OPINION SYSTEMS WEB SYSADMIN HARDWARE COLUMNS BOOK REVIEWS Book Reviews CONFERENCES

Total Page:16

File Type:pdf, Size:1020Kb

OPINION SYSTEMS WEB SYSADMIN HARDWARE COLUMNS BOOK REVIEWS Book Reviews CONFERENCES J U N E 2 0 1 0 V O L U M E 3 5 N U M B E R 3 OPINION Musings 2 Rik Farrow SyStemS MINIX 3: Status Report and Current Research 7 andRew Tanenbaum, Raja appuswa my, HeRbert bos, LoRenzo Cavall aRo, THE USENIX MAGAZINE CRisTiano Giuffrida , T o m ásˇ H R u by´ , jorriT HeRdeR, Erik van deR kouwe, and david van mooLenbRoek Web 3D Web Contenders 14 jim sanGwine SySadmin Programming with Technological Ritual and Alchemy 22 Alva L . Couch Building a Virtual DNS Appliance Using Solaris 10, BIND, and VMware 27 andRew seeLy LISA: Beginning the Journey 35 m att simmons HardWare Small Embedded Systems 38 Rudi van Drunen COlumns Practical Perl Tools: Making Stuff Up 48 david n. Bl ank-edeL m an Pete’s All Things Sun: Exadata V2 Architecture and Why It Matters 54 peTeR baeR GaLvin iVoyeur: Pockets-o-Packets, Part 1 59 dave josepHsen /dev/random: Five Common Misconceptions About information Security 63 Robert G. Ferrell book revIews Book Reviews 65 Br andon CHinG and sa m StoveR uSenix NOTES Notice of Annual Meeting 67 Results of the Election for the USENIX Board of Directors, 2010–2012 67 Writing for ;login: 68 ConferenceS FAST ’10: 8th USENIX Conference on File and Storage ­Technologies 69 First USENIX Workshop on Sustainable Information Technology (SustainIT ’10) 89 2nd USENIX Workshop on the Theory and Practice of Provenance (TaPP ’10) 96 The Advanced Computing Systems Association june10covers.indd 1 5.10.10 10:26 AM Upcoming Events 19th USENIX SEcUrIty Symposium 9th USENIX Symposium oN opErating SyStEmS (USENIX SEcUrIty ’10) desigN aNd ImplEmentatIoN (oSdI ’10) august 11–13, 2010, washington, DC, USA Sponsored by USENIX in cooperation with ACM SIGOPS http://www.usenix.org/sec10 oCtober 4–6, 2010, VanCouVer, bC, CanaDa http://www.usenix.org/osdi10 2010 ElEctronic Voting tEchNology WorkShop/ WorkShop oN trustWorthy ElEctIons (EVt/ WorkShopS co-locatEd with oSdI ’10: WOTE ’10) Sixth WorkShop oN hot topIcS in SyStEm Co-located with USENIX Security ’10 dEpendabIlIty (hotdEp ’10) august 9–10, 2010, washington, DC, USA http://www.usenix.org/evtwote10 http://www.usenix.org/hotdep10 EtWorkS yStEmS aNd ompUtatIoN 3rd WorkShop oN cybEr SEcUrIty EXpErImentatIoN N , S , c Et coN aNd test (cSEt ’10) (N E ’10) Co-located with USENIX Security ’10 Sponsored by USENIX in cooperation with ACM SIGecom august 9, 2010, washington, DC, USA http://www.usenix.org/netecon10 http://www.usenix.org/cset10 2010 WorkShop oN thE EcoNomIcS of 5th 4th USENIX WorkShop oN offensive tEchNologies INtErNatIoNal WorkShop oN SyStEmS SoftWarE (WOOT ’10) VErIfIcatIoN (SSV ’10) Co-located with USENIX Security ’10 http://www.usenix.org/ssv10 august 9, 2010, washington, DC, USA orkShop oN aNaging yStEmS via og http://www.usenix.org/woot10 W m S l aNalysis aNd machine lEarning tEchniques 2010 WorkShop oN collaborative mEthodS for (SLAML ’10) EcUrIty aNd rivacy oll Ec S p (c S ’10) http://www.usenix.org/slaml10 Co-located with USENIX Security ’10 and sponsored by USENIX and Deutsche Telekom 24th largE InstallatIoN SyStEm administratIoN august 10, 2010, washington, DC, USA coNfErencE (lISa ’10) http://www.usenix.org/collsec10 Sponsored by USENIX in cooperation with LOPSA and SNIA noVeMber 7–12, 2010, san jose, Ca, USA 1St USENIX WorkShop oN hEalth SEcUrIty aNd http://www.usenix.org/lisa10 privacy (hEalthSEc ’10) Co-located with USENIX Security ’10 9th USENIX coNfErencE oN fIlE aNd StoragE august 10, 2010, washington, DC, USA tEchNologies (FASt ’11) http://www.usenix.org/healthsec10 Sponsored by USENIX in cooperation with ACM SIGOPS February 15–18, 2011, san jose, Ca, USA 5th USENIX WorkShop oN hot topIcS in SEcUrIty http://www.usenix.org/fast11 ot Ec (h S ’10) Submissions due: September 2, 2010 Co-located with USENIX Security ’10 august 10, 2010, washington, DC, USA 8th USENIX Symposium oN NEtWorkEd SyStEmS http://www.usenix.org/hotsec10 desigN aNd ImplEmentatIoN (NSdI ’11) MarCh 30–april 1, 2011, boston, Ma, USA fIfth WorkShop oN SEcUrIty mEtrIcS http://www.usenix.org/nsdi11 (mEtrIcoN 5.0) Co-located with USENIX Security ’10 august 10, 2010, washington, DC, USA http://www.securitymetrics.org/content/wiki. jsp?page=Metricon5.0 For a complete list of all USENIX & USENIX co-sponsored events, see