DOCSLIB.ORG

Ghost: Fast & Flexible User-Space Delegation of Linux Scheduling

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ghost: Fast & Flexible User-Space Delegation of Linux Scheduling ghOSt: Fast & Flexible User-Space Delegation of Linux Scheduling Jack Tigar Humphries Neel Natu Ashwin Chaugule Google Google Google Ofir Weisse Barret Rhoden Josh Don Google Google Google Luigi Rizzo Oleg Rombakh Paul Turner Google Google Google Christos Kozyrakis Stanford University Abstract types can substantially improve key metrics such as latency, We present ghOSt, our infrastructure for delegating kernel throughput, hard/soft real-time characteristics, energy effi- scheduling decisions to userspace code. ghOSt is designed ciency, cache interference, and security [1–26]. For example, to support the rapidly evolving needs of our data center the Shinjuku request scheduler [25] optimized highly disper- workloads and platforms. sive workloads – workloads with a mix of short and long Improving scheduling decisions can drastically improve requests – improving request tail latency and throughput the throughput, tail latency, scalability, and security of im- by an order of magnitude. The Tableau scheduler for virtual portant workloads. However, kernel schedulers are difficult machine workloads [23] demonstrated improved throughput to implement, test, and deploy efficiently across a large fleet. by 1.6× and latency by 17× under multi-tenant scenarios. Recent research suggests bespoke scheduling policies, within The Caladan scheduler [21] focused on resource interference custom data plane operating systems, can provide compelling between foreground low-latency apps and background best performance results in a data center setting. However, these effort apps, improving network request tail latency byas gains have proved difficult to realize as it is impractical to much as 11,000×. To mitigate recent hardware vulnerabil- deploy a custom OS image(s) at an application granularity, ities [27–32], cloud platforms running multi-tenant hosts particularly in a multi-tenant environment, limiting the prac- had to rapidly deploy new core-isolation policies, isolating tical applications of these new techniques. shared processor state between applications. ghOSt provides general-purpose delegation of schedul- Designing, implementing, and deploying new scheduling ing policy to userspace processes in a Linux environment. policies across a large fleet is an exacting task. It requires de- ghOSt provides state encapsulation, communication, and velopers to design policies capable of balancing the specific action mechanisms that allow complex expression of sched- performance requirements of many applications. The imple- uling policies within a userspace agent, while assisting in mentation must conform with a complex kernel architecture, synchronization. Programmers use any language to develop and errors will, in many cases, crash the entire system or and optimize policies, which are modified without a host otherwise severely impede performance due to unintended reboot. ghOSt supports a wide range of scheduling models, side effects [33]. Even when successful, the disruptive nature from per-CPU to centralized, run-to-completion to preemp- of an upgrade carries its own opportunity cost in host and tive, and incurs low overheads for scheduling actions. We application down-time. This creates a challenging conflict demonstrate ghOSt’s performance on both academic and between risk-minimization and progress. real-world workloads. We show that by using ghOSt instead Prior attempts to improve performance and reduce com- of the kernel scheduler, we can quickly achieve comparable plexity in the kernel by designing userspace solutions have throughput and latency while enabling policy optimization, significant shortcomings: they require substantial modifi- non-disruptive upgrades, and fault isolation for our data- cation of application implementation [1, 10, 21, 25, 34, 35], center workloads. We open-source our implementation to require dedicated resources in order to be highly respon- enable future research and development based on ghOSt. sive [1, 21, 25], or otherwise require application-specific kernel modifications [1, 2, 10, 21, 25, 34–37]. 1 Introduction Although Linux does support multiple scheduling imple- mentations; tailoring, maintaining, and deploying a different CPU scheduling plays an important role in application perfor- mechanism for every different application is impractical to mance and security. Tailoring policies for specific workload 1 Kernel User ghOSt supports concurrent execution of multiple policies, Workload space space fault isolation, and allocation of CPU resources to different Optional scheduling hints applications. Importantly, to enable practical transition of Thread/CPU Messages existing systems in the fleet to use ghOSt, it co-exists with Kernel ghOSt agents Status words other schedulers running in the kernel, such as CFS (§3.4). We demonstrate that ghOSt enables us to define various ghOSt