mutable protection domains towards a component based
play

Mutable Protection Domains: Towards a Component-based System for - PowerPoint PPT Presentation

Feb 13, 2023 •481 likes •831 views

Mutable Protection Domains: Towards a Component-based System for Dependable and Predictable Computing Gabriel Parmer and Richard West Computer Science Deparment Boston University Boston, MA 02215 { gabep1, richwest } @cs.bu.edu December 6,

  1. Mutable Protection Domains: Towards a Component-based System for Dependable and Predictable Computing Gabriel Parmer and Richard West Computer Science Deparment Boston University Boston, MA 02215 { gabep1, richwest } @cs.bu.edu December 6, 2007

  2. Complexity of Embedded Systems Traditionally simpler software stack limited functionality and complexity focused application domain Soon cellphones will have 10s of millions of lines of code downloadable content (with real-time constraints) Trend towards increasing complexity of embedded systems Parmer, West, BU CS Mutable Protection Domains 2/27

  3. Consequences of Complexity Run-time interactions are difficult to predict and can cause faults accessing/modifying memory regions unintentionally corruption data-structures deadlocks/livelocks race-conditions . . . Faults can cause violations in correctness and predictability Parmer, West, BU CS Mutable Protection Domains 3/27

  4. Designing for Dependability and Predictability Given increasing complexity, system design must anticipate faults Memory fault isolation: limit scope of adverse side-effects of errant software identify and restart smallest possible section of the system recover from faults with minimal impact on system goals employ software/hardware techniques Preserve system reliability and predictability in spite of misbehaving and/or faulty software Parmer, West, BU CS Mutable Protection Domains 4/27

  5. Trade-offs in Isolation Granularity Increased Isolation Reduced Communication Cost Stacks Threads Protection Domains Components Library Isolation Process Isolation User-Kernel Isolation Parmer, West, BU CS Mutable Protection Domains 5/27

  6. Static HW Fault Isolation Approaches What is the “best” isolation granularity? P1 P2 user−level kernel−level Net FS Monolithic OSs provide minimal isolation to allow process independence large kernel not self-isolated, possibly extend-able → Coarse-grained isolation, but low service invocation cost Parmer, West, BU CS Mutable Protection Domains 6/27

  7. Static HW Fault Isolation Approaches (II) What is the “best” isolation granularity? Net FS P1 P2 user−level kernel−level IPC µ -kernels segregate system services out of the kernel, interact w/ Inter-Process Communication (IPC) finer-grained isolation IPC overhead limits isolation granularity → Finer-grained fault isolation, but increased service invocation cost Parmer, West, BU CS Mutable Protection Domains 6/27

  8. Static HW Fault Isolation Approaches (II) What is the “best” isolation granularity? Net FS P1 P2 user−level kernel−level IPC µ -kernels segregate system services out of the kernel, interact w/ Inter-Process Communication (IPC) finer-grained isolation IPC overhead limits isolation granularity → Finer-grained fault isolation, but increased service invocation cost Both characterized by a static system structure Parmer, West, BU CS Mutable Protection Domains 6/27

  9. Mutable Protection Domains (MPD) Goal: configure system to have finest grained fault isolation while still meeting application deadlines Mutable Protection Domains (MPDs) dynamically place protection domains between components in response to communication overheads due to isolation application deadlines being satisfied application close to missing deadlines → lessen isolation between components laxity in application deadlines → increase isolation between components Parmer, West, BU CS Mutable Protection Domains 7/27

  10. Mutable Protection Domains (MPD) (II) Mutable Protection Domains appropriate for soft real-time systems Protection domains can be made immutable where appropriate Parmer, West, BU CS Mutable Protection Domains 8/27

  11. Setup and Assumptions System is a collection of components Socket Arranged into a directed acyclic graph (DAG) TCP UDP nodes = components themselves IP edges = communication between them, P. Filter indicative of control flow Stacks Isolation over an edge can be configured to be one of the three isolation levels Threads Protection Domains Components Parmer, West, BU CS Mutable Protection Domains 9/27

  12. Isolation cost and benefit Isolation between components causes a performance penalty due to: 1 processing cost of a single invocation between those components 2 the frequency of invocations between those components → cost of each isolation level/edge Different isolation levels yield higher dependability stronger isolation → higher dependability Isolation between specific components more important debugging, testing, unreliable components, . . . → benefit of each isolation levels/edge Parmer, West, BU CS Mutable Protection Domains 10/27

  13. Isolation cost and benefit Isolation between components causes a performance penalty due to: 1 processing cost of a single invocation between those components 2 the frequency of invocations between those components → cost of each isolation level/edge Different isolation levels yield higher dependability stronger isolation → higher dependability Isolation between specific components more important debugging, testing, unreliable components, . . . → benefit of each isolation levels/edge This paper studies the policies concerning when and where isolation should be present Parmer, West, BU CS Mutable Protection Domains 10/27

