capabilities in sel4
play

Capabilities in seL4 Types of Authority Resource Management - PowerPoint PPT Presentation

Jul 24, 2023 •220 likes •1.41k views

Capabilities in seL4 David Cock Background Microkernel Systems seL4 & Barrelfish Authorisation and Delegation Capabilities in seL4 Types of Authority Resource Management Implementation Model Representation David Cock Operations

  1. � � � � � � � � � Capabilities in seL4 CSpaces and Authority David Cock thread 1 Background Microkernel Systems seL4 & Barrelfish CSpace CSpace CSpace Authorisation and Delegation VSpace cap Frame cap � Page Table cap Types of Authority Resource Management Implementation − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − Model Representation Operations Page Table VSpace Frame Usage & Results The seL4 Proofs Applications Questions thread 2 • CSpaces hold caps: explicit authority . 8 / 32

  2. � � � � � � � � � � � � Capabilities in seL4 CSpaces and Authority David Cock thread 1 Background Microkernel Systems seL4 & Barrelfish CSpace CSpace CSpace Authorisation and Delegation VSpace cap Frame cap � Page Table cap Types of Authority Resource Management KOP KOP KOP Implementation − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − Model Representation Operations Page Table VSpace Frame Usage & Results The seL4 Proofs Applications Questions thread 2 • CSpaces hold caps: explicit authority . 8 / 32

  3. � � � � � � � � � � � � Capabilities in seL4 CSpaces and Authority David Cock thread 1 Background Microkernel Systems seL4 & Barrelfish CSpace CSpace CSpace Authorisation and Delegation VSpace cap Frame cap � Page Table cap Types of Authority Resource Management KOP KOP KOP Implementation − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − Model Representation Operations Page Table VSpace Frame Usage & Results 1 1 1 The seL4 Proofs Applications Questions thread 2 • CSpaces hold caps: explicit authority . 8 / 32

  4. � � � � � � � � � � � � � Capabilities in seL4 CSpaces and Authority David Cock thread 1 Background Microkernel Systems seL4 & Barrelfish CSpace CSpace CSpace Authorisation and Delegation VSpace cap Frame cap � Page Table cap Types of Authority Resource Management KOP KOP KOP Implementation − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − Model Representation Operations Page Table VSpace Frame Usage & Results 1 1 1 The seL4 Proofs VSpace Applications Questions thread 2 • CSpaces hold caps: explicit authority . 8 / 32

  5. � � � � � � � � � � � � � � � Capabilities in seL4 CSpaces and Authority David Cock thread 1 Background Microkernel Systems seL4 & Barrelfish CSpace CSpace CSpace Authorisation and Delegation VSpace cap Frame cap � Page Table cap Types of Authority Resource Management KOP KOP KOP Implementation − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − Model Representation HW HW Operations Page Table VSpace Frame Usage & Results 1 1 1 The seL4 Proofs VSpace Applications Questions thread 2 • CSpaces hold caps: explicit authority . 8 / 32

  6. � � � � � � � � � � � � � � � � Capabilities in seL4 CSpaces and Authority David Cock thread 1 Background Microkernel Systems seL4 & Barrelfish CSpace CSpace CSpace Authorisation and Delegation VSpace cap Frame cap � Page Table cap Types of Authority Resource Management KOP KOP KOP Implementation − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − Model Representation HW HW Operations Page Table VSpace Frame Usage & Results 1 ,2 1 1 The seL4 Proofs VSpace R/W Applications Questions thread 2 • CSpaces hold caps: explicit authority . • HW gives implicit authority e.g. read/write. 8 / 32

  7. � � � � � � � � � � � � � � � � Capabilities in seL4 CSpaces and Authority David Cock thread 1 Background Microkernel Systems seL4 & Barrelfish CSpace CSpace CSpace Authorisation and Delegation VSpace cap Frame cap � Page Table cap Types of Authority Resource Management KOP KOP KOP Implementation − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − Model Representation HW HW Operations Page Table VSpace Frame Usage & Results 1 ,2 1 1 The seL4 Proofs VSpace R/W Applications Questions thread 2 • CSpaces hold caps: explicit authority . • HW gives implicit authority e.g. read/write. • implicit authority � explicit authority. 8 / 32

  8. Capabilities in seL4 Kernel Resource Allocation David Cock Background Microkernel Systems seL4 & Barrelfish Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation Operations Usage & Results Traditional kernels, including L4, allocate resources for The seL4 Proofs Applications clients: Scheduling queues, IPC queues, .... Questions 9 / 32

  9. Capabilities in seL4 Kernel Resource Allocation David Cock Background Microkernel Systems seL4 & Barrelfish Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation Operations Usage & Results Traditional kernels, including L4, allocate resources for The seL4 Proofs Applications clients: Scheduling queues, IPC queues, .... Questions • Threads compete for shared resources. • Hard to account to threads. • Allocation policy in the kernel. 9 / 32

  10. Capabilities in seL4 Retyping David Cock Background Microkernel Systems A seL4 & Barrelfish RAM 0–127 Authorisation and Delegation grant B grant C Types of Authority Resource Management B C RAM 0–63 RAM 64–127 Implementation Model Representation Operations C B B Usage & Results Frame EP Thread The seL4 Proofs Applications Questions • Resource manager A retypes (splits) a RAM object. 10 / 32