Transactions scheduling class CPU scheduling policies leading to performance comparable or better than Syscalls decisions existing schedulers on both academic and production work- loads (§4). We characterize the overheads of key ghOSt op- erations (§4.1) – showing that ghOSt’s overheads are only Figure 1. Overview of ghOSt. a few hundred nanoseconds higher than comparable sched- ulers. We evaluate ghOSt by implementing centralized and preemptive policies for `s-scale workloads that lead to high manage on a large fleet. One of our goals is to formalize throughput and low tail latency in the presence of high re- what kernel modifications are required to enable a plethora quest dispersion [10, 25] and antagonists [1, 21] (§4.2). We of optimizations (and experimentation) in userspace, on a compare ghOSt to Shinjuku [25], a specialized modern data stable kernel ABI. plane, to show ghOSt’s minimal overhead and competitive Further, the hardware landscape is ever changing, stress- `s-scale performance (within 5% of Shinjuku) and while sup- ing existing scheduling abstraction models [38] originally porting a broader set of workloads, including multi-tenancy. designed to manage simpler systems. Schedulers must evolve We also implement a policy for our production packet- to support these rapid changes: increasing core counts, new switching framework used in our data centers, leading to sharing properties (e.g., SMT), and heterogeneous systems comparable and in some cases 5-30% better tail latency than (e.g. big.LITTLE[39]). NUMA properties of even a single- the soft real-time scheduler used today (§4.3). Lastly, we socket platform continue to increase (e.g., chiplets [40]). Com- implement a ghOSt policy for machines running our pro- pute offloads such as AWS Nitro [41] and DPUs [42] as well duction, massive-scale database, which serves billions of as domain-specific accelerators such as GPUs and TPUs[43] requests per day (§4.4). For that workload, we show for both are new types of tightly coupled compute devices that exist throughput and latency that ghOSt matches and often out- entirely beyond the domain of a classical scheduler. We need performs by 40-50% the kernel scheduling policy we use a paradigm to more efficiently support the evolving prob- today by customizing to the workload’s machine topology in lem domain than is possible today with monolithic kernel <1000 total lines of code. With ghOSt, scheduling strategies implementations. — previously requiring extensive kernel modification — can In this paper, we present the design of ghOSt and its eval- be implemented in just 10s or 100s of lines of code. uation on production and academic use-cases. ghOSt is a scheduler for native OS threads that delegates policy de- cisions to userspace. The goal of ghOSt is to fundamentally 2 Background & Design Goals change how scheduling policies are designed, implemented, and Large cloud providers and users (e.g., cloud clients) are mo- deployed. ghOSt provides the agility of userspace development tivated to deploy new scheduling policies to optimize per- and ease of deployment, while still enabling `s-scale schedul- formance for key workloads running on increasingly com- ing. ghOSt provides abstraction and interface for userspace plex hardware topologies, and provide protection against software to define complex scheduling policies, from the new hardware vulnerabilities such as Spectre [29–32] and per-CPU model to a system-wide (centralized) model. Impor- L1TF/MDS [27, 31, 44] by isolating untrusted threads on tantly, ghOSt decouples the kernel scheduling mechanism separate physical cores. from policy definition. The mechanism resides in the kernel Scheduling in Linux. Linux supports implementing mul- and rarely changes. The policy definition resides in userspace tiple policies via scheduling classes [7]. Classes are ordered and rapidly changes. We open-source our implementation by their priority: a thread scheduled with a higher priority to enable future research and development using ghOSt. class will preempt a thread scheduled with a lower prior- By scheduling native threads, ghOSt supports existing ap- ity class. To optimize performance of specific applications, plications without any changes. In ghOSt (Fig. 1), the schedul- developers can modify a scheduling class to better fit the ap- ing policy logic runs within normal Linux processes, denoted plication’s needs, e.g., prioritizing the application’s threads to as agents, which interact with the kernel via the ghOSt API. reduce network latency [21] or scheduling the application’s The kernel notifies the agent(s) of state changes for all man- threads using real-time policies to meet deadlines [45] for
Load more

Recommended publications
  • Confine: Automated System Call Policy Generation for Container
