DOCSLIB.ORG

WINGERT a Thread Migrating OS for Real-Time Applications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
WINGERT a Thread Migrating OS for Real-Time Applications WAMOS @ HSRM Wiesbaden 2014-02-13 A. Zuepke WINGERT A Thread Migrating OS for Real-Time Applications Alexander Züpke [email protected] WAMOS @ HSRM Wiesbaden 2014-02-13 About Me A. Zuepke Alexander Züpke 1999 – 2003: Diploma in Computer Engineering University of Applied Sciences Gelsenkirchen 2003 – now: Kernel Hacker on PikeOS SYSGO AG, Klein-Winternheim 2012 – now: PhD Student RheinMain University of Applied Sciences Wiesbaden 2 WAMOS @ HSRM Wiesbaden 2014-02-13 Wingert A. Zuepke Win·gert m., Pl: Win·ger·te German word in Rhine-Hessian dialect for a vineyard derived from the Middle High German word wîngarte (wine garden) 3 WAMOS @ HSRM Wiesbaden 2014-02-13 Wingert OS A. Zuepke WIesbaden Next Generation Experimental Real-Time Operating System … or: WINGERT Is a New Great Experimental Real-Time Operating System 4 WAMOS @ HSRM Wiesbaden 2014-02-13 Outline A. Zuepke ● Motivation ● System Architecture ● Various Use Cases of Thread Migration ● Resource Management ● Futexes and Locking ● Current Status of the Implementation ● Conclusion ● Outlook 5 WAMOS @ HSRM Wiesbaden 2014-02-13 Motivation A. Zuepke Safety Critical Systems … 6 WAMOS @ HSRM Wiesbaden 2014-02-13 A. Zuepke 7 WAMOS @ HSRM Wiesbaden 2014-02-13 A. Zuepke 8 WAMOS @ HSRM Wiesbaden 2014-02-13 Motivation A. Zuepke Safety requirements for shared resources ● IEC 61508 “An E/E/PE* safety-related system will usually implement more than one safety function. If the safety integrity requirements for these safety functions differ, unless there is sufficient independence of implementation between them, the requirements applicable to the highest relevant safety integrity level shall apply to the entire E/E/PE safety-related system.” ● ISO 26262 “Freedom of interference” * E/E/PE: electrical / electronic / programmable electronic 9 WAMOS @ HSRM Wiesbaden 2014-02-13 Motivation A. Zuepke Mixed-criticality system Separation by Partitioning ARINC 653: P1 P2 P3 P4 – Spatial Partitioning most less least – Time Partitioning critical critical critical critical user mode supervisor mode OS Kernel 10 WAMOS @ HSRM Wiesbaden 2014-02-13 Motivation A. Zuepke Own Experience: Micro kernels are nice, but building reliable systems with them is still too painful! Lots of engineering challenges: – bounded WCET when Linux runs on top? – independent analyses of partitions? – more threads + more synchronization = more safety? 11 WAMOS @ HSRM Wiesbaden 2014-02-13 System Architecture A. Zuepke ● Design Choices – Hierarchical system design – Small TCB – Minimalistic kernel P1 P2 P3 P4 ● Address spaces most less least ● Threads critical critical critical critical ● Capabilities shared driver 2 ● Resource partitioning ● Preemptive kernel shared driver 1 ● State of the art scheduling OS Kernel – Thread migration 12 WAMOS @ HSRM Wiesbaden 2014-02-13 A. Zuepke Thread Migration 13 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke ● Definition of “thread migration” in literature – a client lends its thread to the server – the server is a passive entity ● Examples P1 P2 P3 P4 – Mach (Ford) – Sun's Spring – Pebble – Composite – … OS Kernel 14 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Decompose a thread into Body and Soul: ● Body: user part of a thread Body – register context ● Entry point ● User Stack – user stack ● TLS ● Soul: kernel part of a thread – scheduling attributes – kernel stack Soul Ghost: soul without a body ● Priority ● Deadline initial state ● Kernel Stack idle threads 15 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Decompose a thread into Body and Soul: ● Body: user part of a thread Body – register context ● Entry point ● User Stack – user stack ● TLS ● Soul: kernel part of a thread – scheduling attributes – kernel stack Soul ● Ghost: soul without a body ● Priority ● Deadline – initial state ● Kernel Stack – idle threads 16 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Synchronous call and return operations: – a soul migrates back and forth between bodies – forms a call chain active body free body soul 17 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Synchronous call and return operations: – a soul migrates back and forth between bodies – forms a call chain occupied body active body free body call soul 18 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Synchronous call and return operations: – a soul migrates back and forth between bodies – forms a call chain occupied body active body call 19 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Synchronous call and return operations: – a soul migrates back and forth between bodies – forms a call chain occupied body active body free body return 20 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Synchronous call and return operations: – a soul migrates back and forth between