  11. Capabilities in seL4 Retyping David Cock Background Microkernel Systems A seL4 & Barrelfish RAM 0–127 Authorisation and Delegation grant B grant C Types of Authority Resource Management B C RAM 0–63 RAM 64–127 Implementation Model Representation Operations C B B Usage & Results Frame EP Thread The seL4 Proofs Applications Questions • Resource manager A retypes (splits) a RAM object. • A grants new caps to mutually untrusting B & C . 10 / 32

  12. Capabilities in seL4 Retyping David Cock Background Microkernel Systems A seL4 & Barrelfish RAM 0–127 Authorisation and Delegation grant B grant C Types of Authority Resource Management B C RAM 0–63 RAM 64–127 Implementation Model Representation Operations C B B Usage & Results Frame EP Thread The seL4 Proofs Applications Questions • Resource manager A retypes (splits) a RAM object. • A grants new caps to mutually untrusting B & C . • B & C now have partioned resources. 10 / 32

  13. Capabilities in seL4 Retyping David Cock Background Microkernel Systems A seL4 & Barrelfish RAM 0–127 Authorisation and Delegation grant B grant C Types of Authority Resource Management B C RAM 0–63 RAM 64–127 Implementation Model Representation Operations C B B Usage & Results Frame EP Thread The seL4 Proofs Applications Questions • Resource manager A retypes (splits) a RAM object. • A grants new caps to mutually untrusting B & C . • B & C now have partioned resources. • They can perform further retyping themselves. 10 / 32

  14. Capabilities in seL4 Retyping David Cock Background Microkernel Systems A seL4 & Barrelfish RAM 0–127 Authorisation and Delegation grant B grant C Types of Authority Resource Management B C RAM 0–63 RAM 64–127 Implementation Model Representation Operations C B B Usage & Results Frame EP Thread The seL4 Proofs Applications Questions • Resource manager A retypes (splits) a RAM object. • A grants new caps to mutually untrusting B & C . • B & C now have partioned resources. • They can perform further retyping themselves. • All kernel & user resources are allocated thusly. 10 / 32

  15. Capabilities in seL4 The Authority Database Model David Cock Background Microkernel Systems seL4 & Barrelfish The kernel maintains a database of valid capabilities, with Authorisation and Delegation requirements: Types of Authority Resource Management Atomicity Users (subjects) always see a consistent state. Implementation Model Performance Cap lookup is on the critical path. Representation Operations No Allocation Bookkeeping must be stored somewhere. Usage & Results The seL4 Proofs Applications Questions I will describe the seL4/sequential case. Simon will discuss the Barrelfish/concurrent case. 11 / 32

  16. Capabilities in seL4 CNodes David Cock Background Microkernel Systems seL4 & Barrelfish Authorisation and Delegation Types of Authority Resource Management Implementation Model . Representation Operations Usage & Results The seL4 Proofs Applications • CNodes objects store caps and bookkeeping. Questions 12 / 32

  17. Capabilities in seL4 CNodes David Cock CRoot Background Microkernel Systems seL4 & Barrelfish Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation . Operations Usage & Results The seL4 Proofs Applications • CNodes objects store caps and bookkeeping. Questions • A CSpace is all caps reachable from a CRoot. 12 / 32

  18. Capabilities in seL4 CNodes David Cock CRoot Background Microkernel Systems seL4 & Barrelfish RAM Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation . Operations Usage & Results The seL4 Proofs Applications • CNodes objects store caps and bookkeeping. Questions • A CSpace is all caps reachable from a CRoot. 12 / 32

  19. Capabilities in seL4 CNodes David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode RAM CNode Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation . Operations Usage & Results The seL4 Proofs Applications • CNodes objects store caps and bookkeeping. Questions • A CSpace is all caps reachable from a CRoot. • CNodes are themselves managed with caps. 12 / 32

  20. Capabilities in seL4 CNodes David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode RAM CNode Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation . Operations Usage & Results The seL4 Proofs Applications • CNodes objects store caps and bookkeeping. Questions • A CSpace is all caps reachable from a CRoot. • CNodes are themselves managed with caps. 12 / 32

  21. Capabilities in seL4 CNodes David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode RAM CNode Authorisation and Delegation Types of Authority EP RAM Resource Management Implementation Model Frame Thread Representation . Operations Usage & Results The seL4 Proofs Applications • CNodes objects store caps and bookkeeping. Questions • A CSpace is all caps reachable from a CRoot. • CNodes are themselves managed with caps. 12 / 32

  22. Capabilities in seL4 CNodes David Cock CRoot Background Microkernel Systems 00 01 10 seL4 & Barrelfish CNode RAM CNode Authorisation and Delegation 00 01 Types of Authority EP RAM Resource Management Implementation 00 10 Model Frame Thread Representation . Operations Usage & Results The seL4 Proofs Applications • CNodes objects store caps and bookkeeping. Questions • A CSpace is all caps reachable from a CRoot. • CNodes are themselves managed with caps. • What’s at 1000 ? 12 / 32