  14. Problem Definition where s i ∈ For a solution set s { 1 , . . . , # isolation levels } Parmer, West, BU CS Mutable Protection Domains 11/27

  15. Problem Definition where s i ∈ For a solution set s { 1 , . . . , # isolation levels } maximize Maximize the dependability of � the system . . . ∀ i ∈ edges benefit is i Parmer, West, BU CS Mutable Protection Domains 11/27

  16. Problem Definition where s i ∈ For a solution set s { 1 , . . . , # isolation levels } maximize Maximize the dependability of � the system . . . ∀ i ∈ edges benefit is i while While meeting task deadlines � ≤ ∀ i ∈ edges cost is i . . . surplus resources Parmer, West, BU CS Mutable Protection Domains 11/27

  17. Problem Definition where s i ∈ For a solution set s { 1 , . . . , # isolation levels } maximize Maximize the dependability of � the system . . . ∀ i ∈ edges benefit is i while While meeting task deadlines � ∀ i ∈ edges cost is i k ≤ . . . surplus resources k For each task in the system ∀ k ∈ tasks Parmer, West, BU CS Mutable Protection Domains 11/27

  18. Multi-Dimensional, Multiple-Choice Knapsack � maximize benefit is i ∀ i ∈ edges � subject to cost is i k ≤ surplus resources k , ∀ k ∈ tasks ∀ i ∈ edges s i ∈ { 1 , . . . , max isolation level } , ∀ i ∈ edges This problem is a multi-dimensional, multiple-choice knapsack problem (MMKP) multi-dimensional - multiple resource constraints multiple-choice - configure each edge in one of the isolation levels NP-Hard problem heuristics, pseudo-poly dynamic prog., branch-bound Parmer, West, BU CS Mutable Protection Domains 12/27

  19. One-Dimensional Knapsack Problem Effective and inexpensive greedy solutions to one-dimensional knapsack problem exist sort isolation levels/edges based on benefit density , ratio of benefit to cost increase isolation by including isolation levels/edges from head until resources are expended . . . but we have multiple dimensions of cost Parmer, West, BU CS Mutable Protection Domains 13/27

  20. Solutions - Reducing Resource Dimensions Compute an aggregate cost for each edge single value representing a combination of the costs for all tasks for an edge: ∀ k , cost is i k → agg cost is i some tasks very resource constrained, some aren’t intelligently weight costs for task k to compute aggregate cost Parmer, West, BU CS Mutable Protection Domains 14/27

  21. Solutions - HEU 1 compute aggregate cost for each isolation level/edge 2 include isolation level/edge with best benefit density in solution configuration 3 goto 1 until resources expended Fine-grained refinement of aggregate cost recompute once every time an isolation level/edge is added to the current solution configuration Parmer, West, BU CS Mutable Protection Domains 15/27

  22. Solutions - coarse and oneshot Refinement 1 compute aggregate cost for each isolation level/edge 2 sort by benefit density 3 include isolation level/edge from head 4 goto 3, until resources expended 5 recompute aggregate costs based on resource surpluses with solution configuration 6 goto 2 N times and return highest benefit configuration N > 1: coarse-grained refinement recompute once per total configuration found execution time linearly increases with N N = 1: oneshot very quick no aggregate cost refinement Parmer, West, BU CS Mutable Protection Domains 16/27

  23. Solution Runtimes 1000000 100000 Runtime (microseconds) 10000 oneshot 1000 coarse fine 100 10 1 100 500 1500 3000 Number of Isolation Instances Parmer, West, BU CS Mutable Protection Domains 17/27

  24. System Dynamics System is dynamic changing communication costs over edges as threads alter execution paths between components changing resource availabilities as threads vary intra-component execution time per-invocation cost overheads vary different cache working sets, invocation argument size, . . . System must refine the system isolation configuration as these variables change Parmer, West, BU CS Mutable Protection Domains 18/27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security 1 Recap: Protection Protection Prevent unintended/unauthorized accesses

Security 1 Recap: Protection Protection Prevent unintended/unauthorized accesses

Security 1 Recap: Protection Protection Prevent unintended/unauthorized accesses Protection domains Class hierarchy: root can to everything a normal user can do + alpha Access control matrix Domains (Users)

575 views • 24 slides
A Java Based Component Identification Tool for Measuring Circuit Protections James D. Parham J.

A Java Based Component Identification Tool for Measuring Circuit Protections James D. Parham J.