bodies – forms a call chain active body free body return 21 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke The forward operation: – to call another body – without keeping the caller occupied 22 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke The forward operation: – to call another body – without keeping the caller occupied ll ca 23 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke The forward operation: – to call another body – without keeping the caller occupied ard forw 24 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke The forward operation: – to call another body – without keeping the caller occupied 25 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke The forward operation: – to call another body – without keeping the caller occupied r eturn 26 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Asynchronous fork / join operations: – fork: tell an idle soul to call a body – join: asynchronous call returns fork go for It! 27 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Asynchronous fork / join operations: – fork: tell an idle soul to call a body – join: asynchronous call returns call 28 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Asynchronous fork / join operations: – fork: tell an idle soul to call a body – join: asynchronous call returns 29 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Asynchronous fork / join operations: – fork: tell an idle soul to call a body – join: asynchronous call returns return 30 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Asynchronous fork / join operations: – fork: tell an idle soul to call a body – join: asynchronous call returns I'm done! join 31 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Signals and Exception Handling: ● Exceptions – implicitly turn exceptions into calls to exception-handlers – pass faulting register context to called body Exception Handler Signals Faulter signal delivery: force a soul c a l l into a (non-voluntary) call software raised exception 32 WAMOS @ HSRM Wiesbaden 2014-02-13 Thread Migration A. Zuepke Signals and Exception Handling: ● Exceptions – implicitly turn exceptions into calls to exception-handlers – pass faulting register context to called body Exception Handler ● Signals Faulter – signal delivery: force a soul c a l l into a (non-voluntary) call – fo software raised exception rce ex c. Other 33 WAMOS @ HSRM Wiesbaden 2014-02-13 Concurrent Access A. Zuepke ● Two souls want to enter the same body … – First come, first serve! The other soul has to wait. – Entry wait queue Q – FIFO or priority ordering – Priority inheritance call Q 34 WAMOS @ HSRM Wiesbaden 2014-02-13 Concurrent Access A. Zuepke ● Two souls want to enter the same body … – First come, first serve! The other soul has to wait. – Entry wait queue Q – FIFO or priority ordering – Priority inheritance Q 35 WAMOS @ HSRM Wiesbaden 2014-02-13 Concurrent Access A. Zuepke ● Two souls want to enter the same body … – First come, first serve! The other soul has to wait. – Entry wait queue Q – FIFO or priority ordering – Priority inheritance call Q 36 WAMOS @ HSRM Wiesbaden 2014-02-13 Concurrent Access A. Zuepke ● Two souls want to enter the same body … – First come, first serve! The other soul has to wait. – Entry wait queue Q – FIFO or priority ordering – Priority inheritance Q waiting 37 WAMOS @ HSRM Wiesbaden 2014-02-13 Concurrent Access A. Zuepke ● Two souls want to enter the same body … – First come, first serve! The other soul has to wait. – Entry wait queue Q – FIFO or priority ordering – Priority inheritance rn Q retu waiting 38 WAMOS @ HSRM Wiesbaden 2014-02-13 Concurrent Access A. Zuepke ● Two souls want to enter the same body … – First come, first serve! The other soul has to wait. – Entry wait queue Q – FIFO or priority ordering – Priority inheritance Q 39 WAMOS @ HSRM Wiesbaden 2014-02-13 Parking Souls A. Zuepke ● The Parking Lot: – a place where souls can rest outside the body – parking: put the currently active soul in P – unparking: move a parked soul from P to Q – the parking queue P is an unsorted queue P Q 40 WAMOS @ HSRM Wiesbaden 2014-02-13 Parking Souls A. Zuepke ● The Parking Lot: – a place where souls can rest outside the body – parking: put the currently active soul in P – unparking: move a parked soul from P to Q – the parking queue P is an unsorted queue park P Q 41 WAMOS @ HSRM Wiesbaden 2014-02-13 Parking Souls A. Zuepke ● The Parking Lot: – a place where souls can rest outside the body – parking: put the currently active soul in P – unparking: move a parked soul from P to Q – the parking queue P is an unsorted queue call P Q 42 WAMOS @ HSRM Wiesbaden 2014-02-13 Parking Souls A. Zuepke ● The Parking Lot: – a place where souls can rest outside the body – parking: put the currently active soul in P – unparking: move a parked soul from P to Q – the parking queue P is an unsorted queue unpark P Q 43 WAMOS @ HSRM Wiesbaden 2014-02-13 Parking Souls A.
