The Case for Writing Network Drivers in High-Level Programming Languages
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Unix Protection
View access control as a matrix Protection Ali Mashtizadeh Stanford University Subjects (processes/users) access objects (e.g., files) • Each cell of matrix has allowed permissions • 1 / 39 2 / 39 Specifying policy Two ways to slice the matrix Manually filling out matrix would be tedious • Use tools such as groups or role-based access control: • Along columns: • - Kernel stores list of who can access object along with object - Most systems you’ve used probably do this dir 1 - Examples: Unix file permissions, Access Control Lists (ACLs) Along rows: • dir 2 - Capability systems do this - More on these later. dir 3 3 / 39 4 / 39 Outline Example: Unix protection Each process has a User ID & one or more group IDs • System stores with each file: • 1 Unix protection - User who owns the file and group file is in - Permissions for user, any one in file group, and other Shown by output of ls -l command: 2 Unix security holes • user group other owner group - rw- rw- r-- dm cs140 ... index.html 3 Capability-based protection - Eachz}|{ groupz}|{ z}|{ of threez}|{ lettersz }| { specifies a subset of read, write, and execute permissions - User permissions apply to processes with same user ID - Else, group permissions apply to processes in same group - Else, other permissions apply 5 / 39 6 / 39 Unix continued Non-file permissions in Unix Directories have permission bits, too • Many devices show up in file system • - Need write permission on a directory to create or delete a file - E.g., /dev/tty1 permissions just like for files Special user root (UID 0) has all -
A Practical UNIX Capability System
A Practical UNIX Capability System Adam Langley <[email protected]> 22nd June 2005 ii Abstract This report seeks to document the development of a capability security system based on a Linux kernel and to follow through the implications of such a system. After defining terms, several other capability systems are discussed and found to be excellent, but to have too high a barrier to entry. This motivates the development of the above system. The capability system decomposes traditionally monolithic applications into a number of communicating actors, each of which is a separate process. Actors may only communicate using the capabilities given to them and so the impact of a vulnerability in a given actor can be reasoned about. This design pattern is demonstrated to be advantageous in terms of security, comprehensibility and mod- ularity and with an acceptable performance penality. From this, following through a few of the further avenues which present themselves is the two hours traffic of our stage. Acknowledgments I would like to thank my supervisor, Dr Kelly, for all the time he has put into cajoling and persuading me that the rest of the world might have a trick or two worth learning. Also, I’d like to thank Bryce Wilcox-O’Hearn for introducing me to capabilities many years ago. Contents 1 Introduction 1 2 Terms 3 2.1 POSIX ‘Capabilities’ . 3 2.2 Password Capabilities . 4 3 Motivations 7 3.1 Ambient Authority . 7 3.2 Confused Deputy . 8 3.3 Pervasive Testing . 8 3.4 Clear Auditing of Vulnerabilities . 9 3.5 Easy Configurability . -
System Calls System Calls
System calls We will investigate several issues related to system calls. Read chapter 12 of the book Linux system call categories file management process management error handling note that these categories are loosely defined and much is behind included, e.g. communication. Why? 1 System calls File management system call hierarchy you may not see some topics as part of “file management”, e.g., sockets 2 System calls Process management system call hierarchy 3 System calls Error handling hierarchy 4 Error Handling Anything can fail! System calls are no exception Try to read a file that does not exist! Error number: errno every process contains a global variable errno errno is set to 0 when process is created when error occurs errno is set to a specific code associated with the error cause trying to open file that does not exist sets errno to 2 5 Error Handling error constants are defined in errno.h here are the first few of errno.h on OS X 10.6.4 #define EPERM 1 /* Operation not permitted */ #define ENOENT 2 /* No such file or directory */ #define ESRCH 3 /* No such process */ #define EINTR 4 /* Interrupted system call */ #define EIO 5 /* Input/output error */ #define ENXIO 6 /* Device not configured */ #define E2BIG 7 /* Argument list too long */ #define ENOEXEC 8 /* Exec format error */ #define EBADF 9 /* Bad file descriptor */ #define ECHILD 10 /* No child processes */ #define EDEADLK 11 /* Resource deadlock avoided */ 6 Error Handling common mistake for displaying errno from Linux errno man page: 7 Error Handling Description of the perror () system call. -
