the open kernel environment
play

The Open Kernel Environment (opening up all levels of the processing - PowerPoint PPT Presentation

Dec 15, 2023 •370 likes •631 views

The Open Kernel Environment (opening up all levels of the processing hierarchy in a 'safe' manner) Herbert Bos Bart Samwel Leiden University {herbertb,bsamwel}@liacs.nl http://www.liacs.nl/~herbertb/projects/oke/ H. Bos Leiden University

  1. The Open Kernel Environment (opening up all levels of the processing hierarchy in a 'safe' manner) Herbert Bos Bart Samwel Leiden University {herbertb,bsamwel}@liacs.nl http://www.liacs.nl/~herbertb/projects/oke/ H. Bos – Leiden University 1/15/03 1

  2. What is this about? ● goals: (1) allow 3 rd party programming of lower levels (2) safety enforced by software based isolation ● target: environments with little hardware support for isolating applications – so, no MMU or privileged instructions – example: Linux kernel, network processors ● fully optimised native code / speed ● safety/resource control – CPU, heap, stack, API, etc H. Bos – Leiden University 1/15/03 1

  3. OKE: Open Kernel Environment explicit trust management + trusted compiler ● • compiler: restrict code's access to resources depending on privileges • code loader • accepts code + authentication + credentials • if match : load code of specific type • type = with specific resource restrictions • instantiation of type happens by parameterisation • example: type = { MAX_HEAP < 1 MB } • example: instantiation = { MAX_HEAP = 100 kB } • restrictions • CPU, heap, stack (recursion), APIs • pointer, private data, access to memory bus (and more) H. Bos – Leiden University 1/15/03 1

  4. OKE Compiler object src OKE credentials Compiler (trusted) ESC policy Network parameter Object code Module A OKE Module B Compilation support code record Module C H. Bos – Leiden University 1/15/03 1

  5. OKE Code Loader admission control resources object code OKE credentials Code Loader compilation record Network Module A • credential-based authorisation used for other SCAMPI operations as well OKE Module B • compilation record is just another credential support code Module C • credentials are set explicitly and used transparently: scampi _set_authorisation_cred () H. Bos – Leiden University 1/15/03 1

  6. OKE Credentials: delegated trust management • delegated trust management using KeyNote and OpenSSL • condition can be environment specific KeyNote-Version: 2 Comment: trivial policy: authorise licensees for operation 'createFlow' Authorizer: "POLICY" Licensees: "rsa-base64:MEgCQQDMcZukqn3Wa4Z2y3wKljB/eoFnDRfNN\ B72OJLsfW6SnFRLKbXrgEnEP+7LevQEI0KsUq8NsgQmtx1btq\ lqyETdAgMBAAE=" Conditions: app_domain == "SCAMPI.MAPI" && op == "createFlow" -> "true"; KeyNote-Version: 2 Comment: OKE CL credential authorising client to load code of this type Authorizer: "rsa-base64:MEgCQQDMcZukqn3Wa4Z2y3wKljB/eoFnDRfNN\ B72OJLsfW6SnFRLKbXrgEnEP+7LevQEI0KsUq8NsgQmtx1btq\ lqyETdAgMBAAE=" Licensees: "rsa-base64:ABCDE12345" Conditions: app_domain == "SCAMPI.MAPI" && op == "createFlow" \ && param2 == "10.0.0.1" -> "true"; Signature: "sig-rsa-sha1-base64:Du1uNVtNv8sAhjni/8UnzI9H+/VM\ 9GnSM/ppgfEOAmO/QzSESYZgrwsMEPlzAFqnbNGfwusxlXEIz\ H. Bos – Leiden University 1/15/03 1

  7. Environment Setup Code (ESC) ● policies implemented as ESC that is automatically prepended to user code – defines runtime support – explicitly declares API the code can use – removes the ability to ● declare/import new APIs ● access the 'private parts' of ESC ● perform unsafe operations ● 1 translation unit => whole program analysis - part 1: macro definitions expressing parameterisation - part 2: ESC - part 3: user code H. Bos – Leiden University 1/15/03 1

  8. OKE programming language ● many different user 'classes' with different trade- offs regarding the amount of restriction needed – students – system administrators – anonymous ● avoid special-purpose languages (rather: 1 language that can be customised) ● interfacing with rest of kernel important ● ideally something like C ● Cyclone (“a crash-free dialect of C”) H. Bos – Leiden University 1/15/03 1

  9. Language features for safety ● Cyclone: strongly typed, pointer protected, garbage collected, and provides region-based mem protection ● A measure of safety is provided by combination of existing Cyclone and new features ● Spatial pointer safety – bounded pointers – non-nullable pointers -> not checked – 'normal' C pointers -> always checked H. Bos – Leiden University 1/15/03 1