Load more

Recommended publications
  • Confine: Automated System Call Policy Generation for Container
    Confine: Automated System Call Policy Generation for Container Attack Surface Reduction Seyedhamed Ghavamnia Tapti Palit Azzedine Benameur Stony Brook University Stony Brook University Cloudhawk.io Michalis Polychronakis Stony Brook University Abstract The performance gains of containers, however, come to the Reducing the attack surface of the OS kernel is a promising expense of weaker isolation compared to VMs. Isolation be- defense-in-depth approach for mitigating the fragile isola- tween containers running on the same host is enforced purely in tion guarantees of container environments. In contrast to software by the underlying OS kernel. Therefore, adversaries hypervisor-based systems, malicious containers can exploit who have access to a container on a third-party host can exploit vulnerabilities in the underlying kernel to fully compromise kernel vulnerabilities to escalate their privileges and fully com- the host and all other containers running on it. Previous con- promise the host (and all the other containers running on it). tainer attack surface reduction efforts have relied on dynamic The trusted computing base in container environments analysis and training using realistic workloads to limit the essentially comprises the entire kernel, and thus all its set of system calls exposed to containers. These approaches, entry points become part of the attack surface exposed to however, do not capture exhaustively all the code that can potentially malicious containers. Despite the use of strict potentially be needed by future workloads or rare runtime software isolation mechanisms provided by the OS, such as conditions, and are thus not appropriate as a generic solution. capabilities [1] and namespaces [18], a malicious tenant can Aiming to provide a practical solution for the protection leverage kernel vulnerabilities to bypass them.
    [Show full text]
  • Operating System Support for Run-Time Security with a Trusted Execution Environment
    Operating System Support for Run-Time Security with a Trusted Execution Environment - Usage Control and Trusted Storage for Linux-based Systems - by Javier Gonz´alez Ph.D Thesis IT University of Copenhagen Advisor: Philippe Bonnet Submitted: January 31, 2015 Last Revision: May 30, 2015 ITU DS-nummer: D-2015-107 ISSN: 1602-3536 ISBN: 978-87-7949-302-5 1 Contents Preface8 1 Introduction 10 1.1 Context....................................... 10 1.2 Problem....................................... 12 1.3 Approach...................................... 14 1.4 Contribution.................................... 15 1.5 Thesis Structure.................................. 16 I State of the Art 18 2 Trusted Execution Environments 20 2.1 Smart Cards.................................... 21 2.1.1 Secure Element............................... 23 2.2 Trusted Platform Module (TPM)......................... 23 2.3 Intel Security Extensions.............................. 26 2.3.1 Intel TXT.................................. 26 2.3.2 Intel SGX.................................. 27 2.4 ARM TrustZone.................................. 29 2.5 Other Techniques.................................. 32 2.5.1 Hardware Replication........................... 32 2.5.2 Hardware Virtualization.......................... 33 2.5.3 Only Software............................... 33 2.6 Discussion...................................... 33 3 Run-Time Security 36 3.1 Access and Usage Control............................. 36 3.2 Data Protection................................... 39 3.3 Reference
    [Show full text]
  • Master Thesis
    Charles University in Prague Faculty of Mathematics and Physics MASTER THESIS Petr Koupý Graphics Stack for HelenOS Department of Distributed and Dependable Systems Supervisor of the master thesis: Mgr. Martin Děcký Study programme: Informatics Specialization: Software Systems Prague 2013 I would like to thank my supervisor, Martin Děcký, not only for giving me an idea on how to approach this thesis but also for his suggestions, numerous pieces of advice and significant help with code integration. Next, I would like to express my gratitude to all members of Hele- nOS developer community for their swift feedback and for making HelenOS such a good plat- form for works like this. Finally, I am very grateful to my parents and close family members for supporting me during my studies. I declare that I carried out this master thesis independently, and only with the cited sources, literature