DOCSLIB.ORG

SPDK Performance in a Nutshell

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
SPDK Performance in a Nutshell Karol Latecki John Kariuki SPDK, PMDK, Intel® Performance Analyzers Virtual Forum Agenda I/O Performance Performance and Efficiency 1 Workloads Local Storage Performance Test case and objectives 2 Performance Test tools, environment and optimizations Storage over Ethernet Performance Test case and objectives 3 Performance Test tools, environment and optimizations Virtualized Storage Performance Test case and objectives 4 Performance Test tools, environment and optimizations SPDK, PMDK, Intel® Performance Analyzers Virtual Forum 2 SPDK I/O Performance Efficiency & Scalability Latency I/O per sec from 1 thread Average I/O core scalability Tail(P90, P99, P99.99) 3 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum 4 KiB 128 KiB Local Storage Performance 100% Random Read 100% Seq Read Storage over Ethernet Performance 100% Random Write 100% Seq Write Virtualized Storage Performance 70%/30% Random Read/Write 70%/30% Seq Read/Write 4 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum https://spdk.io/doc/performance_reports.html The Performance Reports 5 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum SPDK, PMDK, Intel® Performance Analyzers Virtual Forum Local Block Storage Objectives: • Measure SPDK NVMe BDEV performance • Compare SPDK vs. Linux Kernel (libaio, io_uring) block layers SPDK Perf/FIO Test Cases: 1. I/O per second from one thread SPDK 2. I/O core scalability SPDK NVMe 3. SPDK vs. Kernel Latency BDEV 4. IOPS vs. Latency SPDK NVMe Driver Intel® TLC Test case execution automated with test/nvme/perf/run_perf.sh 3D NAND SSD 7 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum SPDK NVMe SPDK NVMe BDEV IOPS 1 CPU Core BDEV I/O 4 KB Rand Read @ QD=128 Efficiency. 6000.00 5000.00 4000.00 3000.00 (Higher is Better) (Higher IOPS IOPS (Thousands) 2000.00 1000.00 0.00 1 2 4 6 8 10 Number of SSDs Single Core IOPS scale linearly as number of SSDs increases up to 8 Maximum IOPS/Core: 5.2 million at 10 SSDs. 8 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum See configuration details – Slide 33 SPDK NVMe BDEV I/O Core Scalability Lockless I/O path - IOPS Scale linearly with addition of I/O Cores 9 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum See configuration details – Slide 33 [global] direct=1 thread=1 ---- bs=4096 Minimize number of I/O numjobs=1 threads runtime=300 ramp_time=60 [filename0] NUMA iodepth=192 cpus_allowed=0 filename=Nvme0n1 filename=Nvme1n1 Tools: fio, bdevperf, nvmeperf filename=Nvme2n1 filename=Nvme3n1 filename=Nvme4n1 filename=Nvme5n1 10 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum fio Industry standard High flexibility Lots of I/O metrics Why SPDK SPDK perf tools perf tools? Less flexibility Optimized for I/O submission and completion. Up to 2x more IOPS/Core SPDK, PMDK, Intel® Performance Analyzers Virtual Forum IOPS vs. Latency - 4 I/O Cores IOPS vs. Average Latency 4 KB Random Read (4 I/O Cores) 12.00 2,000.00 1,800.00 10.00 1,600.00 1,400.00 8.00 1,200.00 6.00 1,000.00 IOPS(millions) 800.00 (Lower (Lower is better) (Higher Better) is 4.00 Ave. Latency (usec) 600.00 400.00 2.00 200.00 0.00 0.00 1 2 4 8 16 32 64 128 Queue Depth SPDK Fio Bdev IOPS Kernel Libaio IOPS Kernel IO Uring IOPS SPDK Avg. Latency (usecs) Kernel Libaio Avg. Latency (usecs) Kernel IO Uring Avg. Latency (usecs) SPDK BDEV up to 2.9x and 5.8x more IOPS/Core vs. io_uring and libaio respectively 12 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum See configuration details – Slide 33 • Intel Server System R2224WFTZS • 2 x Intel® Xeon® Gold 6230N Processor (2.30 GHz, 20 cores per socket) • 384 GB 2933MHz DDR4 RAM • 24 x Intel® SSD DC P4610 1.6TB NVMe 13 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum Why Benchmark each release? Measure Measure Validate performance on performance after performance new HW SW optimizations impact of new (SSDs, CPUs, NICs) features 14 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum SPDK, PMDK, Intel® Performance Analyzers Virtual Forum Block Storage over Ethernet SPDK and Linux NVMe-oF Test Cases: Performance 1. SPDK NVMe-oF target I/O core scalability 2. SPDK NVMe-oF initiator I/O core scalability 3. Latency and Interoperability of SPDK and Kernel RDMA & TCP Transports components 4. Performance with increasing number of connections Interoperability performance testing Automation scripts: spdk/scripts/perf/nvmf/run_nvmf.py 16 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum Target: Storage and Network NVMe• -oF Initiator 1 NVMe-oF Initiator 1 (SPDK/Linux Kernel) (SPDK/Linux Kernel) QSFP28 Cables QSFP28 Cables (direct connection) (direct connection) Host: many CPU cores 100GbE NIC1 100GbE NIC2 (CPU Socket 0) (CPU Socket 1) NVMe-oF Target (SPDK/Linux Kernel) Benchmark tool: fio PCIe Switch 1 PCIe Switch 2 (CPU Socket 0) (CPU Socket 1) 8x Intel P4610 SSDs 8x Intel P4610 SSDs 17 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum Over 100 Gbps 8 Target CPU Core saturate 100Gbps – 4KB Random Read Data from SPDK NVMe-oF TCP 21.01 Performance Report 18 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum See configuration details – Slide 33 SPDK relative efficiency up to 2x better with increasing number of connections. Data from SPDK NVMe-oF TCP 21.01 Performance Report 19 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum See configuration details – Slide 33 SPDK NVMe-oF TCP Target Core Scaling 128k Read Workload 180.00 160.00 140.00 120.00 100.00 80.00 BANDWIDTH 60.00 (GBPS, BETTER) IS HIGHER (GBPS, 40.00 20.00 0.00 1 4 8 # OF CPU CORES SPDK NVMe-oF TCP 20.01 SPDK NVMe-oF TCP 20.04 MSG_ZEROCOPY doubled performance of a single CPU SPDK Target process. Data from SPDK NVMe-oF TCP 20.01 and 20.04 performance reports. 20 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum See configuration details – Slide 33 •Hardware NUMA alignment •BIOS & OS performance settings •NIC IRQ Affinity settings •TCP/IPv4 Linux Sysctl settings 21 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum SPDK, PMDK, Intel® Performance Analyzers Virtual Forum Virtualized Storage The test cases: SPDK& Kernel Vhost 1. SPDK Vhost single core VM saturation Performance 2. SPDK Vhost I/O Core Scalability 3. VM Density–SPDK & Kernel Vhost VM Density 4. Latency vs IOPS with increasing Queue Depth 5. Performance Tuning: ▪ Link Time Optimization Optimizations ▪ Qemu Packed Rings More on SPDK Vhost: https://spdk.io/doc/vhost.html 23 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum VM0 VM1 VM(N-1) VM N Vhost-Scsi&Virtio-Blk lvol0 lvol1 . lvol(N-1) lvolN SPDK Vhost lvol NVMe Bdev & Logical lvol0 lvol1 . lvoln Volumes (n-1) Nvme0n1 . Nvme23n1 QEMU/KVM; up to 36 VMs Local NVMe SSDs 24 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum Up to 1.8 million IOPS on 1 CPU Core. Linear scaling with addition of I/O cores. Data from SPDK Vhost 21.01 Performance Report 25 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum See configuration details – Slide 33 SPDK Vhost able to serve required IO with high number of VMs. Data from SPDK Vhost 21.01 Performance Report SPDK, PMDK, Intel® Performance Analyzers Virtual Forum 26 See configuration details – Slide 33 +1.8% +5.4% +7.6% +6.2% +5.4% Data from SPDK Vhost 21.01 Performance Report SPDK, PMDK, Intel® Performance Analyzers Virtual Forum 27 See configuration details – Slide 33 • Benchmark Tool:fio in client-server mode • Automation script: Benchmarking Tools test/vhost/perf_bench/vhost_perf.sh • Test optimizations: Optimizations • NUMA alignment • Fiomeasurementoptions • Resource limiting(cgroups) 28 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum SPDK, PMDK, Intel® Performance Analyzers Virtual Forum Continous Performance • Run in SPDK Continuous Integration • Uses same scripts as for quarterly benchmark reports • Currently covers Vhost, NVMe-oF TCP and NVMe-oF RDMA 30 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum See configuration details – Slide 33 • Performance & Power: Using dynamic scheduler to measure IOPS/Watt • NVMe over vfio-user performance • Container Storage performance • Data Services Performance: Compress bdev, Crypto bdev 31 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum Q&A SPDK, PMDK, Intel® Performance Analyzers Virtual Forum Local Storage (Slides 8,9,12) & Virtualized Storage (Slides 25-27):Test by Intel as of 2/10/2021. 1-node, 2x Intel® Xeon® Gold 6230N Processor, 20 cores HT On Turbo ON Total Memory 384 GB (12 slots/ 32GB/ 2933 MHz), BIOS: SE5C620.86B.02.01.0013.121520200651 (ucode:0x4003003), Fedora 33, Linux Kernel 5.10.19-200, gcc 9.3.1 compiler, fio 3.19, SPDK 21.01, Storage: 24x Intel® SSD DC P4610 1.6TB. Network Storage (Slides 18 - 20):Test by Intel as of 2/10/2021. Target Node: 1-node, 2x Intel® Xeon® Gold 6230 Processor, 20 cores HT On Turbo ON Total Memory 384 GB (12 slots/ 32GB/ 2933 MHz), BIOS: 3.4 (ucode:0x5003003), Fedora 33, Linux Kernel 5.8.15-300, gcc 9.3.1 compiler, fio 3.19, SPDK 21.01, Storage: 16x Intel® SSD DC P4610 1.6TB, Network: 2x 100 GbE Mellanox ConnectX-5. Host Nodes: 2-nodes, 2x Intel® Xeon® Gold 6252 Processor, 24 cores HT On Turbo ON Total Memory 192 GB (6 slots/ 32GB/ 2933 MHz), BIOS: 3.4 (ucode:0x5003003), Fedora 33, Linux Kernel 5.8.15-300, gcc 9.3.1 compiler, fio 3.19, SPDK 21.01, Network: 1x 100 GbE Mellanox ConnectX-5 33 SPDK, PMDK, Intel® Performance Analyzers Virtual Forum • • Automated metric collection with SAR scripts/perf/nvmf/run_nvmf.py • SAR CPU utilization measurement on Target side Bwm-ng • bwm-ng to measure bandwidth utilization on network interfaces PCM • PCM measurements on Target side include CPU, memory and power consumption.
Load more

Recommended publications
  • Chapter 3. Booting Operating Systems
    Chapter 3. Booting Operating Systems Abstract: Chapter 3 provides a complete coverage on operating systems booting. It explains the booting principle and the booting sequence of various kinds of bootable devices. These include booting from floppy disk, hard disk, CDROM and USB drives. Instead of writing a customized booter to boot up only MTX, it shows how to develop booter programs to boot up real operating systems, such as Linux, from a variety of bootable devices. In particular, it shows how to boot up generic Linux bzImage kernels with initial ramdisk support. It is shown that the hard disk and CDROM booters developed in this book are comparable to GRUB and isolinux in performance. In addition, it demonstrates the booter programs by sample systems. 3.1. Booting Booting, which is short for bootstrap, refers to the process of loading an operating system image into computer memory and starting up the operating system. As such, it is the first step to run an operating system. Despite its importance and widespread interests among computer users, the subject of booting is rarely discussed in operating system books. Information on booting are usually scattered and, in most cases, incomplete. A systematic treatment of the booting process has been lacking. The purpose of this chapter is to try to fill this void. In this chapter, we shall discuss the booting principle and show how to write booter programs to boot up real operating systems. As one might expect, the booting process is highly machine dependent. To be more specific, we shall only consider the booting process of Intel x86 based PCs.