  10. Language features for safety ● Temporal pointer safety – region-based protection (e.g. to prevent returning the address of a local variable), added kernel region – RBP and GC work well for Cyclone-only, but present safety issues when interacting with C code – for example: suppose an OKE module holds a pointer to kernel memory – OKE solution: ● delayed freeing plus (place blocks on kill list) ● new GC: O(n) in # of allocated blocks) ● GC round just prior to activation of the OKE module (hmmm...) ● nullifies pointers or kills modules ● delayed freeing: not always needed H. Bos – Leiden University 1/15/03 1

  11. Language features for safety ● Language restrictions forbid construct, e.g.: – forbid extern “C” // no import of C APIs – forbid namespace ... // no access to specific namespace – forbid catch ... // do not catch certain exceptions ● API and entry point wrapping – potential entry points explicitly declared (pointers can only be taken of functions declared extern) – automatically wrapped in ESC (“wrap extern”) – kernel APIs may also be wrapped H. Bos – Leiden University 1/15/03 1

  12. Language features for safety ● Sensitive data protection at compile time locked construct – sharing: parts of a data structure should be inaccessible – normal solution: anonymising – locked variables cannot be used in calculations and cannot be cast – may be declared const H. Bos – Leiden University 1/15/03 1

  13. Language features for safety ● Stack overrun protection – some dynamic checking needed (but flexible) – 2 parameters: bound and granularity H. Bos – Leiden University 1/15/03 1

  14. OKE features for safety ● timeout protection – multiple solutions ● dynamic checks in backward jumps ● timer interrupt: applied in Linux kernel ● other: applied in IXP1200 network processor – timer interrupt ● on return from interrupt: check if timeout is detected ● if so, jump to callback function registered by ESC ● this function may throw exception ● takes into account if code is executing kernel or OKE code H. Bos – Leiden University 1/15/03 1

  15. FEC overhead over C H. Bos – Leiden University 1/15/03 1

  16. Audio resampling overhead over C H. Bos – Leiden University 1/15/03 1

  17. OKE sub-projects ● OKE Corral (“OKE, Click and a dash of active networks”) ● Diet OKE (“network processors”) OKE Corral: H. Bos – Leiden University 1/15/03 1

  18. HOKE-POKE: applying OKE concepts to multiple levels push monitoring functionality to the microengines • counters • filters H. Bos – Leiden University 1/15/03 1

  19. Conclusions Advantages � OKE may form a basis for resource control even when there are multiple, mutually mistrusting parties � OKE provides resource control if required, while not incurring overhead, if not � OKE authorisation procedures can be applied throughout SCAMPI � OKE overhead can be very small indeed Disadvantages � runtime resource control comes at a runtime cost � writing ESC is complex In SCAMPI � // authorise any operation scampi_set_authorisation_creds(priv, pub, creds) � // load code (OKE or other) anywhere scampi_load_code (id, type, location, param) � scampi_unload_code (id) H. Bos – Leiden University 1/15/03 1

  20. Diet OKE – multiple application simultaneous access to microengines – application granularity: microengine ● killing applications running on MEs – by control processor (StrongARM) ● packet access – prefiltering – locked fields (compile time) ● memory access – static memory allocation + protection in API – bounds checking at runtime ● stack is not a problem H. Bos – Leiden University 1/15/03 1

  21. Diet OKE ● application framework: granularity = microengine ● 1 ME for packet reception ● 5 MEs for applications ● target: network monitors ● third parties can “plugin” their own functions ● 4 threads H. Bos – Leiden University 1/15/03 1

  22. Diet OKE ● packets received in circular buffer structure in SRAM + SDRAM ● applications can read packets whenever data is available ● fields: receive – Count – flags: W, R*, Done* ● mopping mechanism.... mop H. Bos – Leiden University 1/15/03 1

  23. Diet OKE Throughput H. Bos – Leiden University 1/15/03 1

  24. Diet OKE Applications H. Bos – Leiden University 1/15/03 1

  25. Garbage collector ● mark and sweep, assumes strong typing ● automatically generated code based on whole program analysis (compiler front-end) ● compiler detects which types can be allocated by module – by enumerating types of new and malloc – generates marking functions for each type – defines how to scan mem block of specific type for pointers – contains call to GC for every pointer in type – mem allocation calls: pass * marking function to mem subsystem – GC time: call marking functions for each block H. Bos – Leiden University 1/15/03 1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
P4 and Open vSwitch Ben Pfaff blp@nicira.com Open vSwitch Commiter Open vSwitch Architecture

P4 and Open vSwitch Ben Pfaff blp@nicira.com Open vSwitch Commiter Open vSwitch Architecture

P4 and Open vSwitch Ben Pfaff blp@nicira.com Open vSwitch Commiter Open vSwitch Architecture ... VM 1 VM 2 VM n VMs Netlink Hypervisor OVSDB kernel module ovsdb-server ovs-vswitchd user kernel OpenFlow OVSDB NICs Controller

163 views • 13 slides
ZFS Enhancing the Open Source Storage System (and the Kernel) 1 Christian Kendi Who am I?