and other professional sources. I understand that my work relates to the rights and obligations under the Act No. 121/2000 Coll., the Copyright Act, as amended, in particular the fact that the Charles University in Pra- gue has the right to conclude a license agreement on the use of this work as a school work pursuant to Section 60 paragraph 1 of the Copyright Act. In Prague, March 27, 2013 Petr Koupý Název práce: Graphics Stack for HelenOS Autor: Petr Koupý Katedra / Ústav: Katedra distribuovaných a spolehlivých systémů Vedoucí diplomové práce: Mgr. Martin Děcký Abstrakt: HelenOS je experimentální operační systém založený na mikro-jádrové a multi- serverové architektuře. Před započetím této práce již HelenOS obsahoval početnou množinu moderně navržených subsystémů zajišťujících různé úkoly v rámci systému.
    [Show full text]
  • An Operating System Architecture for Intra-Kernel Privilege Separation
    Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation Nathan Dautenhahn1, Theodoros Kasampalis1, Will Dietz1, John Criswell2, and Vikram Adve1 1University of Illinois at Urbana-Champaign, 2University of Rochester fdautenh1, kasampa2, wdietz2, [email protected], [email protected] Abstract 1. Introduction Monolithic operating system designs undermine the security Critical information protection design principles, e.g., fail- of computing systems by allowing single exploits anywhere safe defaults, complete mediation, least privilege, and least in the kernel to enjoy full supervisor privilege. The nested common mechanism [34, 40, 41], have been well known kernel operating system architecture addresses this problem for several decades. Unfortunately, monolithic commodity by “nesting” a small isolated kernel within a traditional operating systems (OSes), like Windows, Mac OS X, Linux, monolithic kernel. The “nested kernel” interposes on all and FreeBSD, lack sufficient protection mechanisms with updates to virtual memory translations to assert protections which to adhere to these design principles. As a result, on physical memory, thus significantly reducing the trusted these OS kernels define and store access control policies in computing base for memory access control enforcement. We main memory which any code executing within the kernel incorporated the nested kernel architecture into FreeBSD can modify. The impact of this default, shared-everything on x86-64 hardware while allowing the entire operating environment is that the entirety of the kernel, including system, including untrusted components, to operate at the potentially buggy device drivers [12], forms a single large highest hardware privilege level by write-protecting MMU trusted computing base (TCB) for all applications on the translations and de-privileging the untrusted part of the system.
    [Show full text]
  • Towards a Formally Verified Microkernel Using the VCC Verifier
    Towards a Formally Verified Microkernel using the VCC Verifier Joaquim Jose´ e Silva de Carvalho Tojal Submitted to University of Beira Interior in candidature for the degree of Master in Computer Science Supervised by Simao˜ Melo de Sousa Co-supervised by Jose´ Miguel Faria Department of Computer Science University of Beira Interior Covilha,˜ Portugal http://www.di.ubi.pt Acknowledgements I would like to express my deep thank to all those who in one way or another, contributed to the achievement of this work, in particular: To my supervisor, Professor Simao˜ Melo de Sousa, for scientific guidance and support that has always had, without which the achievement of this work would not be possible. To my co-supervisor, Jose´ Miguel Faria, for the availability, interest, guidance and friend- ship that has always had and that was very important to the success of this work. To Andre´ Passos by the friendship and constant support. To all my colleagues in Critical Software who helped me with xLuna. To Critical Software for giving me the opportunity to develop this thesis in a company like that, which was a very enriching experience. To my girlfriend, Rita, for the patience and care she had for me throughout this period, for the help, support and constant encouragement. To my parents, Marilia and Adriano, and my brother, Ricardo, for their trust and care that always gave me and for all the support, because without it would never have gotten where I am. For all of you: Thanks! iii iv Abstract In this thesis we present the design by contract modular approach to formal verification of an industrial real-time microkernel which was not designed with formal verification in mind.
