Process separation l Full reclamation of memory l Precise memory and CPU accounting l Direct sharing l Safe termination of processes l Hierarchical memory management

7 School of Computing 7 Process Separation l Protecting access to a process’s objects –Via Java type safety, via Java name spaces l Define a user/kernel boundary –Protect integrity of kernel –Guarantee safe termination [HotOS ’99] l Separation of resources –Memory, CPU, garbage collection

8 School of Computing 8 Heap Structure (user heaps) user heap kernel heap

9 School of Computing 9 Full Reclamation l Assumption: do not have MMU to unmap memory –Rely on garbage collection to free objects l References can make objects unreclaimable –Define and enforce set of rules for writes that create references l Define heap structure

10 School of Computing 10 Heap Structure (user heaps) user heap kernel heap X

11 School of Computing 11 Enforcing Heap Structure l Certain cross-heap pointers are illegal –User-user pointers are illegal l Use GC “write barrier” to enforce –Check heaps on every write –Throw SegmentationViolationError if illegal l Small cost on legal write (common case) –Microbenchmarks (tight loop, hot cache) »41 cycles without memory overhead »25 cycles with slight memory overhead

12 School of Computing 12 Memory and CPU Accounting l Accurate and complete per-process accounting –Minimize number of objects on kernel heap –Minimize amount of time spent in kernel code l Separate garbage collection –Minimize unaccounted resource use –Avoid priority inversion –Maintain isolation

13 School of Computing 13 Heap Structure (separate GC) user heap kernel heap vx e

14 School of Computing 14 Heap Structure (resolving cycles) user heap kernel heap user heap

15 School of Computing 15 Direct Sharing l As Interprocess Communication Mechanism l Objects may contain pointers to other objects –Preserve Java model l Accounting of shared objects –Sharers are all charged for shared heaps: double charging –Non-double charging does not work l Reclamation –As soon as garbage collector detects that nothing on shared heap is referenced

16 School of Computing 16 Heap Structure (shared heaps) user heap kernel heap shared heap X

17 School of Computing 17 Performance Results l Overhead for well-behaved applications –SpecJVM98 benchmarks: 2-8% l Comparing –IBM JDK 1.1.8 –Base JVM: Kaffe (www.kaffe.org) »Current version: Kaffe00 (June 2000) –KaffeOS with unoptimized write barrier –KaffeOS with optimized write barrier (memory overhead)

18 School of Computing 18 SpecJVM Performance of KaffeOS

19 School of Computing 19 MemHog DoS Scenario l Off-the-shelf Servlet engine –Linux 2.2.x w/ 256MB, Apache 1.3.12, JServ 1.1, JSDK 2.0 l How would we deal with this? –Run 1 servlet per IBM JVM (IBM/1) –Run all servlets on one IBM JVM (IBM/n) –Run each servlet in a KaffeOS process IBM/1IBM/NKaffeOS IBM/1, MemHogIBM/N, MemHogKaffeOS, MemHog

20 School of Computing 20 Service Under DoS Attack

21 School of Computing 21 Related Work l Other Java Operating Systems –J-Kernel/JRes [Hawblitzel ’98, Czajkowski ‘98], Alta [Tullmann ‘99], Java Nucleus [van Doorn ’00] l Java VM extensions –Multiprocess JVM [Balfanz ‘98], IBM [Dillenberger ‘00], Oracle 8i l Java language extensions –Luna [Hawblitzel] –Java Realtime Extensions [Sun ‘00] l Operating Systems –Opal [Chase ‘94] –Pilot [Redell et al. ‘80], Cedar [Swineheart et al. ‘86], –Spin [Bershad ‘95], Inferno [Dorward et al. ‘97]

22 School of Computing 22 Ongoing Work & Open Issues l Running other DoS attacks –GarbageHog: allocate and abandon lots of memory –CPUHog: execute for too long l Create bigger applications that use direct sharing model for IPC l Demonstrate safe termination claim experimentally

23 School of Computing 23 Summary l Java operating systems are necessary to support untrusted Java applications efficiently l KaffeOS –Architectural concepts taken from operating systems –Mechanisms taken from garbage collection »Distributed GC »Write barriers l Big issue: dealing with memory/GC l Resource-based denial-of-service attacks can be stopped

Download ppt "School of ComputingJanos Project Processes in KaffeOS: Isolation, Resource Management, and Sharing in Java Godmar Back Wilson HsiehJay Lepreau School of."

Similar presentations

An Implementation of Mostly- Copying GC on Ruby VM Tomoharu Ugawa The University of Electro-Communications, Japan.

An Implementation of Mostly- Copying GC on Ruby VM Tomoharu Ugawa The University of Electro-Communications, Japan.
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Janos A Java-oriented Active Network Operating System Jay Lepreau, Patrick Tullmann, Kristin Wright Wilson Hsieh, Godmar Back, many more... University.

Janos A Java-oriented Active Network Operating System Jay Lepreau, Patrick Tullmann, Kristin Wright Wilson Hsieh, Godmar Back, many more... University.
Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,

Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science CRAMM: Virtual Memory Support for Garbage-Collected Applications Ting Yang, Emery.

U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science CRAMM: Virtual Memory Support for Garbage-Collected Applications Ting Yang, Emery.
The Alta Operating System Patrick Tullmann Masters Thesis Defense University of Utah.

The Alta Operating System Patrick Tullmann Masters Thesis Defense University of Utah.
User-Level Interprocess Communication for Shared Memory Multiprocessors Bershad, B. N., Anderson, T. E., Lazowska, E.D., and Levy, H. M. Presented by Chris.

User-Level Interprocess Communication for Shared Memory Multiprocessors Bershad, B. N., Anderson, T. E., Lazowska, E.D., and Levy, H. M. Presented by Chris.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
6/12/20011 KaffeOS: Isolation, Resource Management and Sharing in Java Godmar Back School of Computing University of Utah Dissertation Defense.

6/12/20011 KaffeOS: Isolation, Resource Management and Sharing in Java Godmar Back School of Computing University of Utah Dissertation Defense.
Multitasking JVMs Isolates and KaffeOS Presentation by James Rose.

Multitasking JVMs Isolates and KaffeOS Presentation by James Rose.
Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.

Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.
1 Reducing Generational Copy Reserve Overhead with Fallback Compaction Phil McGachey and Antony L. Hosking June 2006.

1 Reducing Generational Copy Reserve Overhead with Fallback Compaction Phil McGachey and Antony L. Hosking June 2006.
1 Janos Patrick Tullmann Flux Research Group University of Utah.

1 Janos Patrick Tullmann Flux Research Group University of Utah.
Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.

Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.
Threads. Processes and Threads  Two characteristics of “processes” as considered so far: Unit of resource allocation Unit of dispatch  Characteristics.

Threads. Processes and Threads  Two characteristics of “processes” as considered so far: Unit of resource allocation Unit of dispatch  Characteristics.
User-Level Interprocess Communication for Shared Memory Multiprocessors Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented.

User-Level Interprocess Communication for Shared Memory Multiprocessors Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented.

Similar presentations

Ads by Google