    Confine: Automated System Call Policy Generation for Container Attack Surface Reduction Seyedhamed Ghavamnia Tapti Palit Azzedine Benameur Stony Brook University Stony Brook University Cloudhawk.io Michalis Polychronakis Stony Brook University Abstract The performance gains of containers, however, come to the Reducing the attack surface of the OS kernel is a promising expense of weaker isolation compared to VMs. Isolation be- defense-in-depth approach for mitigating the fragile isola- tween containers running on the same host is enforced purely in tion guarantees of container environments. In contrast to software by the underlying OS kernel. Therefore, adversaries hypervisor-based systems, malicious containers can exploit who have access to a container on a third-party host can exploit vulnerabilities in the underlying kernel to fully compromise kernel vulnerabilities to escalate their privileges and fully com- the host and all other containers running on it. Previous con- promise the host (and all the other containers running on it). tainer attack surface reduction efforts have relied on dynamic The trusted computing base in container environments analysis and training using realistic workloads to limit the essentially comprises the entire kernel, and thus all its set of system calls exposed to containers. These approaches, entry points become part of the attack surface exposed to however, do not capture exhaustively all the code that can potentially malicious containers. Despite the use of strict potentially be needed by future workloads or rare runtime software isolation mechanisms provided by the OS, such as conditions, and are thus not appropriate as a generic solution. capabilities [1] and namespaces [18], a malicious tenant can Aiming to provide a practical solution for the protection leverage kernel vulnerabilities to bypass them.
    [Show full text]
  • Operating System Support for Run-Time Security with a Trusted Execution Environment
    Operating System Support for Run-Time Security with a Trusted Execution Environment - Usage Control and Trusted Storage for Linux-based Systems - by Javier Gonz´alez Ph.D Thesis IT University of Copenhagen Advisor: Philippe Bonnet Submitted: January 31, 2015 Last Revision: May 30, 2015 ITU DS-nummer: D-2015-107 ISSN: 1602-3536 ISBN: 978-87-7949-302-5 1 Contents Preface8 1 Introduction 10 1.1 Context....................................... 10 1.2 Problem....................................... 12 1.3 Approach...................................... 14 1.4 Contribution.................................... 15 1.5 Thesis Structure.................................. 16 I State of the Art 18 2 Trusted Execution Environments 20 2.1 Smart Cards.................................... 21 2.1.1 Secure Element............................... 23 2.2 Trusted Platform Module (TPM)......................... 23 2.3 Intel Security Extensions.............................. 26 2.3.1 Intel TXT.................................. 26 2.3.2 Intel SGX.................................. 27 2.4 ARM TrustZone.................................. 29 2.5 Other Techniques.................................. 32 2.5.1 Hardware Replication........................... 32 2.5.2 Hardware Virtualization.......................... 33 2.5.3 Only Software............................... 33 2.6 Discussion...................................... 33 3 Run-Time Security 36 3.1 Access and Usage Control............................. 36 3.2 Data Protection................................... 39 3.3 Reference
    [Show full text]
  • Master Thesis
    Charles University in Prague Faculty of Mathematics and Physics MASTER THESIS Petr Koupý Graphics Stack for HelenOS Department of Distributed and Dependable Systems Supervisor of the master thesis: Mgr. Martin Děcký Study programme: Informatics Specialization: Software Systems Prague 2013 I would like to thank my supervisor, Martin Děcký, not only for giving me an idea on how to approach this thesis but also for his suggestions, numerous pieces of advice and significant help with code integration. Next, I would like to express my gratitude to all members of Hele- nOS developer community for their swift feedback and for making HelenOS such a good plat- form for works like this. Finally, I am very grateful to my parents and close family members for supporting me during my studies. I declare that I carried out this master thesis independently, and only with the cited sources, literature and other professional sources. I understand that my work relates to the rights and obligations under the Act No. 121/2000 Coll., the Copyright Act, as amended, in particular the fact that the Charles University in Pra- gue has the right to conclude a license agreement on the use of this work as a school work pursuant to Section 60 paragraph 1 of the Copyright Act. In Prague, March 27, 2013 Petr Koupý Název práce: Graphics Stack for HelenOS Autor: Petr Koupý Katedra / Ústav: Katedra distribuovaných a spolehlivých systémů Vedoucí diplomové práce: Mgr. Martin Děcký Abstrakt: HelenOS je experimentální operační systém založený na mikro-jádrové a multi- serverové architektuře. Před započetím této práce již HelenOS obsahoval početnou množinu moderně navržených subsystémů zajišťujících různé úkoly v rámci systému.