  23. Capabilities in seL4 CNodes David Cock CRoot Background Microkernel Systems 00 01 10 seL4 & Barrelfish CNode RAM CNode Authorisation and Delegation 00 01 Types of Authority EP RAM Resource Management Implementation 00 10 Model Frame Thread Representation . Operations Usage & Results The seL4 Proofs Applications • CNodes objects store caps and bookkeeping. Questions • A CSpace is all caps reachable from a CRoot. • CNodes are themselves managed with caps. • What’s at 1000 ? 12 / 32

  24. Capabilities in seL4 CNodes David Cock CRoot Background Microkernel Systems 00 01 10 seL4 & Barrelfish CNode RAM CNode Authorisation and Delegation 00 01 Types of Authority EP RAM Resource Management Implementation 00 10 Model Frame Thread Representation . Operations Usage & Results The seL4 Proofs Applications • CNodes objects store caps and bookkeeping. Questions • A CSpace is all caps reachable from a CRoot. • CNodes are themselves managed with caps. • What’s at 1000 ? An endpoint. 12 / 32

  25. Capabilities in seL4 CNodes David Cock CRoot Background Microkernel Systems 00 01 10 seL4 & Barrelfish CNode RAM CNode Authorisation and Delegation 00 01 11 Types of Authority EP RAM CNode Resource Management Implementation 00 10 Model Frame Thread Representation . Operations Usage & Results The seL4 Proofs Applications • CNodes objects store caps and bookkeeping. Questions • A CSpace is all caps reachable from a CRoot. • CNodes are themselves managed with caps. • What’s at 1000 ? An endpoint. • CSpaces may have cycles, but finite effective depth. 12 / 32

  26. Capabilities in seL4 CNodes David Cock CRoot Background Microkernel Systems 00 01 10 seL4 & Barrelfish CNode RAM CNode Authorisation and Delegation 00 01 11 Types of Authority EP RAM CNode Resource Management Implementation 00 10 Model Frame Thread Representation . Operations Usage & Results The seL4 Proofs Applications • CNodes objects store caps and bookkeeping. Questions • A CSpace is all caps reachable from a CRoot. • CNodes are themselves managed with caps. • What’s at 1000 ? An endpoint. • CSpaces may have cycles, but finite effective depth. • Every invocation is an authority DB query . 12 / 32

  27. Capabilities in seL4 Cap Operations David Cock Background These mutate the authority DB: Microkernel Systems seL4 & Barrelfish Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation Operations Usage & Results The seL4 Proofs Applications Questions 13 / 32

  28. Capabilities in seL4 Cap Operations David Cock Background These mutate the authority DB: Microkernel Systems seL4 & Barrelfish Mint/Retype Derive new sub-objects, and caps to them. Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation Operations Usage & Results The seL4 Proofs Applications Questions 13 / 32

  29. Capabilities in seL4 Cap Operations David Cock Background These mutate the authority DB: Microkernel Systems seL4 & Barrelfish Mint/Retype Derive new sub-objects, and caps to them. Authorisation and Delegation Copy Create a new cap to an object. The old and Types of Authority new caps are (mostly) indistinguishable. Resource Management Implementation Model Representation Operations Usage & Results The seL4 Proofs Applications Questions 13 / 32

  30. Capabilities in seL4 Cap Operations David Cock Background These mutate the authority DB: Microkernel Systems seL4 & Barrelfish Mint/Retype Derive new sub-objects, and caps to them. Authorisation and Delegation Copy Create a new cap to an object. The old and Types of Authority new caps are (mostly) indistinguishable. Resource Management Implementation Move Move caps within or between CNodes. Model Representation Operations Usage & Results The seL4 Proofs Applications Questions 13 / 32

  31. Capabilities in seL4 Cap Operations David Cock Background These mutate the authority DB: Microkernel Systems seL4 & Barrelfish Mint/Retype Derive new sub-objects, and caps to them. Authorisation and Delegation Copy Create a new cap to an object. The old and Types of Authority new caps are (mostly) indistinguishable. Resource Management Implementation Move Move caps within or between CNodes. Model Representation Delete Remove the cap. Destroy the object once the Operations last cap is gone. Usage & Results The seL4 Proofs Applications Questions 13 / 32

  32. Capabilities in seL4 Cap Operations David Cock Background These mutate the authority DB: Microkernel Systems seL4 & Barrelfish Mint/Retype Derive new sub-objects, and caps to them. Authorisation and Delegation Copy Create a new cap to an object. The old and Types of Authority new caps are (mostly) indistinguishable. Resource Management Implementation Move Move caps within or between CNodes. Model Representation Delete Remove the cap. Destroy the object once the Operations last cap is gone. Usage & Results The seL4 Proofs Applications Revoke Destroy all objects derived (via retype) from Questions this one. 13 / 32