Advanced Components on Top of a Microkernel
Faculty of Computer Science Institute for System Architecture, Operating Systems Group Advanced Components on Top of A Microkernel Björn Döbel What we talked about so far • Microkernels are cool! • Fiasco.OC provides fundamental mechanisms: – Tasks (address spaces) • Container of resources – Threads • Units of execution – Inter-Process Communication • Exchange Data • Timeouts • Mapping of resources TU Dresden, 2012-07-24 L4Re: Advanced Components Slide 2 / 54 Lecture Outline • Building a real system on top of Fiasco.OC • Reusing legacy libraries – POSIX C library • Device Drivers in user space – Accessing hardware resources – Reusing Linux device drivers • OS virtualization on top of L4Re TU Dresden, 2012-07-24 L4Re: Advanced Components Slide 3 / 54 Reusing Existing Software • Often used term: legacy software • Why? – Convenience: • Users get their “favorite” application on the new OS – Effort: • Rewriting everything from scratch takes a lot of time • But: maintaining ported software and adaptions also does not come for free TU Dresden, 2012-07-24 L4Re: Advanced Components Slide 4 / 54 Reusing Existing Software • How? – Porting: • Adapt existing software to use L4Re/Fiasco.OC features instead of Linux • Efficient execution, large maintenance effort – Library-level interception • Port convenience libraries to L4Re and link legacy applications without modification – POSIX C libraries, libstdc++ – OS-level interception • Wine: implement Windows OS interface on top of new OS – Hardware-level: • Virtual Machines TU Dresden, 2012-07-24 L4Re: -
I Have Often Mused About How the Architecture of the Cpus We Use Influ
Musings RIK FARROWEDITORIAL Rik is the editor of ;login:. have often mused about how the architecture of the CPUs we use influ- [email protected] ences the way our operating systems and applications are designed. A I book I reviewed in this issue on the history of computing managed to cement those ideas in my head. Basically, we’ve been reprising time-sharing systems since the mid-60s, whereas most systems serve very different pur- poses today. Along the way, I also encountered a couple of interesting data points, via pointers from friends who have been influencing me. One was Halvar Flake’s CYCON 2018 talk [1], and another was about a new OS project at Google. The opinion piece by Jan Mühlberg and Jo Van Bulck that appears in this issue influenced me as well, as it describes a CPU feature that, among other things, could block the use of gadgets in return-oriented programming (ROP). Flake explained that much of our current problems with security have to do with cheap com- plexity. Even though a device, like a microwave oven or intravenous drip-rate controller, only requires a PIC (Programmable Interrupt Controller), it may instead have a full-blown CPU running Windows or Linux inside it. CPUs are, by design, flexible enough to model any set of states, making them much more complex than what is needed inside a fairly simple device. Designers instead choose to use a full-blown CPU, usually with an OS not designed to be embedded, to model the states required. Vendors do this because many more people under- stand Windows or Linux programming than know how to program a PIC. -
Network Test and Monitoring Tools
ajgillette.com Technical Note Network Test and Monitoring Tools Author: A.J.Gillette Date: December 6, 2012 Revision: 1.3 Table of Contents Network Test and Monitoring Tools................................................................................................................1 Introduction.............................................................................................................................................................3 Link Characterization ...........................................................................................................................................4 Summary.................................................................................................................................................................12 Appendix A: NUTTCP..........................................................................................................................................13 Installing NUTTCP ..........................................................................................................................................13 Using NUTTCP .................................................................................................................................................13 NUTTCP Examples..........................................................................................................................................14 Appendix B: IPERF................................................................................................................................................17 -