    [Show full text]
  • An Operating System Architecture for Intra-Kernel Privilege Separation
    Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation Nathan Dautenhahn1, Theodoros Kasampalis1, Will Dietz1, John Criswell2, and Vikram Adve1 1University of Illinois at Urbana-Champaign, 2University of Rochester fdautenh1, kasampa2, wdietz2, [email protected], [email protected] Abstract 1. Introduction Monolithic operating system designs undermine the security Critical information protection design principles, e.g., fail- of computing systems by allowing single exploits anywhere safe defaults, complete mediation, least privilege, and least in the kernel to enjoy full supervisor privilege. The nested common mechanism [34, 40, 41], have been well known kernel operating system architecture addresses this problem for several decades. Unfortunately, monolithic commodity by “nesting” a small isolated kernel within a traditional operating systems (OSes), like Windows, Mac OS X, Linux, monolithic kernel. The “nested kernel” interposes on all and FreeBSD, lack sufficient protection mechanisms with updates to virtual memory translations to assert protections which to adhere to these design principles. As a result, on physical memory, thus significantly reducing the trusted these OS kernels define and store access control policies in computing base for memory access control enforcement. We main memory which any code executing within the kernel incorporated the nested kernel architecture into FreeBSD can modify. The impact of this default, shared-everything on x86-64 hardware while allowing the entire operating environment is that the entirety of the kernel, including system, including untrusted components, to operate at the potentially buggy device drivers [12], forms a single large highest hardware privilege level by write-protecting MMU trusted computing base (TCB) for all applications on the translations and de-privileging the untrusted part of the system.
    [Show full text]
  • Towards a Formally Verified Microkernel Using the VCC Verifier
    Towards a Formally Verified Microkernel using the VCC Verifier Joaquim Jose´ e Silva de Carvalho Tojal Submitted to University of Beira Interior in candidature for the degree of Master in Computer Science Supervised by Simao˜ Melo de Sousa Co-supervised by Jose´ Miguel Faria Department of Computer Science University of Beira Interior Covilha,˜ Portugal http://www.di.ubi.pt Acknowledgements I would like to express my deep thank to all those who in one way or another, contributed to the achievement of this work, in particular: To my supervisor, Professor Simao˜ Melo de Sousa, for scientific guidance and support that has always had, without which the achievement of this work would not be possible. To my co-supervisor, Jose´ Miguel Faria, for the availability, interest, guidance and friend- ship that has always had and that was very important to the success of this work. To Andre´ Passos by the friendship and constant support. To all my colleagues in Critical Software who helped me with xLuna. To Critical Software for giving me the opportunity to develop this thesis in a company like that, which was a very enriching experience. To my girlfriend, Rita, for the patience and care she had for me throughout this period, for the help, support and constant encouragement. To my parents, Marilia and Adriano, and my brother, Ricardo, for their trust and care that always gave me and for all the support, because without it would never have gotten where I am. For all of you: Thanks! iii iv Abstract In this thesis we present the design by contract modular approach to formal verification of an industrial real-time microkernel which was not designed with formal verification in mind.