  33. Capabilities in seL4 Cap Operations David Cock Background These mutate the authority DB: Microkernel Systems seL4 & Barrelfish Mint/Retype Derive new sub-objects, and caps to them. Authorisation and Delegation Copy Create a new cap to an object. The old and Types of Authority new caps are (mostly) indistinguishable. Resource Management Implementation Move Move caps within or between CNodes. Model Representation Delete Remove the cap. Destroy the object once the Operations last cap is gone. Usage & Results The seL4 Proofs Applications Revoke Destroy all objects derived (via retype) from Questions this one. Delete and Revoke call each other, and are long-running. 13 / 32

  34. Capabilities in seL4 Cap Operations David Cock Background These mutate the authority DB: Microkernel Systems seL4 & Barrelfish Mint/Retype Derive new sub-objects, and caps to them. Authorisation and Delegation Copy Create a new cap to an object. The old and Types of Authority new caps are (mostly) indistinguishable. Resource Management Implementation Move Move caps within or between CNodes. Model Representation Delete Remove the cap. Destroy the object once the Operations last cap is gone. Usage & Results The seL4 Proofs Applications Revoke Destroy all objects derived (via retype) from Questions this one. Delete and Revoke call each other, and are long-running. The recursion is not atomic — Preemptible on seL4, done in a user-level monitor on Barrelfish. 13 / 32

  35. � Capabilities in seL4 Retype David Cock CRoot Background Microkernel Systems seL4 & Barrelfish RAM 1 Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation Operations Usage & Results . RAM 1 CRoot The seL4 Proofs Applications RAM 1 Questions 14 / 32

  36. � � � � � � � Capabilities in seL4 Retype David Cock CRoot Background Microkernel Systems seL4 & Barrelfish RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation Operations Usage & Results . RAM 1 CRoot The seL4 Proofs Applications RAM 1 RAM 2 RAM 3 RAM 2 RAM 3 Questions RAM caps may be split. 14 / 32

  37. � � � � � � � � � � Capabilities in seL4 Retype David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation Operations Usage & Results . RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 2 RAM 3 RAM 2 RAM 3 Questions CNode 1 CNodes are created like other objects. 14 / 32

  38. � � � � � � � � � � � � � � � � Capabilities in seL4 Retype David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model Frame 1 Frame 2 Representation Operations Usage & Results . RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 2 RAM 3 RAM 2 RAM 3 Questions Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 RAM must become Frames before being mapped. 14 / 32

  39. � � � � � � � � � � � � � � � � Capabilities in seL4 Move David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model Frame 1 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 2 RAM 3 RAM 2 RAM 3 Questions Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 15 / 32

  40. � � � � � � � � � � � � � � � � Capabilities in seL4 Move David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model Frame 1 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 2 RAM 3 RAM 2 RAM 3 Questions Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 Moving within CNode doesn’t affect trees. 15 / 32

  41. � � � � � � � � � � � � � � � � Capabilities in seL4 Move David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Frame 1 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 Moving between affects CSpace but not ancestry. 15 / 32

  42. � � � � � � � � � � � � � � � � Capabilities in seL4 Copy David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Frame 1 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 16 / 32

  43. � � � � � � � � � � � � � � � � � � � Capabilities in seL4 Copy David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Frame 1 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 16 / 32

  44. � � � � � � � � � � � � � � � � � � � � Capabilities in seL4 Copy David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Frame 1 Frame 2 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions 2 RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 Copies make the CSpace a proper DAG. 16 / 32

  45. � � � � � � � � � � � � � � � � � � � � Capabilities in seL4 Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Frame 1 Frame 2 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions 2 RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 17 / 32

  46. � � � � � � � � � � � � � � � � � � � � Capabilities in seL4 Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Frame 1 Frame 2 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions 2 RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 Deleting non-final leaf caps is easy. 17 / 32

  47. � � � � � � � � � � � � � � � � � � � Capabilities in seL4 Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Frame 1 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 Deleting non-final leaf caps is easy. 17 / 32

  48. � � � � � � � � � � � � � � � � � � � Capabilities in seL4 Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Frame 1 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 Deleting the last cap deletes the object. 17 / 32

  49. � � � � � � � � � � � � � � � � Capabilities in seL4 Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions RAM 2 Frame 2 CNode 1 Frame 2 Deleting the last cap deletes the object. 17 / 32

  50. � � � � � � � � � � � � � � � � Capabilities in seL4 Revoke David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions RAM 2 Frame 2 CNode 1 Frame 2 Revoke walks the ancestry tree. 18 / 32

  51. � � � � � � � � � � � � � � � � Capabilities in seL4 Revoke David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions RAM 2 Frame 2 CNode 1 Frame 2 Mark RAM 3 for revocation. 18 / 32

  52. � � � � � � � � � � � � � � � � Capabilities in seL4 Revoke David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Frame 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions RAM 2 Frame 2 CNode 1 Frame 2 Mark its descendents for deletion. 18 / 32

  53. � � � � � � � � � � � � � Capabilities in seL4 Revoke David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions RAM 2 CNode 1 Delete them. 18 / 32

  54. � � � � � � � � � � � � � Capabilities in seL4 Revoke David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 RAM 3 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Questions RAM 2 CNode 1 The root can now be deleted, if required. 18 / 32

  55. � � � � � � � � � � Capabilities in seL4 Revoke David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 2 Questions RAM 2 CNode 1 18 / 32