ZFS Enhancing the Open Source Storage System (and the Kernel) 1 Christian Kendi Who am I?

ZFS Enhancing the Open Source Storage System (and the Kernel) 1 Christian Kendi Who am I? Soy Christian Kendi I do IT-Security Consultant (Kernel)-Developer Penetration tester Exploit coder CEO &amp; Founder of

591 views • 35 slides
LHC Open Network Environment LHC Open Network Environment LHC ONE Artur Barczyk California

LHC Open Network Environment LHC Open Network Environment LHC ONE Artur Barczyk California

LHC Open Network Environment LHC Open Network Environment LHC ONE Artur Barczyk California Institute of Technology California Institute of Technology GLIF Technical Working Group Meeting Hong Kong, February 25 th , 2011 g g, y , 1 2

779 views • 28 slides
A Runtime Environment for Online Processing of Operating System Kernel Events Michael Schbel,

A Runtime Environment for Online Processing of Operating System Kernel Events Michael Schbel,

A Runtime Environment for Online Processing of Operating System Kernel Events Michael Schbel, Andreas Polze 7th Intl. Workshop on Dynamic Analysis (WODA) 20. July 2009 Chicago, IL OS Kernel Event Tracing 2 Dynamic Analysis Usage

889 views • 20 slides
Feb 6: Parametric distributions What is a notebook anyway? The kernel stores the environment ,

Feb 6: Parametric distributions What is a notebook anyway? The kernel stores the environment ,

Feb 6: Parametric distributions What is a notebook anyway? The kernel stores the environment , representing variable names and their values. The notebook server listens for web requests The browser only stores the and passes them to the

490 views • 11 slides
FreeBSD Development for Smarties The quest for a better kernel development environment Lawrence

FreeBSD Development for Smarties The quest for a better kernel development environment Lawrence

FreeBSD Development for Smarties The quest for a better kernel development environment Lawrence Stewart lastewart@swin.edu.au Centre for Advanced Internet Architectures (CAIA) Swinburne University of Technology Outline Getting started 1

394 views • 35 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
Mapping the Urban Environment: Open Map Dataand Why it Matters Now @TylerSRadford @HOTOSM

Mapping the Urban Environment: Open Map Dataand Why it Matters Now @TylerSRadford @HOTOSM

Mapping the Urban Environment: Open Map Dataand Why it Matters Now @TylerSRadford @HOTOSM City populations soaring; Africa urbanizing most rapidly Why open map data, and why now? What is Open Map Data? OpenStreetMap Free, open,

605 views • 44 slides
Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based

Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based

Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based multihoming protocol 2 Traditional Multihoming peerlink switch2 switch1 Host2 Host1 3 Open Multihoming solution with VxLAN Overlay E-VPN

673 views • 11 slides
The Case for Cooperative Kernel Threads Yanjin Zhu (student) Leonid Ryzhyk (student) Peter Chubb

The Case for Cooperative Kernel Threads Yanjin Zhu (student) Leonid Ryzhyk (student) Peter Chubb

The Case for Cooperative Kernel Threads Yanjin Zhu (student) Leonid Ryzhyk (student) Peter Chubb Ihor Kuz Gernot Heiser NICTA, University of New South Wales, Open Kernel Labs Preemptive Kernel Threads Most OS kernels are multithreaded

231 views • 5 slides
Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Kernel Method Many machine learning tasks can be expressed as a function of the inner product

389 views • 22 slides
1 Kernel methods &amp; optimization One example of a kernel that is frequently used in practice

1 Kernel methods &amp; optimization One example of a kernel that is frequently used in practice

Machine Learning Class Notes 9-25-12 Prof. David Sontag 1 Kernel methods &amp; optimization One example of a kernel that is frequently used in practice and which allows for highly non-linear discriminant functions is the Gaussian kernel,

240 views • 5 slides
SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk

SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk

SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang, Peng Ning Samsung KNOX R&amp;D, Samsung Research America Motivation Operating system kernels