    [Show full text]
  • The Journal for the International Ada Community
    TThehe journaljournal forfor thethe internationalinternational AdaAda communitycommunity AdaAda UserUser Volume 41 Journal Number 1 Journal March 2020 Editorial 3 Quarterly News Digest 4 Conference Calendar 21 Forthcoming Events 29 Anniversary Articles J. Barnes From Byron to the Ada Language 31 C. Brandon CubeSat, the Experience 36 B.M. Brosgol How to Succeed in the Software Business while Giving Away the Source Code: The AdaCore Experience 43 Special Contribution J. Cousins ARG Work in Progress IV 47 Proceedings of the Workshop on Challenges and New Approaches for Dependable and Cyber-Physical Systems of Ada-Europe 2019 L. Nogueira, A. Barros, C. Zubia, D. Faura, D. Gracia Pérez, L.M. Pinho Non-functional Requirements in the ELASTIC Architecture 51 Puzzle J. Barnes Forty Years On and Going Strong 57 Produced by Ada-Europe Editor in Chief António Casimiro University of Lisbon, Portugal [email protected] Ada User Journal Editorial Board Luís Miguel Pinho Polytechnic Institute of Porto, Portugal Associate Editor [email protected] Jorge Real Universitat Politècnica de València, Spain Deputy Editor [email protected] Patricia López Martínez Universidad de Cantabria, Spain Assistant Editor [email protected] Kristoffer N. Gregertsen SINTEF, Norway Assistant Editor [email protected] Dirk Craeynest KU Leuven, Belgium Events Editor [email protected] Alejandro R. Mosteo Centro Universitario de la Defensa, Zaragoza, Spain News Editor [email protected] Ada-Europe Board Tullio Vardanega (President) Italy University
    [Show full text]
  • Implementing Molecular Dynamics on Hybrid High Performance Computers - Short Range Forces
    Implementing Molecular Dynamics on Hybrid High Performance Computers - Short Range Forces W. Michael Browna,∗, Peng Wangb, Steven J. Plimptonc, Arnold N. Tharringtond aNational Center for Computational Sciences, Oak Ridge National Laboratory, Oak Ridge, Tennessee, USA bNVIDIA, Santa Clara, CA, USA cSandia National Laboratory, Albuquerque, New Mexico, USA dNational Center for Computational Sciences, Oak Ridge National Laboratory, Oak Ridge, Tennessee, USA Abstract The use of accelerators such as graphics processing units (GPUs) has become popular in scientific computing applications due to their low cost, impressive floating-point capabilities, high memory bandwidth, and low electrical power requirements. Hybrid high- performance computers, machines with more than one type of floating-point processor, are now becoming more prevalent due to these advantages. In this work, we discuss several important issues in porting a large molecular dynamics code for use on parallel hybrid machines - 1) choosing a hybrid parallel decomposition that works on central processing units (CPUs) with distributed memory and accelerator cores with shared memory, 2) minimizing the amount of code that must be ported for efficient acceleration, 3) utilizing the available processing power from both multi-core CPUs and accelerators, and 4) choosing a programming model for acceleration. We present our solution to each of these issues for short-range force calculation in the molecular dynamics package LAMMPS, however, the methods can be applied in many molecular dynamics codes. Specifically, we describe algorithms for efficient short range force calculation on hybrid high-performance machines. We describe an approach for dynamic load balancing of work between CPU and accelerator cores. We describe the Geryon library that allows a single code to compile with both CUDA and OpenCL for use on a variety of accelerators.