  56. � � � � � � � � � � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 1 RAM 2 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 1 RAM 2 Questions RAM 2 CNode 1 Move RAM 1 . 19 / 32

  57. � � � � � � � � � � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 2 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 RAM 1 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 2 Questions RAM 2 RAM 1 CNode 1 There’s now a loop, with links in both trees. 19 / 32

  58. � � � � � � � � � � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 2 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 RAM 1 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 2 Questions RAM 2 RAM 1 CNode 1 Let’s revoke RAM 2 , a child . 19 / 32

  59. � � � � � � � � � � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 2 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 RAM 1 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 2 Questions RAM 2 RAM 1 CNode 1 Mark its descendents for deletion. 19 / 32

  60. � � � � � � � � � � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 2 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 RAM 1 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 2 Questions RAM 2 RAM 1 CNode 1 Deleting a CNode first deletes (revokes) its contents. 19 / 32

  61. � � � � � � � � � � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 2 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 2 RAM 1 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 2 Questions RAM 2 RAM 1 CNode 1 Revoking RAM 2 deletes RAM 1 . 19 / 32

  62. � � � � � � � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 2 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 1 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 2 Questions RAM 2 RAM 1 CNode 1 Delete starts bottom up. This RAM 2 cap is safe to delete. 19 / 32

  63. � � � � � � � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 RAM 2 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 1 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 RAM 2 Questions RAM 2 RAM 1 CNode 1 19 / 32

  64. � � � � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 1 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 Questions CNode 1 RAM 1 When RAM 2 is destroyed, RAM 1 adopts children. Now we’ve got an irreducible cycle. 19 / 32

  65. � � � � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 Authorisation and Delegation Types of Authority Resource Management Implementation Model RAM 1 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 Questions CNode 1 RAM 1 RAM 1 ’s revoke is finished, now delete it, but how? 19 / 32

  66. � � � � � � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish CNode 1 Authorisation and Delegation Types of Authority Resource Management swap Implementation Model RAM 1 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications CNode 1 Questions CNode 1 RAM 1 In seL4, we swap the last two caps. 19 / 32

  67. � � � � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish RAM 1 Authorisation and Delegation Types of Authority Resource Management Implementation Model CNode 1 Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications RAM 1 Questions CNode 1 CNode 1 CNode 1 can now safely be deleted. 19 / 32

  68. � Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish RAM 1 Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation . Operations Usage & Results RAM 1 CRoot The seL4 Proofs Applications RAM 1 Questions Finally, RAM 1 goes too. 19 / 32

  69. Capabilities in seL4 Recursive Revoke & Delete David Cock CRoot Background Microkernel Systems seL4 & Barrelfish Authorisation and Delegation Types of Authority Resource Management Implementation Model Representation . Operations Usage & Results CRoot The seL4 Proofs Applications Questions This process accidentally destroyed its whole world. 19 / 32

  70. � � � � � � � � � � � � Capabilities in seL4 Invariants David Cock In seL4 Background Microkernel Systems seL4 & Barrelfish Authorisation and RAM 1 CRoot Delegation Types of Authority CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Resource Management Implementation 2 RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 Model Representation Operations Usage & Results The seL4 Proofs Applications Questions 20 / 32

  71. � � � � � � � � � � � � Capabilities in seL4 Invariants David Cock In seL4 Background Microkernel Systems seL4 & Barrelfish Authorisation and RAM 1 CRoot Delegation Types of Authority CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Resource Management Implementation 2 RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 Model Representation Operations Usage & Results The seL4 Proofs • Ancestry is a tree (forest). Applications Questions 20 / 32

  72. � � � � � � � � � � � � Capabilities in seL4 Invariants David Cock In seL4 Background Microkernel Systems seL4 & Barrelfish Authorisation and RAM 1 CRoot Delegation Types of Authority CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Resource Management Implementation 2 RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 Model Representation Operations Usage & Results The seL4 Proofs • Ancestry is a tree (forest). Applications Questions • ∃ Object → ∃ Cap. 20 / 32

  73. � � � � � � � � � � � � Capabilities in seL4 Invariants David Cock In seL4 Background Microkernel Systems seL4 & Barrelfish Authorisation and RAM 1 CRoot Delegation Types of Authority CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Resource Management Implementation 2 RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 Model Representation Operations Usage & Results The seL4 Proofs • Ancestry is a tree (forest). Applications Questions • ∃ Object → ∃ Cap. • Barrelfish is not identical. 20 / 32

  74. � � � � � � � � � � � � Capabilities in seL4 Invariants David Cock In seL4 Background Microkernel Systems seL4 & Barrelfish Authorisation and RAM 1 CRoot Delegation Types of Authority CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Resource Management Implementation 2 RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 Model Representation Operations Usage & Results The seL4 Proofs • Ancestry is a tree (forest). Applications Questions • ∃ Object → ∃ Cap. • Barrelfish is not identical. We’re not sure exactly how yet. 20 / 32