543 views • 25 slides
Coccinelle: 10 Years of Automated Evolution in the Linux Kernel Julia Lawall (Inria-Whisper team,

Coccinelle: 10 Years of Automated Evolution in the Linux Kernel Julia Lawall (Inria-Whisper team,

Coccinelle: 10 Years of Automated Evolution in the Linux Kernel Julia Lawall (Inria-Whisper team, Julia.Lawall@inria.fr) March 2, 2020 1 Our focus: The Linux kernel Open source OS kernel, developed by Linus Torvalds First released in

460 views • 44 slides
A Survivor's Guide to Contributing to the Linux Kernel Javier Martinez Canillas Samsung Open

A Survivor's Guide to Contributing to the Linux Kernel Javier Martinez Canillas Samsung Open

A Survivor's Guide to Contributing to the Linux Kernel Javier Martinez Canillas Samsung Open Source Group javier@osg.samsung.com Samsung Open Source Group 1 Agenda Motivation Linux development process Contribution steps

1.17k views • 55 slides
Physical Hierarchy Generation Jason Cong UCLA Computer Science Department Email:

Physical Hierarchy Generation Jason Cong UCLA Computer Science Department Email:

Physical Hierarchy Generation Jason Cong UCLA Computer Science Department Email: cong@cs.ucla.edu Tel: 310-206-2775 http://cadlab.cs.ucla.edu/~cong Outline Global interconnects in nanometer technologies Interconnect-centric design

404 views • 21 slides
EasyLocal++ Marco Chiarandini Department of Mathematics &amp; Computer Science University of

EasyLocal++ Marco Chiarandini Department of Mathematics &amp; Computer Science University of

DM841 Discrete Optimization Lecture 5 EasyLocal++ Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark Overview Enumeration for N-Queens Enumeration for Bus Driver Scheduling

272 views • 6 slides
Roadmap for Section 6.2 I/O System Components Functions of the I/O Manager Control flow for an

Roadmap for Section 6.2 I/O System Components Functions of the I/O Manager Control flow for an

Unit OS6: Device Management 6.2. The Windows I/O System Components Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 6.2 I/O System Components Functions of the I/O Manager

330 views • 14 slides
HelenOS USB USB USB for HelenOS Software project Architecture USB framework (supervisor M.

HelenOS USB USB USB for HelenOS Software project Architecture USB framework (supervisor M.

HelenOS USB USB team Introduction HelenOS USB USB USB for HelenOS Software project Architecture USB framework (supervisor M. D eck y) Drivers Demonstration Summary . Slov M. Dek anek, V. Hork y, M. Klonfar, L ak, J.

654 views • 17 slides
Introduction to OpenMP Cache Coherency Symmetric MultiProcessing Each processor in an SMP has

Introduction to OpenMP Cache Coherency Symmetric MultiProcessing Each processor in an SMP has

Introduction to OpenMP Cache Coherency Symmetric MultiProcessing Each processor in an SMP has equal access to all parts of memory same latency and bandwidth P P P P P P Bus/Interconnect Memory Examples IBM servers, Sun

565 views • 25 slides
Visualisierung 1 2015W, VU, 2.0h, 3.0EC 186.827 Eduard Grller Johanna Schmidt Oana Moraru

Visualisierung 1 2015W, VU, 2.0h, 3.0EC 186.827 Eduard Grller Johanna Schmidt Oana Moraru

Visualisierung 1 2015W, VU, 2.0h, 3.0EC 186.827 Eduard Grller Johanna Schmidt Oana Moraru Institute of Computer Graphics and Algorithms (ICGA), VUT Austria Visualization Definition The purpose of computing is insight, not numbers [R.

610 views • 50 slides
EECS 373 Design of Microprocessor-Based Systems Memory-Mapped I/O Example Bus with Memory-Mapped

EECS 373 Design of Microprocessor-Based Systems Memory-Mapped I/O Example Bus with Memory-Mapped

Today EECS 373 Design of Microprocessor-Based Systems Memory-Mapped I/O Example Bus with Memory-Mapped I/O Branden Ghena University of Michigan Bus Architectures AMBA APB Lecture 4: Memory-Mapped I/O, Bus Architectures September 11,

400 views • 9 slides
System-Level Sushil Menon 1 &amp; Dr. Suryaprasad J Center for Electronic System Level Design

System-Level Sushil Menon 1 &amp; Dr. Suryaprasad J Center for Electronic System Level Design

A Pattern based Methodology for the Design and Implementation of Multiplexed Master-Slave devices at the System-Level Sushil Menon 1 &amp; Dr. Suryaprasad J Center for Electronic System Level Design &amp; Verification PES School of Engineering

639 views • 24 slides

More recommend