    [Show full text]
  • Linux Distrib Vendors Make Patches Available for GHOST 29 January 2015, by Nancy Owano
    Linux distrib vendors make patches available for GHOST 29 January 2015, by Nancy Owano patches were available from Linux distributions, he added, in the Tuesday posting. What is "glibc"? This is the Gnu C library and a core part of the OS. "The vulnerability is in one of the functions of glibc," said Sarwate, where a buffer overflows.The vulnerability can be triggered locally and remotely from any of the gethostbyname*() functions. So what's the risk? An attacker, said Sarwate, could send a malicious email to an email server and get a remote shell to the Linux machine. The good news is that most Linux vendors have released patches. "So the best way to mitigate this issue," said Sarwate, "is to apply a patch from your Linux distribution." Gavin Millard, technical director of Tenable Network Security, told the Telegraph: "Patches are being released for the major Linux distributions and should be applied with a priority on any vulnerable systems with services that can be reached from the Internet." Qualys said on Tuesday that there was a serious Sarwate said the vulnerability is called "GHOST" weakness in the Linux glibc library. During a code because of the GetHOST functions by which the audit, Qualys researchers discovered a buffer flaw can be exploited. The vulnerability has a overflow in the __nss_hostname_digits_dots() history; it was found some years ago and it was function of glibc. The weakness can allow fixed but it was not classified as a security attackers to remotely take control of the victim's vulnerability. Nonetheless, as of Tuesday, system without any prior knowledge of system distributions have released patches, said Sarwate, credentials.
    [Show full text]
  • Formal Verification for High Assurance Software: a Case Study Using the SPARK Auto-Active Verification Oolsett
    Air Force Institute of Technology AFIT Scholar Theses and Dissertations Student Graduate Works 3-2021 Formal Verification for High Assurance Software: A Case Study Using the SPARK Auto-Active Verification oolsetT Ryan M. Baity Follow this and additional works at: https://scholar.afit.edu/etd Part of the Software Engineering Commons Recommended Citation Baity, Ryan M., "Formal Verification for High Assurance Software: A Case Study Using the SPARK Auto- Active Verification oolset"T (2021). Theses and Dissertations. 4886. https://scholar.afit.edu/etd/4886 This Thesis is brought to you for free and open access by the Student Graduate Works at AFIT Scholar. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of AFIT Scholar. For more information, please contact [email protected]. Formal Verification for High Assurance Software: A Case Study Using the SPARK Auto-Active Verification Toolset THESIS Ryan M Baity, Second Lieutenant, USAF AFIT-ENG-MS-21-M-009 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson Air Force Base, Ohio DISTRIBUTION STATEMENT A APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. The views expressed in this document are those of the author and do not reflect the official policy or position of the United States Air Force, the United States Department of Defense or the United States Government. This material is declared a work of the U.S. Government and is not subject to copyright protection in the United States. AFIT-ENG-MS-21-M-009 FORMAL VERIFICATION FOR HIGH ASSURANCE SOFTWARE: A CASE STUDY USING THE SPARK AUTO-ACTIVE VERIFICATION TOOLSET THESIS Presented to the Faculty Department of Electrical and Computer Engineering Graduate School of Engineering and Management Air Force Institute of Technology Air University Air Education and Training Command in Partial Fulfillment of the Requirements for the Degree of Master of Science in Cyber Operations Ryan M Baity, B.S.C.S.
    [Show full text]
  • SCONE: Secure Linux Containers with Intel
    SCONE: Secure Linux Containers with Intel SGX Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, and Andre Martin, Technische Universität Dresden; Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, and Mark L Stillwell, Imperial College London; David Goltzsche, Technische Universität Braunschweig; Dave Eyers, University of Otago; Rüdiger Kapitza, Technische Universität Braunschweig; Peter Pietzuch, Imperial College London; Christof Fetzer, Technische Universität Dresden https://www.usenix.org/conference/osdi16/technical-sessions/presentation/arnautov This paper is included in the Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’16). November 2–4, 2016 • Savannah, GA, USA ISBN 978-1-931971-33-1 Open access to the Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation is sponsored by USENIX. SCONE: Secure Linux Containers with Intel SGX Sergei Arnautov1, Bohdan Trach1, Franz Gregor1, Thomas Knauth1, Andre Martin1, Christian Priebe2, Joshua Lind2, Divya Muthukumaran2, Dan O’Keeffe2, Mark L Stillwell2, David Goltzsche3, David Eyers4,Rudiger¨ Kapitza3, Peter Pietzuch2, and Christof Fetzer1 1Fakultat¨ Informatik, TU Dresden, [email protected] 2Dept. of Computing, Imperial College London, [email protected] 3Informatik, TU Braunschweig, [email protected] 4Dept. of Computer Science, University of Otago, [email protected] Abstract mechanisms focus on protecting the environment from accesses by untrusted containers. Tenants, however, In multi-tenant environments, Linux containers managed want to protect the confidentiality and integrity of their by Docker or Kubernetes have a lower resource footprint, application data from accesses by unauthorized parties— faster startup times, and higher I/O performance com- not only from other containers but also from higher- pared to virtual machines (VMs) on hypervisors.