Cloudstate: End-To-End WAN Monitoring for Cloud-Based Applications
CLOUD COMPUTING 2013 : The Fourth International Conference on Cloud Computing, GRIDs, and Virtualization CloudState: End-to-end WAN Monitoring for Cloud-based Applications Aaron McConnell, Gerard Parr, Sally McClean, Philip Morrow, Bryan Scotney School of Computing and Information Engineering University of Ulster Coleraine, Northern Ireland Email: [email protected], [email protected], [email protected], [email protected], [email protected] Abstract—Modern data centres are increasingly moving to- It is therefore necessary to have a periodic, automated wards more sophisticated cloud-based infrastructures, where means of measuring the state of the WAN link between servers are consolidated, backups are simplified and where any two addresses relevant to the successful delivery of an resources can be scaled up, across distributed cloud sites, if necessary. Placing applications and data stores across sites has application to end-users. This measurement should be taken a cost, in terms of the hosting at a given site, a cost in terms of periodically, with the time between polls being short enough the migration of application VMs and content across a network, that sudden changes in the quality of the WAN are observed, and a cost in terms of the quality of the end-to-end network but far enough part so as not to flood the network with link between the application and the end-user. This paper details monitoring traffic. Data collected from polls should also be a solution aimed at monitoring all relevant end-to-end network links between VMs, storage and end-users. -
It's Always Sunny with Openj9
It’s always sunny with OpenJ9 Dan Heidinga, Eclipse OpenJ9 Project Lead VM Architect, IBM Runtimes @danheidinga DanHeidinga 2 https://upload.wikimedia.org/wikipedia/commons/9/98/Storm_clouds.jpg cjohnson7 from Rochester, Minnesota / CC BY (https://creativecommons.org/licenses/by/2.0) My Day Job http://docs.oracle.com/javase/8/docs/index.html Eclipse OpenJ9 Created Sept 2017 http://www.eclipse.org/openj9 https://github.com/eclipse/openj9 Dual License: Eclipse Public License v2.0 Apache 2.0 Users and contributors very welcome https://github.com/eclipse/openj9/blob/master/CO NTRIBUTING.md 6 A JVM for the cloud 7 Built with the Class Libraries you know and love JDK JDK JDK JDK 8 11 14 next Single source stream at OpenJ9 No (LTS) JDK left behind! 8 Right, the cloud 9 Cloud requirements on Java ▪ Fast startup –Faster scaling for increased demand ▪ Small footprint –Improves density on servers –Improves cost for applications ▪ Quick / immediate rampup –GB/hr is key, if you run for less time you pay less money 10 OpenJ9 helps… … containers out of the box 11 Automatically detect if running in a container ▪ Based on the container limits: – Tune the GC Heap – Limit GC & active JIT threads – Constrain Runtime.availableProcessors() to cgroup quotas – Out of the box idle tuning 12 Avoid rebuilding containers just to adjust heap size ▪ -XX:InitialRAMPercentage=N – Set initial heap size as a percentage of total memory ▪ -XX:MaxRAMPercentage=N – Set maximum heap size as a percentage of total memory ▪ Running in containers with set memory limits? – OpenJ9 -
Measure Wireless Network Performance Using Testing Tool Iperf
Measure wireless network performance using testing tool iPerf By Lisa Phifer, SearchNetworking.com Many companies are upgrading their wireless networks to 802.11n for better throughput, reach, and reliability, but getting a handle on your wireless LAN's ( WLAN 's) performance is important to ensure sufficient capacity and coverage. Here, we describe how to quantify network performance using iPerf, a simple, readily-available tool that measures TCP /UDP throughput, loss, and delay. Getting started iPerf was developed to simplify TCP performance tuning by making it easy to measure maximum throughput and bandwidth. When used with UDP, iPerf can also measure datagram loss and delay (aka jitter). iPerf can be run over any kind of IP network, including local Ethernet LANs, Internet access links, and Wi-Fi networks. To use iPerf, you must install two components: an iPerf server (which listens