    [Show full text]
  • The Journal for the International Ada Community
    TThehe journaljournal forfor thethe internationalinternational AdaAda communitycommunity AdaAda UserUser Volume 41 Journal Number 1 Journal March 2020 Editorial 3 Quarterly News Digest 4 Conference Calendar 21 Forthcoming Events 29 Anniversary Articles J. Barnes From Byron to the Ada Language 31 C. Brandon CubeSat, the Experience 36 B.M. Brosgol How to Succeed in the Software Business while Giving Away the Source Code: The AdaCore Experience 43 Special Contribution J. Cousins ARG Work in Progress IV 47 Proceedings of the Workshop on Challenges and New Approaches for Dependable and Cyber-Physical Systems of Ada-Europe 2019 L. Nogueira, A. Barros, C. Zubia, D. Faura, D. Gracia Pérez, L.M. Pinho Non-functional Requirements in the ELASTIC Architecture 51 Puzzle J. Barnes Forty Years On and Going Strong 57 Produced by Ada-Europe Editor in Chief António Casimiro University of Lisbon, Portugal [email protected] Ada User Journal Editorial Board Luís Miguel Pinho Polytechnic Institute of Porto, Portugal Associate Editor [email protected] Jorge Real Universitat Politècnica de València, Spain Deputy Editor [email protected] Patricia López Martínez Universidad de Cantabria, Spain Assistant Editor [email protected] Kristoffer N. Gregertsen SINTEF, Norway Assistant Editor [email protected] Dirk Craeynest KU Leuven, Belgium Events Editor [email protected] Alejandro R. Mosteo Centro Universitario de la Defensa, Zaragoza, Spain News Editor [email protected] Ada-Europe Board Tullio Vardanega (President) Italy University
    [Show full text]
  • Implementing Molecular Dynamics on Hybrid High Performance Computers - Short Range Forces
    Implementing Molecular Dynamics on Hybrid High Performance Computers - Short Range Forces W. Michael Browna,∗, Peng Wangb, Steven J. Plimptonc, Arnold N. Tharringtond aNational Center for Computational Sciences, Oak Ridge National Laboratory, Oak Ridge, Tennessee, USA bNVIDIA, Santa Clara, CA, USA cSandia National Laboratory, Albuquerque, New Mexico, USA dNational Center for Computational Sciences, Oak Ridge National Laboratory, Oak Ridge, Tennessee, USA Abstract The use of accelerators such as graphics processing units (GPUs) has become popular in scientific computing applications due to their low cost, impressive floating-point capabilities, high memory bandwidth, and low electrical power requirements. Hybrid high- performance computers, machines with more than one type of floating-point processor, are now becoming more prevalent due to these advantages. In this work, we discuss several important issues in porting a large molecular dynamics code for use on parallel hybrid machines - 1) choosing a hybrid parallel decomposition that works on central processing units (CPUs) with distributed memory and accelerator cores with shared memory, 2) minimizing the amount of code that must be ported for efficient acceleration, 3) utilizing the available processing power from both multi-core CPUs and accelerators, and 4) choosing a programming model for acceleration. We present our solution to each of these issues for short-range force calculation in the molecular dynamics package LAMMPS, however, the methods can be applied in many molecular dynamics codes. Specifically, we describe algorithms for efficient short range force calculation on hybrid high-performance machines. We describe an approach for dynamic load balancing of work between CPU and accelerator cores. We describe the Geryon library that allows a single code to compile with both CUDA and OpenCL for use on a variety of accelerators.