A Java Based Component Identification Tool for Measuring Circuit Protections James D. Parham J. Todd McDonald Michael R. Grimaila Yong C. Kim 1 Background Program Protection Software (programs) are the 1s and 0s representing language

216 views • 19 slides
New Top-Level-Domains Regulatory issues, dispute resolution and rights protection Dr. Tobias

New Top-Level-Domains Regulatory issues, dispute resolution and rights protection Dr. Tobias

New Top-Level-Domains Regulatory issues, dispute resolution and rights protection Dr. Tobias Mahler Norwegian Research Center for Computers and Law, University of Oslo 1 Agenda The new gTLD program Internet Governance & regulatory

696 views • 31 slides
Component-based Robotics Middleware Software Development and Integration in Robotics (SDIR V)

Component-based Robotics Middleware Software Development and Integration in Robotics (SDIR V)

Motivation Use Case Component-based Robotics Middleware Conclusion and Discussion Component-based Robotics Middleware Software Development and Integration in Robotics (SDIR V) Tutorial on Component-based Robotics Engineering 2010 IEEE

597 views • 37 slides
CIVILIAN PROTECTION COMPONENT (CPC) PROGRAM Consultations During Preparatory Phase

CIVILIAN PROTECTION COMPONENT (CPC) PROGRAM Consultations During Preparatory Phase

CONFLICT PREVENTION PROGRAM (CPP) CIVILIAN PROTECTION COMPONENT (CPC) PROGRAM Consultations During Preparatory Phase Leaderships of Key Parties and ground commanders. Civil Society Organizations working for Peace in Mindanao. Local

893 views • 47 slides
Linking DNS with blockchain-based ENS records Brantly Millegan / brantly@ens.domains Hello! Me :

Linking DNS with blockchain-based ENS records Brantly Millegan / brantly@ens.domains Hello! Me :

Linking DNS with blockchain-based ENS records Brantly Millegan / brantly@ens.domains Hello! Me : Brantly Millegan Work : True Names LTD (Singaporean non-profit) Open source project : Ethereum Name Service Website : https://ens.domains Blockchain

796 views • 31 slides
Component- -based, Context based, Context- -aware aware Component Software Systems Software

Component- -based, Context based, Context- -aware aware Component Software Systems Software

Component- -based, Context based, Context- -aware aware Component Software Systems Software Systems Workshop on Spontaneous Networking Rutgers University Michael Przybilski 1 10.05.2006 michael.przybilski@cs.helsinki.fi Outline

593 views • 19 slides
Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Silberschatz, Galvin, and Gagne

314 views • 16 slides
Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Operating System Concepts 18.1

355 views • 19 slides
What You Need to Know About the Paycheck Protection Program Component of the CARES Act Brian J.

What You Need to Know About the Paycheck Protection Program Component of the CARES Act Brian J.

What You Need to Know About the Paycheck Protection Program Component of the CARES Act Brian J. Sharkey, Director-in-Charge Business Advisory Group Steven E. Staugaitis, Director, Audit & Accounting Thomas C. Yankanich, Director, Audit

365 views • 15 slides
Modeling Component- -based based Modeling Component Systems in BIP Systems in BIP ETR 2007

Modeling Component- -based based Modeling Component Systems in BIP Systems in BIP ETR 2007

Modeling Component- -based based Modeling Component Systems in BIP Systems in BIP ETR 2007 ETR 2007 Nantes, Sept. 2007 Nantes, Sept. 2007 Joseph Sifakis VERIMAG sifakis@imag.fr In collaboration with G. Goessler (INRIA), A. Basu, M.

1.07k views • 80 slides
Topic 19 (define x (cons 'a 'b)) Mutable Data Objects x --> (a . b) Primitive mutators for

Topic 19 (define x (cons 'a 'b)) Mutable Data Objects x --> (a . b) Primitive mutators for

Mutable data Basic operations like cons, car, cdr can construct list structure and select its parts, but cannot modify. Topic 19 (define x (cons 'a 'b)) Mutable Data Objects x --> (a . b) Primitive mutators for pairs: set-car! And

460 views • 8 slides
Component-Based Semantics Peter D. Mosses Swansea University (emeritus) TU Delft (visitor)

Component-Based Semantics Peter D. Mosses Swansea University (emeritus) TU Delft (visitor)

Component-Based Semantics Peter D. Mosses Swansea University (emeritus) TU Delft (visitor) IFIP WG 2.2 Meeting, Bordeaux, September 2017 Component-based semantics Aims encourage language developers to use formal semantics Means

527 views • 27 slides
ICANN's New Generic Top Level Domains Strategies for Domain Name Registration and Brand Protection

ICANN's New Generic Top Level Domains Strategies for Domain Name Registration and Brand Protection

ICANN's New Generic Top Level Domains Strategies for Domain Name Registration and Brand Protection presents presents A Live 90-Minute Teleconference/Webinar with Interactive Q&A Today's panel features: Today s panel features: J. Scott