for incoming test requests) and an iPerf client (which launches test sessions). iPerf is available as open source or executable binaries for many operating systems, including Win32, Linux, FreeBSD, MacOS X, OpenBSD, and Solaris. A Win32 iPerf installer can be found at NLANR , while a Java GUI version (JPerf) is available from SourceForge . To measure Wi-Fi performance, you probably want to install iPerf on an Ethernet host upstream from the access point ( AP ) under test -- this will be your server. Next, install iPerf on one or more Wi-Fi laptops -- these will be your clients. This is representative of a typical application flow between Wi-Fi client and wired server. If your goal is to measure AP performance, place your iPerf server on the same LAN as the AP, connected by Fast or Gigabit Ethernet. -
Fuchsia OS - a Threat to Android
Fuchsia OS - A Threat to Android Taranjeet Singh1, Rishabh Bhardwaj2 1,2Research Scholar, Institute of Information Technology and Management [email protected] , [email protected] Abstract-Fuchsia is a fairly new Operating System both personal computers as well as low power whose development was started back in 2016. running devices, particularly IOT devices. Android supports various types of devices which is Initially, Android was developed for cameras and having different types of screen size, Architecture, then it is extended to other electronic devices, etc. But problem is that whenever google releases developing apps for these devices are still a complex new updates due to a large variety of devices lots of task because of compatibility issues of native devices doesn't receive updates that are the main devices. issue with android. Android operating system supports various types of This review is about fuchsia and its current Status devices such as android wear devices, auto cars, and how is it different from the Android operating tablets, smart phones, etc. so to develop an android system. app for all these devices is a very tedious task. Keywords: Internet Of Things( IOT ), Operating The Major problem with android is, not all the System (OS), Microkernel, Little Kernel, Software devices receive updates on time. Development Kit (SDK), GitHub Fuchsia is developed to overcome these problems, I INTRODUCTION with fuchsia we can develop apps for all these devices and they can be implemented flawlessly. Fuchsia is an open source Hybrid Real-time Operating System which is under development. A. Architecture of Fuchsia Prior to Fuchsia we already had android OS which is Fuchsia uses Microkernel which is an evolution of used in almost all kinds of devices. -
Oracle Utilities Testing Accelerator Licensing Information User Manual Release 6.0.0.3.0 F35952-01
Oracle Utilities Testing Accelerator Licensing Information User Manual Release 6.0.0.3.0 F35952-01 June 2021 Oracle Utilities Testing Accelerator Licensing Information User Manual, Release 6.0.0.3.0 Copyright © 2019, 2021 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" -
Water Quality Monitoring System Operating Manual February 2002
Water Quality Monitoring System Operating Manual February 2002 (Revision A) Hydrolab Corporation 8700 Cameron Road, Suite 100 Austin, Texas 78754 USA (800)949-3766 or (512)832-8832 fax: (512)832-8839 www.hydrolab.com Quanta•G Display Operations Tree Calib Salin SpC TDS DO DO% ORP pH BP Depth 00:002 mg/L 100% YMDHM [Standard, Scale Factor, or BP] Calib Review Screen Store [Index#] Screen 1⇔2⇔32 [Index#] Clear ClearAll Screen Screen Review Screen Setup Circ Temp Salin/TDS Depth On Off °C °F PSS g/L m ft Setup Notes: 1. Pressing the Esc ∞ key always exits to the previous operation level except at the top level where it toggles the circulator on or off. 2. RTC calibration (Calib ! 00:00) and Screen 3 are only available if the RTC/PC-Dump option is installed. 3. If the RTC/PC-Dump option is installed, pressing and holding the Esc ∞ key down during power-up causes the Quanta Display to enter PC-Dump mode. Table of Contents 1 Introduction ...........................................................................................................................1 1.1 Foreword.........................................................................................................................1 1.2 Specifications..................................................................................................................1 1.3 Components ....................................................................................................................2 1.4 Assembly.........................................................................................................................3