    [Show full text]
  • Schnek: a C++ Library for the Development of Parallel Simulation Codes on Regular Grids.” Computer Physics Communications, Vol
    This is the author’s final, peer-reviewed manuscript as accepted for publication (AAM). The version presented here may differ from the published version, or version of record, available through the publisher’s website. This version does not track changes, errata, or withdrawals on the publisher’s site. Schnek: A C++ library for the development of parallel simulation codes on regular grids Holger Schmitz Published version information Citation: H Schmitz. “Schnek: A C++ library for the development of parallel simulation codes on regular grids.” Computer Physics Communications, vol. 226 (2018): 151-164. DOI: 10.1016/j.cpc.2017.12.023 ©2018. This manuscript version is made available under the CC-BY-NC-ND 4.0 Licence. This version is made available in accordance with publisher policies. Please cite only the published version using the reference above. This is the citation assigned by the publisher at the time of issuing the AAM. Please check the publisher’s website for any updates. This item was retrieved from ePubs, the Open Access archive of the Science and Technology Facilities Council, UK. Please contact [email protected] or go to http://epubs.stfc.ac.uk/ for further information and policies. Schnek: A C++ library for the development of parallel simulation codes on regular grids Holger Schmitza,∗ aCentral Laser Facility, STFC, Rutherford Appleton Laboratory, Didcot, Oxon., OX11 0QX Abstract A large number of algorithms across the field of computational physics are formulated on grids with a regular topology. We present Schnek, a library that enables fast development of parallel simulations on regular grids. Schnek contains a number of easy-to-use modules that greatly reduce the amount of administrative code for large-scale simulation codes.
    [Show full text]
  • Virtual Ghost: Protecting Applications from Hostile Operating Systems
    Virtual Ghost: Protecting Applications from Hostile Operating Systems John Criswell Nathan Dautenhahn Vikram Adve University of Illinois at University of Illinois at University of Illinois at Urbana-Champaign Urbana-Champaign Urbana-Champaign [email protected] [email protected] [email protected] Abstract Categories and Subject Descriptors D.4.6 [Operating Sys- Applications that process sensitive data can be carefully de- tems]: Security and Protection signed and validated to be difficult to attack, but they are General Terms Security usually run on monolithic, commodity operating systems, which may be less secure. An OS compromise gives the Keywords software security; inlined reference monitors; attacker complete access to all of an application’s data, re- software fault isolation; control-flow integrity; malicious op- gardless of how well the application is built. We propose a erating systems new system, Virtual Ghost, that protects applications from a compromised or even hostile OS. Virtual Ghost is the first 1. Introduction system to do so by combining compiler instrumentation and Applications that process sensitive data on modern commod- run-time checks on operating system code, which it uses to ity systems are vulnerable to compromises of the under- create ghost memory that the operating system cannot read lying system software. The applications themselves can be or write. Virtual Ghost interposes a thin hardware abstrac- carefully designed and validated to be impervious to attack. tion layer between the kernel and the hardware that provides However, all major commodity operating systems use large a set of operations that the kernel must use to manipulate monolithic kernels that have complete access to and control hardware, and provides a few trusted services for secure ap- over all system resources [9, 25, 32, 34].
    [Show full text]