http://www.usenix.org/events. june10covers.indd 2 5.10.10 10:26 AM OPINION Musings 2 R RROIk FA w Sy StemS MINIX 3: Status Report and Current Research 7 A NdRew TANeNbAum , R A JA AppuswA my, HeRbeRT bOs, LOReNzO CAvALLARO, CRIsTIANO GIuFFRIdA , T O m ásˇ H R u by´ , JORRIT HeRdeR, eRIk vAN deR kOuwe, ANd dAvId vAN mOOLeNbROek Web 3D Web Contenders 14 contents J ANGIm s wINe Sy N SadmI Programming with Technological Ritual and Alchemy 22 A LvA L. COuCH Building a Virtual DNS Appliance Using Solaris 10, BIND, and VMware 27 A NdRew seeLy LISA: Beginning the Journey 35 mI AT T s mmONs Hard Ware Small Embedded Systems 38 RudvN I A dRuNeN VOL. 35, #3, June 2010 Editor ;login: is the official C SOlumN Practical Perl Tools: Making Stuff Up 48 Rik Farrow magazine of the Da vId N. bLANk-edeLm AN [email protected] USENIX Association. Pete’s All Things Sun: Exadata V2 Managing Editor ;login: (ISSN 1044-6397) is Architecture and Why It Matters 54 published bi-monthly by the Jane-Ellen Long pAeTeR b eR GALvIN [email protected] USENIX Association, 2560 Ninth Street, Suite 215, iVoyeur: Pockets-o-Packets, Part 1 59 Copy Editor Berkeley, CA 94710. Steve Gilmartin Da ve JOsepHseN [email protected] $90 of each member’s annual dues is for an annual sub- /dev/random: Five Common Misconceptions produCtion scription to ;login:. Subscrip- About information Security 63 Casey Henderson tions for nonmembers are ReT Ob R G. FeRReLL Jane-Ellen Long $125 per year. Jennifer Peterson Periodicals postage paid at t ypEsEt tEr Berkeley, CA, and additional bO O k revIeWS Book Reviews 65 Star Type offices. bRN ANdO CHING ANd sA m sTOveR [email protected] POSTMASTER: Send address usEniX assoCiation changes to ;login:, uIOSeN x N teS Notice of Annual Meeting 67 2560 Ninth Street, USENIX Association, Suite 215, Berkeley, 2560 Ninth Street, California 94710 Results of the Election for the USENIX Suite 215, Berkeley, Board of Directors, 2010–2012 67 Phone: (510) 528-8649 CA 94710. FAX: (510) 548-5738 ©2010 USENIX Association Writing for ;login: 68 http://www.usenix.org http://www.sage.org USENIX is a registered trade- CN O fereN eS mark of the USENIX Associa- FAST ’10: 8th USENIX Conference on File tion. Many of the designations and Storage Technologies 69 used by manufacturers and sellers to distinguish their First USENIX Workshop on Sustainable products are claimed as trade- Information Technology (SustainIT ’10) 89 marks. USENIX acknowledges 2nd USENIX Workshop on the Theory and all trademarks herein. Where those designations appear in Practice of Provenance (TaPP ’10) 96 this publication and USENIX is aware of a trademark claim, the designations have been printed in caps or initial caps. ; LOGIN : JuNe 2010 ARTICLe TITLe 1 articles.indd 1 5.7.10 9:45 AM In my February 2010 column [1], I took a humorous look at the future of R i k Fa R R o w computing. I let my imagination go wild, as my candidate for the future of system administration, Chuck, dealt with the vari- ous issues that arose during a workday. Of course, the picture really isn’t as rosy as I made it out to be. For example, the organic, musings in-wall system might take at least 20 years Rik is the Editor of ;login:. before it becomes practical. And if a system [email protected] with equivalent power were built using today’s technology, Chuck would have been quickly roasted—that is, if the wall itself didn’t melt down first. You have likely heard of the walls of power and memory that current system and CPU designers are facing. Clock speeds are not getting much faster, as faster clock speeds mean more power dissipated as heat. At 120 watts per centimeter squared, Chuck’s office wall would need to radiate megawatts of power if each centimeter produced the equivalent processing power found in today’s server-class CPUs. But, on a more practical level, just dealing with cooling one 120 watt chip is difficult enough without making big changes in how servers are designed. The wall of memory continues because SDRAM has not improved in performance nearly as fast as processors have. And with multicore chips, there are now many processors sharing the memory bandwidth from the same SDRAM. System design- ers can optimize potential bandwidth by hav- ing multiple memory controllers and pathways to memory, and this does help some of the time. But the problem still exists: in programs that are memory intensive and that have poor spatial local- ity, CPU cores will be stalled waiting for memory. There are actually two other walls that haven’t been mentioned but are equally important when consid- ering the future of system designs: cost and history. These walls are related, as we shall see. Multicore The current designs for overcoming the walls of memory and power require having more than a single core in each CPU. Each core can run at a lower clock rate, and this reduces the power re- quired. And by slowing down the processors, they won’t be stalled for as many cycles—but they will 2 ; LOGIN : vOL . 