469 views • 30 slides
Using Component Redundancy for adaptive, self-optimising and self-healing Component-Based Systems

Using Component Redundancy for adaptive, self-optimising and self-healing Component-Based Systems

Performance Engineering Laboratory Using Component Redundancy for adaptive, self-optimising and self-healing Component-Based Systems Ada Diaconescu, John Murphy Performance Engineering Laboratory Dublin City University Ada Diaconescu

352 views • 11 slides
Domains of Warfare Space Sp ace Cybe Cy ber- Air ir Sp Space ace Five Fi Domains of

Domains of Warfare Space Sp ace Cybe Cy ber- Air ir Sp Space ace Five Fi Domains of

Domains of Warfare Space Sp ace Cybe Cy ber- Air ir Sp Space ace Five Fi Domains of Doma of Warfar are Lan and Se Sea Joint M ultinational Combined Arms Live-Fire Exercise Camp Grayling-Alpena CRTC 2010-2018 NORTHERN

310 views • 4 slides
MPD Multi-link PPP daemon linpc Computer Center, CS, NCTU mpd Mpd is a netgraph(4) based

MPD Multi-link PPP daemon linpc Computer Center, CS, NCTU mpd Mpd is a netgraph(4) based

MPD Multi-link PPP daemon linpc Computer Center, CS, NCTU mpd Mpd is a netgraph(4) based implementation of the multi-link PPP protocol for FreeBSD /usr/ports/net/mpd5 pkg install mpd5 It supports several of the numerous PPP

718 views • 14 slides
Coarse-to-fine recognition for weighted tree-stack automata Max Korn 27. Oktober 2017 1 / 2

Coarse-to-fine recognition for weighted tree-stack automata Max Korn 27. Oktober 2017 1 / 2

Coarse-to-fine recognition for weighted tree-stack automata Max Korn 27. Oktober 2017 1 / 2 Motivation Problem: Parsing with complicated grammars and recognition with complicated automata are time intensive 2 / 2 Motivation Problem:

1.32k views • 106 slides
Redelivery Management and Technical Aspects of Leases Oisn Murray - Head of Technical and Asset

Redelivery Management and Technical Aspects of Leases Oisn Murray - Head of Technical and Asset

This image cannot currently be displayed. Redelivery Management and Technical Aspects of Leases Oisn Murray - Head of Technical and Asset Management Agenda Ag Le Lease Agreement Technical Considerations Ma Maintenance Overv rview

469 views • 20 slides
The Connection: The 7 th Concern for innovation - Case study on Serial Innovation in Petrol Pumps

The Connection: The 7 th Concern for innovation - Case study on Serial Innovation in Petrol Pumps

The Connection: The 7 th Concern for innovation - Case study on Serial Innovation in Petrol Pumps (Part 2) DE 402 Introduction to Design Case Studies Chakkus 7Cs: The Seven Concerns for Innovation by Design 1. The Cause The

428 views • 42 slides
Spin dynamics of a millisecond pulsar around a massive black hole Jiale Kaye Li (Physics

Spin dynamics of a millisecond pulsar around a massive black hole Jiale Kaye Li (Physics

Spin dynamics of a millisecond pulsar around a massive black hole Jiale Kaye Li (Physics Department, The Chinese University of Hong Kong) Collaborator: Prof Kinwah Wu (Mullard Space Science Laboratory, University College London, UK)

265 views • 23 slides
Application-Transparent Checkpoint/Restart for MPI Programs over InfiniBand Qi Gao, Weikuan Yu,

Application-Transparent Checkpoint/Restart for MPI Programs over InfiniBand Qi Gao, Weikuan Yu,

Application-Transparent Checkpoint/Restart for MPI Programs over InfiniBand Qi Gao, Weikuan Yu, Wei Huang, Dhabaleswar K. Panda Network-Based Computing Laboratory Department of Computer Science & Engineering The Ohio State University

635 views • 26 slides
t r GF ( m )

t r GF ( m )

tt trt t tt s Prs t GF ( m ) P tr

733 views • 57 slides
Process Slides 1 Directing a Project Mandate REQUEST AN EXCEPTION PLAN Ad Ad Ad Ad hoc

Process Slides 1 Directing a Project Mandate REQUEST AN EXCEPTION PLAN Ad Ad Ad Ad hoc

02/02/2020 Process Slides 1 Directing a Project Mandate REQUEST AN EXCEPTION PLAN Ad Ad Ad Ad hoc hoc hoc hoc Controlling Contr Controlling Controlling Managing a Stage Boundary Managing a Stage Boundary Managing a Stage

530 views • 34 slides

More recommend