    [Show full text]
  • Openswitch OPX Configuration Guide Release 3.0.0 2018 - 9
    OpenSwitch OPX Configuration Guide Release 3.0.0 2018 - 9 Rev. A02 Contents 1 Network configuration....................................................................................................................................4 2 Interfaces...................................................................................................................................................... 5 Physical ports..................................................................................................................................................................... 5 Fan-out interfaces..............................................................................................................................................................6 Port-channel and bond interfaces....................................................................................................................................7 VLAN interfaces................................................................................................................................................................. 7 Port profiles.........................................................................................................................................................................8 3 Layer 2 bridging............................................................................................................................................10 VLAN bridging...................................................................................................................................................................10
    [Show full text]
  • Devt: Let the Device Talk
    Iowa State University Capstones, Theses and Creative Components Dissertations Summer 2020 DevT: Let the Device Talk Chander Bhushan Gupta Follow this and additional works at: https://lib.dr.iastate.edu/creativecomponents Part of the Data Storage Systems Commons Recommended Citation Gupta, Chander Bhushan, "DevT: Let the Device Talk" (2020). Creative Components. 585. https://lib.dr.iastate.edu/creativecomponents/585 This Creative Component is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Creative Components by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. DevT: Let the Device Talk by Chander Bhushan Gupta A Creative Component submitted to the graduate faculty in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Major: Computer Engineering Program of Study Committee: Mai Zheng, Major Professor The student author, whose presentation of the scholarship herein was approved by the program of study committee, is solely responsible for the content of this creative component. The Graduate College will ensure this creative component is globally accessible and will not permit alterations after a degree is conferred. Iowa State University Ames, Iowa 2020 Copyright c Chander Bhushan Gupta, 2020. All rights reserved. ii TABLE OF CONTENTS Page LIST OF TABLES . iv LIST OF FIGURES . .v ACKNOWLEDGMENTS . vii ABSTRACT . viii CHAPTER 1. INTRODUCTION . .1 1.1 Motivation . .3 1.2 Related Work . .5 1.3 Outline . .6 CHAPTER 2. REVIEW OF LITERATURE . .7 2.1 Why FEMU? .
    [Show full text]
  • User Space TCP - Getting LKL Ready for the Prime Time
    User Space TCP - Getting LKL Ready for the Prime Time H.K. Jerry Chu, Yuan Liu Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA [email protected], [email protected] Abstract ets destined for Google services may be initiated from a for- eign stack installed by a cloud customer running directly in- Running the networking stack in the user space is not new. The side Google’s data center. If these “guest” packets created by conventional wisdom is that the network stack must bypass the untrusted stacks are allowed into our internal networks un- kernel in order to meet the performance requirements of a class of applications that demand super-low latency. changed, and terminated directly by the Linux kernel TCP stack running on our internal servers, it poses a very high se- This paper describes an experiment we’ve undertaken to pro- vide a production- strength user space TCP stack for a different curity risk. On the other hand, forcing all the guest packets use case inside Googles internal production network. to route through GFEs in order to subject them to the rigor- We choose a Linux based open source project called Linux ous checks and filtering is undesirable, both from the cost and Kernel Library (LKL) as a base for our effort, and have made performance stand points. significant contribution to it since late last year, improving both Running a TCP stack in the user space to terminate guest its quality and performance. During the time, we discovered a connections provides a solution that much reduces our expo- number of architectural constraints inherited in the LKL’s cur- sure to the security risk, from the whole OS kernel down to rent design and implementation, and gained valuable insights a single user process.
    [Show full text]
  • Block Devices and Volume Management in Linux