35, NO. 3 articles.indd 2 5.7.10 9:45 AM still have to wait for memory. Clever cache design, having multiple threads backed by their own register sets, helps to hide memory latency by keeping the cores busy, as was done by Sun in their Niagara chips [2] and Intel with HyperThreading.
Recommended publications
  • Automatic Sandboxing of Unsafe Software Components in High Level Languages
    Master Thesis Automatic Sandboxing of Unsafe Software Components in High Level Languages Benjamin Lamowski Technische Universität Dresden Fakultät Informatik Institut für Systemarchitektur Professur Betriebssysteme Betreuender Hochschullehrer: Prof. Dr. rer. nat. Hermann Härtig Betreuender Mitarbeiter: Dr. Carsten Weinhold 3. Mai 2017 Aufgabenstellung Neue “sichere“ Programmiersprachen wie Go, Swift oder Rust wurden nicht nur für die normale Anwendungsentwicklung entworfen, sondern sie zielen auch auf eine hochper- formante Ausführung und Programmierung vergleichsweise systemnaher Funktionalität ab. Eine attraktive Eigenschaft beispielsweise von Rust ist das gegenüber C und C++ deutlich strengere Speicherverwaltungsmodell, bei dem bereits zur Kompilierzeit der Lebenszyklus und die Erreichbarkeit von Objekten sowie die Zuständigkeit für deren Allokation und Deallokation wohldefiniert sind. Ganze Klassen von Programmfehlern wie etwa Buffer Overflows oder Dereferenzierung ungültige Zeiger werden dadurch eliminiert und die Programme mithin sicherer und robuster. Aus diversen Gründen müssen Programme, die in sicheren Sprachen geschriebenen wurden, aber oftmals auf “unsicheren“ Legacy-Code zurückgreifen. So bietet etwa Rust über das “unsafe“-Sprachelement die Möglichkeit, Funktionen innerhalb von Bibliotheken aufzurufen, die in fehleranfälligem C geschrieben sind. Leider werden die vom Com- piler durchgesetzten Garantien der sicheren Sprache hinfällig, sobald im Code einer C-Bibliothek ein Speicherfehler auftritt. Ein Schreibzugriff etwa durch
    [Show full text]
  • A Microkernel API for Fine-Grained Decomposition
    A Microkernel API for Fine-Grained Decomposition Sebastian Reichelt Jan Stoess Frank Bellosa System Architecture Group, University of Karlsruhe, Germany freichelt,stoess,[email protected] ABSTRACT from the microkernel APIs in existence. The need, for in- Microkernel-based operating systems typically require spe- stance, to explicitly pass messages between servers, or the cial attention to issues that otherwise arise only in dis- need to set up threads and address spaces in every server for tributed systems. The resulting extra code degrades per- parallelism or protection require OS developers to adopt the formance and increases development effort, severely limiting mindset of a distributed-system programmer rather than to decomposition granularity. take advantage of their knowledge on traditional OS design. We present a new microkernel design that enables OS devel- Distributed-system paradigms, though well-understood and opers to decompose systems into very fine-grained servers. suited for physically (and, thus, coarsely) partitioned sys- We avoid the typical obstacles by defining servers as light- tems, present obstacles to the fine-grained decomposition weight, passive objects. We replace complex IPC mecha- required to exploit the benefits of microkernels: First, a nisms by a simple function-call approach, and our passive, lot of development effort must be spent into matching the module-like server model obviates the need to create threads OS structure to the architecture of the selected microkernel, in every server. Server code is compiled into small self- which also hinders porting existing code from monolithic sys- contained files, which can be loaded into the same address tems. Second, the more servers exist | a desired property space (for speed) or different address spaces (for safety).