    [Show full text]
  • Ghost: Fast & Flexible User-Space Delegation of Linux Scheduling
    ghOSt: Fast & Flexible User-Space Delegation of Linux Scheduling Jack Tigar Humphries Neel Natu Ashwin Chaugule Google Google Google Ofir Weisse Barret Rhoden Josh Don Google Google Google Luigi Rizzo Oleg Rombakh Paul Turner Google Google Google Christos Kozyrakis Stanford University Abstract types can substantially improve key metrics such as latency, We present ghOSt, our infrastructure for delegating kernel throughput, hard/soft real-time characteristics, energy effi- scheduling decisions to userspace code. ghOSt is designed ciency, cache interference, and security [1–26]. For example, to support the rapidly evolving needs of our data center the Shinjuku request scheduler [25] optimized highly disper- workloads and platforms. sive workloads – workloads with a mix of short and long Improving scheduling decisions can drastically improve requests – improving request tail latency and throughput the throughput, tail latency, scalability, and security of im- by an order of magnitude. The Tableau scheduler for virtual portant workloads. However, kernel schedulers are difficult machine workloads [23] demonstrated improved throughput to implement, test, and deploy efficiently across a large fleet. by 1.6× and latency by 17× under multi-tenant scenarios. Recent research suggests bespoke scheduling policies, within The Caladan scheduler [21] focused on resource interference custom data plane operating systems, can provide compelling between foreground low-latency apps and background best performance results in a data center setting. However, these effort apps, improving network request tail latency byas gains have proved difficult to realize as it is impractical to much as 11,000×. To mitigate recent hardware vulnerabil- deploy a custom OS image(s) at an application granularity, ities [27–32], cloud platforms running multi-tenant hosts particularly in a multi-tenant environment, limiting the prac- had to rapidly deploy new core-isolation policies, isolating tical applications of these new techniques.
    [Show full text]
  • Linux Distrib Vendors Make Patches Available for GHOST 29 January 2015, by Nancy Owano
    Linux distrib vendors make patches available for GHOST 29 January 2015, by Nancy Owano patches were available from Linux distributions, he added, in the Tuesday posting. What is "glibc"? This is the Gnu C library and a core part of the OS. "The vulnerability is in one of the functions of glibc," said Sarwate, where a buffer overflows.The vulnerability can be triggered locally and remotely from any of the gethostbyname*() functions. So what's the risk? An attacker, said Sarwate, could send a malicious email to an email server and get a remote shell to the Linux machine. The good news is that most Linux vendors have released patches. "So the best way to mitigate this issue," said Sarwate, "is to apply a patch from your Linux distribution." Gavin Millard, technical director of Tenable Network Security, told the Telegraph: "Patches are being released for the major Linux distributions and should be applied with a priority on any vulnerable systems with services that can be reached from the Internet." Qualys said on Tuesday that there was a serious Sarwate said the vulnerability is called "GHOST" weakness in the Linux glibc library. During a code because of the GetHOST functions by which the audit, Qualys researchers discovered a buffer flaw can be exploited. The vulnerability has a overflow in the __nss_hostname_digits_dots() history; it was found some years ago and it was function of glibc. The weakness can allow fixed but it was not classified as a security attackers to remotely take control of the victim's vulnerability. Nonetheless, as of Tuesday, system without any prior knowledge of system distributions have released patches, said Sarwate, credentials.
    [Show full text]
  • Formal Verification for High Assurance Software: a Case Study Using the SPARK Auto-Active Verification Oolsett
    Air Force Institute of Technology AFIT Scholar Theses and Dissertations Student Graduate Works 3-2021 Formal Verification for High Assurance Software: A Case Study Using the SPARK Auto-Active Verification oolsetT Ryan M. Baity Follow this and additional works at: https://scholar.afit.edu/etd Part of the Software Engineering Commons Recommended Citation Baity, Ryan M., "Formal Verification for High Assurance Software: A Case Study Using the SPARK Auto- Active Verification oolset"T (2021). Theses and Dissertations. 4886. https://scholar.afit.edu/etd/4886 This Thesis is brought to you for free and open access by the Student Graduate Works at AFIT Scholar. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of AFIT Scholar. For more information, please contact [email protected]. Formal Verification for High Assurance Software: A Case Study Using the SPARK Auto-Active Verification Toolset THESIS Ryan M Baity, Second Lieutenant, USAF AFIT-ENG-MS-21-M-009 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson Air Force Base, Ohio DISTRIBUTION STATEMENT A APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. The views expressed in this document are those of the author and do not reflect the official policy or position of the United States Air Force, the United States Department of Defense or the United States Government. This material is declared a work of the U.S. Government and is not subject to copyright protection in the United States. AFIT-ENG-MS-21-M-009 FORMAL VERIFICATION FOR HIGH ASSURANCE SOFTWARE: A CASE STUDY USING THE SPARK AUTO-ACTIVE VERIFICATION TOOLSET THESIS Presented to the Faculty Department of Electrical and Computer Engineering Graduate School of Engineering and Management Air Force Institute of Technology Air University Air Education and Training Command in Partial Fulfillment of the Requirements for the Degree of Master of Science in Cyber Operations Ryan M Baity, B.S.C.S.