    Block devices and volume management in Linux Krzysztof Lichota [email protected] L i n u x b l o c k d e v i c e s l a y e r ● Linux block devices layer is pretty flexible and allows for some interesting features: – Pluggable I/O schedulers – I/O prioritizing (needs support from I/O scheduler) – Remapping of disk requests (Device Mapper) – RAID – Various tricks (multipath, fault injection) – I/O tracing (blktrace) s t r u c t b i o ● Basic block of I/O submission and completion ● Can represent large contiguous memory regions for I/O but also scattered regions ● Scattered regions can be passed directly to disks capable of scatter/gather ● bios can be split, merged with other requests by various levels of block layer (e.g. split by RAID, merged in disk driver with other disk requests) s t r u c t b i o f i e l d s ● bi_sector – start sector of I/O ● bi_size – size of I/O ● bi_bdev – device to which I/O is sent ● bi_flags – I/O flags ● bi_rw – read/write flags and priority ● bi_io_vec – memory scatter/gather vector ● bi_end_io - function called when I/O is completed ● bi_destructor – function called when bio is to be destroyed s t r u c t b i o u s a g e ● Allocate bio using bio_alloc() or similar function ● Fill in necessary fields (start, device, ...) ● Initialize bio vector ● Fill in end I/O function to be notified when bio completes ● Call submit_bio()/generic_make_request() ● Example: process_read() in dm-crypt O t h e r I / O s u b m i s s i o n f u n c t i o n s ● Older interfaces for submitting I/O are supported (but deprecated),
    [Show full text]
  • Red Hat Enterprise Linux 7 Performance Tuning Guide
    Red Hat Enterprise Linux 7 Performance Tuning Guide Monitoring and optimizing subsystem throughput in RHEL 7 Last Updated: 2021-08-31 Red Hat Enterprise Linux 7 Performance Tuning Guide Monitoring and optimizing subsystem throughput in RHEL 7 Milan Navrátil Red Hat Customer Content Services Laura Bailey Red Hat Customer Content Services Charlie Boyle Red Hat Customer Content Services Edited by Marek Suchánek Red Hat Customer Content Services [email protected] Legal Notice Copyright © 2018 Red Hat, Inc. This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
    [Show full text]
  • Remote-Serial-Console-HOWTO.Pdf
    Remote Serial Console HOWTO Glen Turner Australian Academic and Research Network <[email protected]> Mark F. Komarinski <mkomarinskiATwayga.org> v2.6 2003−03−31 Revision History Revision 2.6 2003−03−31 Revised by: gdt Correct opposing CTS/RTS explanations. Use <quote> in markup. TLDP PDF is now good, so remove instructions for rendering PostScript to PDF. Typo in GRUB configuration. Revision 2.5 2003−01−20 Revised by: gdt Only one console per technology type. Setting timezone. Use off parameter rather than comments in inittab. Cable lengths. Revision 2.4 2002−10−03 Revised by: gdt Kernel flow control bug, more cabling, Debian, Livingston Portmaster, typos (especially those found during translation to Japanese). Revision 2.3 2002−07−11 Revised by: gdt Updates for Red Hat Linux 7.3, corrections to serial port speeds and UARTs, ioctlsave. Revision 2.2 2002−05−22 Revised by: gdt Minor changes Revision 2.1 2002−05−16 Revised by: gdt Corrections to kernel console syntax. Addition of USB and devfs. Revision 2.0 2002−02−02 Revised by: gdt Second edition. Revision d1.0 2001−03−20 Revised by: mfk First edition. An RS−232 serial console allows Linux to be controlled from a terminal or modem attached to an asynchronous serial port. The monitor, mouse and keyboard are no longer required for system administration. Serial consoles are useful where Linux systems are deployed at remote sites or are deployed in high−density racks. This HOWTO describes how to configure Linux to attach a serial console. Dedication Glen Turner would like to thank his family for allowing him to work on this project for the surprisingly large number of evenings which it took to write this HOWTO.
    [Show full text]
  • Guide to IP Layer Network Administration with Linux Version 0.4.5 Martin A
    Guide to IP Layer Network Administration with Linux Version 0.4.5 Martin A. Brown Guide to IP Layer Network Administration with Linux: Version 0.4.5 Martin A. Brown Publication date 2007-Mar-14 Copyright © 2002, 2003 Martin A. Brown Abstract This guide provides an overview of many of the tools available for IP network administration of the linux operating system, kernels in the 2.2 and 2.4 series. It covers Ethernet, ARP, IP routing, NAT, and other topics central to the management of IP networks. Table of Contents Introduction ..................................................................................................................... xiv 1. Target Audience, Assumptions, and Recommendations ................................................ xiv 2. Conventions ......................................................................................................... xiv 3. Bugs and Roadmap ................................................................................................ xv 4. Technical Note and Summary of Approach ................................................................ xv 5. Acknowledgements and Request for Remarks ............................................................. xv I. Concepts ......................................................................................................................... 1 1. Basic IP Connectivity ............................................................................................... 4 1. IP Networking Control Files .............................................................................
    [Show full text]
  • HP Smart Update Firmware DVD User Guide
    HP Smart Update Firmware DVD User Guide Abstract This guide is intended for individuals who are familiar with the configuration and operation of Microsoft Windows, Windows Server, Windows XP, Windows Vista, smart components, and deployment of firmware and software to systems and options. Part Number: 447788-404 March 2011 Edition: 13 © Copyright 2007, 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. Microsoft, Windows, Windows Server, Windows XP, and Windows Vista are U.S. registered trademarks of Microsoft Corporation. Contents Introduction .................................................................................................................................. 5 HP Smart Update Firmware DVD overview ................................................................................................... 5 Minimum requirements ..............................................................................................................................