  75. � � � � � � � � � � � � Capabilities in seL4 Invariants David Cock In seL4 Background Microkernel Systems seL4 & Barrelfish Authorisation and RAM 1 CRoot Delegation Types of Authority CNode 1 RAM 1 RAM 3 RAM 2 RAM 3 Resource Management Implementation 2 RAM 2 Frame 1 Frame 2 CNode 1 Frame 1 Frame 2 Model Representation Operations Usage & Results The seL4 Proofs • Ancestry is a tree (forest). Applications Questions • ∃ Object → ∃ Cap. • Barrelfish is not identical. We’re not sure exactly how yet. We’d really like to. 20 / 32

  76. Capabilities in seL4 Results David Cock Background Microkernel Systems seL4 & Barrelfish Authorisation and Delegation We know quite a bit already (in the Types of Authority Resource Management context of seL4). Implementation • Implementation proof. Model Representation Operations • Integrity proof. Usage & Results • Confidentiality proof. The seL4 Proofs Applications • Applications of user-level Questions allocation. 21 / 32

  77. Capabilities in seL4 The System is Correctly Implemented David Cock Background Microkernel Systems seL4 & Barrelfish Access Control Spec Access Control Spec Confinement Authorisation and Delegation Types of Authority Resource Management Implementation Specification Model Representation Operations Usage & Results The seL4 Proofs Applications Haskell Design Questions Prototype C Code 22 / 32

  78. Capabilities in seL4 The System is Correctly Implemented David Cock Background Microkernel Systems seL4 & Barrelfish Authorisation and Delegation Types of Authority Resource Management Implementation Model The abstract spec is all that matters now! Representation Operations Usage & Results The seL4 Proofs Applications Questions 23 / 32

  79. Capabilities in seL4 Authority Confinement David Cock Background Microkernel Systems T seL4 & Barrelfish A B Send Send Authorisation and Send UNIV UNIV Delegation AEP 1 AEP 2 AEP 3 Types of Authority Read, Resource Management Write Recv Recv Recv Implementation Send Recv UNIV CTR EP RM R Model Representation Read, UNIV Read, Operations Write Write Usage & Results C D The seL4 Proofs Applications Questions Figure: The Secure Access Controller seL4 implements the take-grant model: 24 / 32

  80. Capabilities in seL4 Authority Confinement David Cock Background Microkernel Systems T seL4 & Barrelfish A B Send Send Authorisation and Send UNIV UNIV Delegation AEP 1 AEP 2 AEP 3 Types of Authority Read, Resource Management Write Recv Recv Recv Implementation Send Recv UNIV CTR EP RM R Model Representation Read, UNIV Read, Operations Write Write Usage & Results C D The seL4 Proofs Applications Questions Figure: The Secure Access Controller seL4 implements the take-grant model: Confinement Authority (caps) only flows along edges. 24 / 32

  81. Capabilities in seL4 Authority Confinement David Cock Background Microkernel Systems T seL4 & Barrelfish A B Send Send Authorisation and Send UNIV UNIV Delegation AEP 1 AEP 2 AEP 3 Types of Authority Read, Resource Management Write Recv Recv Recv Implementation Send Recv UNIV CTR EP RM R Model Representation Read, UNIV Read, Operations Write Write Usage & Results C D The seL4 Proofs Applications Questions Figure: The Secure Access Controller seL4 implements the take-grant model: Confinement Authority (caps) only flows along edges. Integrity Objects only modified via (transient) authority. 24 / 32

  82. Capabilities in seL4 Information Flow David Cock Background Microkernel Systems seL4 & Barrelfish Authorisation and Page PD Thread Delegation Thread PD PT Types of Authority Resource Management R SPage PT RW Implementation Thread CNode Model AsyncSend AEP CNode Recv Representation Partition 1 Partition 2 Operations Usage & Results The seL4 Proofs Applications Questions seL4 enforces information flow policy: 25 / 32

  83. Capabilities in seL4 Information Flow David Cock Background Microkernel Systems seL4 & Barrelfish Authorisation and Page PD Thread Delegation Thread PD PT Types of Authority Resource Management R SPage PT RW Implementation Thread CNode Model AsyncSend AEP CNode Recv Representation Partition 1 Partition 2 Operations Usage & Results The seL4 Proofs Applications Questions seL4 enforces information flow policy: • Builds on integrity proof. 25 / 32

  84. Capabilities in seL4 Information Flow David Cock Background Microkernel Systems seL4 & Barrelfish Authorisation and Page PD Thread Delegation Thread PD PT Types of Authority Resource Management R SPage PT RW Implementation Thread CNode Model AsyncSend AEP CNode Recv Representation Partition 1 Partition 2 Operations Usage & Results The seL4 Proofs Applications Questions seL4 enforces information flow policy: • Builds on integrity proof. • No flow via kernel mechanisms e.g. scheduler. 25 / 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser |

Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser |

Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser LCA, Gold Coast, QLD, 2020-01-15 https://trustworthy.systems What is seL4? A 30-Year Dream 3 | LCA |

886 views • 36 slides
Building Trustworthy Systems on seL4 Ihor Kuz seL4 Summit:

Building Trustworthy Systems on seL4 Ihor Kuz seL4 Summit:

Building Trustworthy Systems on seL4 Ihor Kuz seL4 Summit: 25 September 2019 www.data61.csiro.au Overview What is a Trustworthy System? What does

747 views • 26 slides
seL4 Microkernel Status Update Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser

seL4 Microkernel Status Update Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser

seL4 Microkernel Status Update Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser FOSDEM, Bruxelles, 2020-02-02 https://trustworthy.systems What is seL4? seL4: Assurance and Performance The worlds first operating- Worlds

253 views • 23 slides
seL4: Formal Verification of an OS Kernel . Marek.Sapota@students.mimuw.edu.pl December 15, 2010

seL4: Formal Verification of an OS Kernel . Marek.Sapota@students.mimuw.edu.pl December 15, 2010

seL4: Formal Verification of an OS Kernel . seL4: Formal Verification of an OS Kernel . Marek.Sapota@students.mimuw.edu.pl December 15, 2010 . . . . . . seL4: Formal Verification of an OS Kernel About seL4 What is seL4? Secure

169 views • 16 slides
From L3 to seL4 Background What Have We Learnt in 20 Years of L4 From L3 to L4 L3

From L3 to seL4 Background What Have We Learnt in 20 Years of L4 From L3 to L4 L3

From L3 to seL4 What Have We Learnt in 20 Years of L4 Microkernels? K. Elphinstone, G. Heiser From L3 to seL4 Background What Have We Learnt in 20 Years of L4 From L3 to L4 L3 Microkernels? L4 L4 Development Presented by Andrew

943 views • 41 slides
Verifying the seL4 Microkernel Formal Proof in Mathematics and Computer Science Lukas Stevens

Verifying the seL4 Microkernel Formal Proof in Mathematics and Computer Science Lukas Stevens

Verifying the seL4 Microkernel Formal Proof in Mathematics and Computer Science Lukas Stevens 21st June 2018 Outline 2. Design process of seL4 3. Formal methods of the correctness proof 4. Layers of the correctness proof 5. Conclusion 1 1.

754 views • 64 slides
The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser RTCSA Keynote, Aug20 https://trustworthy.systems What Is Needed For Mixed-Criticality? During a

539 views • 29 slides
NGN OAM Capabilities NGN OAM Capabilities Dinesh Mohan CTO S r. Advisor, Nortel I TU-T W

NGN OAM Capabilities NGN OAM Capabilities Dinesh Mohan CTO S r. Advisor, Nortel I TU-T W

I nternational Telecom m unication Union ITU-T NGN OAM Capabilities NGN OAM Capabilities Dinesh Mohan CTO S r. Advisor, Nortel I TU-T W orkshop NGN and its Transport Netw orks Kobe, 2 0 -2 1 April 2 0 0 6 NGN OAM Activities Update

777 views • 15 slides
Redirection Capabilities in SIP Redirection Capabilities in SIP

Redirection Capabilities in SIP Redirection Capabilities in SIP

Redirection Capabilities in SIP Redirection Capabilities in SIP draft-bharatia-sipping-redirect-00.txt Authors: J. Bharatia, S. Sen, R. Yuhanna, S. Orton, M. Watson Presenter: Mark Watson mwatson@nortelnetworks.com General Motivation SIP

478 views • 5 slides
Financial Complexity Physical Capabilities Process Capabilities Other Issues

Financial Complexity Physical Capabilities Process Capabilities Other Issues

Financial Complexity Physical Capabilities Process Capabilities Other Issues Upfront Costs - Financing (PPAs, Tax Credits, ESCOs) Split Incentive Alternatives - Virtual Net Metering Where to start? Intelligent

640 views • 8 slides
Thistle Capabilities AtBC What is Thistle? Why Thistle? Capabilities Commercial

Thistle Capabilities AtBC What is Thistle? Why Thistle? Capabilities Commercial

Thistle Capabilities AtBC What is Thistle? Why Thistle? Capabilities Commercial Capabilities Thistle Home Thistle is Market Ready Service Targets Benefits to AtBC Thistle Team & Workflow What is Thistle?

522 views • 12 slides
Capabilities Capabilities Indexing and Publishing Indexing and Publishing Jason M. Coposky

Capabilities Capabilities Indexing and Publishing Indexing and Publishing Jason M. Coposky

Capabilities Capabilities Indexing and Publishing Indexing and Publishing Jason M. Coposky June 25-28, 2019 @jason_coposky iRODS User Group Meeting 2019 Executive Director, iRODS Consortium Utrecht, Netherlands 1 iRODS Capabilities

667 views • 23 slides
Provably Trustworthy Systems seL4 and beyond Gerwin Klein Royal Society Meeting on Verified

Provably Trustworthy Systems seL4 and beyond Gerwin Klein Royal Society Meeting on Verified

Provably Trustworthy Systems seL4 and beyond Gerwin Klein Royal Society Meeting on Verified trustworthy software systems April 2016 data61.csiro.au Formal verification of real systems is happening! Formal verification of real systems

981 views • 75 slides
Manufacturing Capabilities Our Full Service product Manufacturing capabilities include:

Manufacturing Capabilities Our Full Service product Manufacturing capabilities include:

Manufacturing Capabilities Our Full Service product Manufacturing capabilities include: Sensual Pleasure Products Massage Oils Bath Oils Food Grade Body Paint Sachets Wipes Fragrances Washing & Bathing Male

101 views • 6 slides
Electro-optic diagnostics concepts & capabilities concepts & capabilities Steven Jam

Electro-optic diagnostics concepts & capabilities concepts & capabilities Steven Jam

Electro-optic diagnostics concepts & capabilities concepts & capabilities Steven Jam ison Accelerator Science and Technology Centre (ASTeC) STFC Daresbury Laboratory, UK Electro-optic effect Refractive index modified by quasi-DC

707 views • 28 slides
PLATFORM CAPABILITIES PLATFORM CAPABILITIES ABOUT CLOUDSIGMA 1. Swiss company founded in 2009,

PLATFORM CAPABILITIES PLATFORM CAPABILITIES ABOUT CLOUDSIGMA 1. Swiss company founded in 2009,

PLATFORM CAPABILITIES PLATFORM CAPABILITIES ABOUT CLOUDSIGMA 1. Swiss company founded in 2009, currently with just over 50 employees. 2. Leading IaaS provider with a focus on fl flexibility & performance. 3. Built our own cloud stack

393 views • 14 slides
dialogue systems, dialogue modeling 15 June 2007 ptt dialogue systems: intro 1/71 Dialog

dialogue systems, dialogue modeling 15 June 2007 ptt dialogue systems: intro 1/71 Dialog

dialogue systems, dialogue modeling 15 June 2007 ptt dialogue systems: intro 1/71 Dialog linguistic properties (cohesive devices) structure manifested in the dialog partys contributions speech-related phenomena: pauses and fillers

1.08k views • 60 slides
NFS-Ganesha and Clustered NAS on Distributed Storage System, GlusterFS Soumya Koduri Meghana

NFS-Ganesha and Clustered NAS on Distributed Storage System, GlusterFS Soumya Koduri Meghana

NFS-Ganesha and Clustered NAS on Distributed Storage System, GlusterFS Soumya Koduri Meghana Madhusudhan Red Hat AGENDA NFS(-Ganesha) Distributed storage system - GlusterFS Integration Clustered NFS Future Directions

821 views • 50 slides
Human-Computer Interaction April 16, 2011 Assignment observations Task, task, task! Predict

Human-Computer Interaction April 16, 2011 Assignment observations Task, task, task! Predict

4/17/2012 Human-Computer Interaction April 16, 2011 Assignment observations Task, task, task! Predict what the user will do and... Only display what is necessary Reveal information incrementally Provide feedback instantly (e.g.,

169 views • 6 slides
Turntaking and Backchanneling Linguistics 575 Shannon Watanabe May 22, 2013 Outline

Turntaking and Backchanneling Linguistics 575 Shannon Watanabe May 22, 2013 Outline

Turntaking and Backchanneling Linguistics 575 Shannon Watanabe May 22, 2013 Outline Turn-taking Background Early Research Recent Efforts A Bidding Approach to Turn-taking A Finite-state Turn-taking Model Backchannels Background A

565 views • 31 slides
Discrete Buffer and Wire Sizing for Discrete Buffer and Wire Sizing for Link-Based Non-Tree Clock

Discrete Buffer and Wire Sizing for Discrete Buffer and Wire Sizing for Link-Based Non-Tree Clock

Discrete Buffer and Wire Sizing for Discrete Buffer and Wire Sizing for Link-Based Non-Tree Clock Network Link-Based Non-Tree Clock Network Link Based Non Tree Clock Network Link Based Non Tree Clock Network Rupak Samanta, Jiang Hu and Peng Li

713 views • 30 slides
CS137: Today Electronic Design Automation SAT Davis-Putnam Data Structures Day

CS137: Today Electronic Design Automation SAT Davis-Putnam Data Structures Day

CS137: Today Electronic Design Automation SAT Davis-Putnam Data Structures Day 10: October 19, 2005 Optimizations Modern SAT Solvers Watch2 VSIDS ({z}Chaff, GRASP,miniSAT) ?restarts Learning 1 2

239 views • 9 slides
Data-Intensive Distributed Computing CS 451/651 431/631 (Winter 2018) Part 2: From MapReduce to

Data-Intensive Distributed Computing CS 451/651 431/631 (Winter 2018) Part 2: From MapReduce to

Data-Intensive Distributed Computing CS 451/651 431/631 (Winter 2018) Part 2: From MapReduce to Spark (1/2) January 18, 2018 Jimmy Lin David R. Cheriton School of Computer Science University of Waterloo These slides are available at

681 views • 67 slides
1 1 MILES SPAN MINIMUM SPANNING TREES Important: Before reading MILES SPAN , please read or

1 1 MILES SPAN MINIMUM SPANNING TREES Important: Before reading MILES SPAN , please read or

1 1 MILES SPAN MINIMUM SPANNING TREES Important: Before reading MILES SPAN , please read or at least skim the program for GB MILES . 1. Minimum spanning trees. A classic paper by R. L. Graham and Pavol Hell about the history of algorithms

623 views • 40 slides

More recommend