    [Show full text]
  • SCONE: Secure Linux Containers with Intel
    SCONE: Secure Linux Containers with Intel SGX Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, and Andre Martin, Technische Universität Dresden; Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, and Mark L Stillwell, Imperial College London; David Goltzsche, Technische Universität Braunschweig; Dave Eyers, University of Otago; Rüdiger Kapitza, Technische Universität Braunschweig; Peter Pietzuch, Imperial College London; Christof Fetzer, Technische Universität Dresden https://www.usenix.org/conference/osdi16/technical-sessions/presentation/arnautov This paper is included in the Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’16). November 2–4, 2016 • Savannah, GA, USA ISBN 978-1-931971-33-1 Open access to the Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation is sponsored by USENIX. SCONE: Secure Linux Containers with Intel SGX Sergei Arnautov1, Bohdan Trach1, Franz Gregor1, Thomas Knauth1, Andre Martin1, Christian Priebe2, Joshua Lind2, Divya Muthukumaran2, Dan O’Keeffe2, Mark L Stillwell2, David Goltzsche3, David Eyers4,Rudiger¨ Kapitza3, Peter Pietzuch2, and Christof Fetzer1 1Fakultat¨ Informatik, TU Dresden, [email protected] 2Dept. of Computing, Imperial College London, [email protected] 3Informatik, TU Braunschweig, [email protected] 4Dept. of Computer Science, University of Otago, [email protected] Abstract mechanisms focus on protecting the environment from accesses by untrusted containers. Tenants, however, In multi-tenant environments, Linux containers managed want to protect the confidentiality and integrity of their by Docker or Kubernetes have a lower resource footprint, application data from accesses by unauthorized parties— faster startup times, and higher I/O performance com- not only from other containers but also from higher- pared to virtual machines (VMs) on hypervisors.
    [Show full text]
  • Schnek: a C++ Library for the Development of Parallel Simulation Codes on Regular Grids.” Computer Physics Communications, Vol
    This is the author’s final, peer-reviewed manuscript as accepted for publication (AAM). The version presented here may differ from the published version, or version of record, available through the publisher’s website. This version does not track changes, errata, or withdrawals on the publisher’s site. Schnek: A C++ library for the development of parallel simulation codes on regular grids Holger Schmitz Published version information Citation: H Schmitz. “Schnek: A C++ library for the development of parallel simulation codes on regular grids.” Computer Physics Communications, vol. 226 (2018): 151-164. DOI: 10.1016/j.cpc.2017.12.023 ©2018. This manuscript version is made available under the CC-BY-NC-ND 4.0 Licence. This version is made available in accordance with publisher policies. Please cite only the published version using the reference above. This is the citation assigned by the publisher at the time of issuing the AAM. Please check the publisher’s website for any updates. This item was retrieved from ePubs, the Open Access archive of the Science and Technology Facilities Council, UK. Please contact [email protected] or go to http://epubs.stfc.ac.uk/ for further information and policies. Schnek: A C++ library for the development of parallel simulation codes on regular grids Holger Schmitza,∗ aCentral Laser Facility, STFC, Rutherford Appleton Laboratory, Didcot, Oxon., OX11 0QX Abstract A large number of algorithms across the field of computational physics are formulated on grids with a regular topology. We present Schnek, a library that enables fast development of parallel simulations on regular grids. Schnek contains a number of easy-to-use modules that greatly reduce the amount of administrative code for large-scale simulation codes.
    [Show full text]