    [Show full text]
  • 31 Network Security, Threats, Authentication, Authorization, and Securing Devices
    31 network Security, threats, authentication, authorization, and Securing devices WenbIn Luo IntroductIon by intercepting the network traffic, keyboard logging, or simply guessing, then the attacker can get into all their other Nowadays, almost all the information is stored electroni- accounts that share the same password. Also, if an insider in cally in computers, network servers, mobile devices, or one system compromises their password, their accounts in other storage media. We cannot protect electronic infor- other systems are also compromised. mation in a cabinet in the same way we protected physical In this chapter, first, we will review private key encryp- documents in the past. We have to come up with new tech- tion and public key encryption techniques. Then, we will give niques to protect the information from unauthorized access, examples of how to perform private key encryption, public use, or manipulation. The easiest way to protect electronic key encryption, and digital signing using GPG. Second, we data is to encrypt it so that people cannot figure out what will discuss some of the threats, which a computer system it contains without knowing the secret keys. Over the last or user may face, and how they work. Third, we will exam- several decades, two major types of encryption techniques ine some existing authentication techniques and take a look have been invented: private key encryption and public key at various authorization methods, especially those used on a encryption. Linux system. Finally, the last topic will be on how to secure Private key encryption, which is also called symmetric devices. encryption, scrambles the original data with a secret key.
    [Show full text]
  • FUZE: Towards Facilitating Exploit Generation for Kernel Use-After
    FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities Wei Wu, University of Chinese Academy of Sciences; Pennsylvania State University; Institute of Information Engineering, Chinese Academy of Sciences; Yueqi Chen, Jun Xu, and Xinyu Xing, Pennsylvania State University; Xiaorui Gong and Wei Zou, University of Chinese Academy of Sciences; Institute of Information Engineering, Chinese Academy of Sciences https://www.usenix.org/conference/usenixsecurity18/presentation/wu-wei This paper is included in the Proceedings of the 27th USENIX Security Symposium. August 15–17, 2018 • Baltimore, MD, USA ISBN 978-1-939133-04-5 Open access to the Proceedings of the 27th USENIX Security Symposium is sponsored by USENIX. FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities Wei Wu?1,2,3, Yueqi Chen2, Jun Xu2, Xinyu Xing2∗, Xiaorui Gong1,3∗, and Wei Zou1,3 1School of Cyber Security, University of Chinese Academy of Sciences 2College of Information Sciences and Technology, Pennsylvania State University 3{CAS-KLONAT,† BKLONSPT‡}, Institute of Information Engineering, Chinese Academy of Sciences {wuwei, gongxiaorui, zouwei}@iie.ac.cn, {yxc431, jxx13, xxing}@ist.psu.edu Abstract 1 Introduction Software vendors usually prioritize their bug remedia- It is very rare for a software team to ever have suf- tion based on ease of their exploitation. However, accu- ficient resources to address every single software bug. rately determining exploitability typically takes tremen- As a result, software vendors such as Microsoft [13] dous hours and requires significant manual efforts. To ad- and Ubuntu [28] design and develop various strategies dress this issue, automated exploit generation techniques for prioritizing their remediation work.
    [Show full text]
  • Security for Linux on System Z
    Front cover Security for Linux on System z Learn about the new cryptography functions in the CEX3C Deploy security-related technologies in Linux on System z Understand protected key cryptography Lydia Parziale Jonathan Barney Vic Cross William Johnston Eduardo Kienetz Eric Marins Nilesh Patel Sri Venkatesen ibm.com/redbooks International Technical Support Organization Security for Linux on System z January 2013 SG24-7728-01 Note: Before using this information and the product it supports, read the information in “Notices” on page ix. Second Edition (January 2013) This edition applies to Version 6, Release 2, RSU 1101 of z/VM, SUSE Linux Enterprise Server version 11 Service Pack 2 and Red Hat Enterprise Linux version 6.2. © Copyright International Business Machines Corporation 2010, 2013. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . ix Trademarks . .x Preface . xi The team who wrote this book . xii Now you can become a published author, too! . xiii Comments welcome. xiii Stay connected to IBM Redbooks . xiv Chapter 1. Introduction. 1 1.1 Hardware configuration . 2 1.2 z/VM configuration . 2 1.3 Other software used . 2 1.4 Disk storage configurations. 2 Chapter 2. The z/VM security management support utilities . 3 2.1 The need for security management in z/VM . 4 2.1.1 Scaling up the proof-of-concept . 4 2.2 External security management . 4 2.2.1 z/VM internal security . 4 2.2.2 Reasons to use an ESM . 5 2.2.3 Selective enablement of an ESM .
    [Show full text]