    [Show full text]
  • A Practical UNIX Capability System
    A Practical UNIX Capability System Adam Langley <[email protected]> 22nd June 2005 ii Abstract This report seeks to document the development of a capability security system based on a Linux kernel and to follow through the implications of such a system. After defining terms, several other capability systems are discussed and found to be excellent, but to have too high a barrier to entry. This motivates the development of the above system. The capability system decomposes traditionally monolithic applications into a number of communicating actors, each of which is a separate process. Actors may only communicate using the capabilities given to them and so the impact of a vulnerability in a given actor can be reasoned about. This design pattern is demonstrated to be advantageous in terms of security, comprehensibility and mod- ularity and with an acceptable performance penality. From this, following through a few of the further avenues which present themselves is the two hours traffic of our stage. Acknowledgments I would like to thank my supervisor, Dr Kelly, for all the time he has put into cajoling and persuading me that the rest of the world might have a trick or two worth learning. Also, I’d like to thank Bryce Wilcox-O’Hearn for introducing me to capabilities many years ago. Contents 1 Introduction 1 2 Terms 3 2.1 POSIX ‘Capabilities’ . 3 2.2 Password Capabilities . 4 3 Motivations 7 3.1 Ambient Authority . 7 3.2 Confused Deputy . 8 3.3 Pervasive Testing . 8 3.4 Clear Auditing of Vulnerabilities . 9 3.5 Easy Configurability .
    [Show full text]
  • On the Construction of Reliable Device Drivers Leonid Ryzhyk
    On the Construction of Reliable Device Drivers Leonid Ryzhyk Ph.D. 2009 ii iii ‘I hereby declare that this submission is my own work and to the best of my knowledge it contains no materials previously pub- lished or written by another person, or substantial proportions of material which have been accepted for the award of any other degree or diploma at UNSW or any other educational institution, except where due acknowledgement is made in the thesis. Any contribution made to the research by others, with whom I have worked at UNSW or elsewhere, is explicitly acknowledged in the thesis. I also declare that the intellectual content of this the- sis is the product of my own work, except to the extent that as- sistance from others in the project’s design and conception or in style, presentation, and linguistic expression is acknowledged.’ Signed .................................. Date .................................. iv Abstract This dissertation is dedicated to the problem of device driver reliability. Software defects in device drivers constitute the biggest source of failure in operating systems, causing sig- nificant damage through downtime and data loss. Previous research on driver reliability has concentrated on detecting and mitigating defects in existing drivers using static analysis or runtime isolation. In contrast, this dissertation presents an approach to reducing the number of defects through an improved device driver architecture and development process. In analysing factors that contribute to driver complexity and induce errors, I show that a large proportion of errors are due to two key shortcomings in the device-driver architecture enforced by current operating systems: poorly-defined communication protocols between drivers and the operating system, which confuse developers and lead to protocol violations, and a multithreaded model of computation, which leads to numerous race conditions and deadlocks.
    [Show full text]
  • Executive Summary
    Mobile Commerce Security: Legal & Technological Perspectives Michael Triguboff Table of Contents EXECUTIVE SUMMARY 4 INTRODUCTION 7 The Need for Security 11 PART I TECHNOLOGY 12 Client-Side Vulnerabilities 12 Browser Software 13 Java Applets 14 ActiveX controls 16 JavaScript 18 Plug-Ins and Graphic Files 18 Push technology 18 Web Server Security 19 Front-end 20 Firewalls 22 Back-end Database vulnerabilities 23 Server- Side Middleware 24 Operating System Problems 25 Hardened versions of Operating Systems 36 Distributed systems 37 Software Testing 38 Mobile Commerce Issues 43 Device Properties 43 Wireless Communication 45 Wireless Communication Protocols 47 Ad Hoc Networks 49 Ad Hoc Networks and Key Management 51 Network Protection in Ad Hoc Networks 54 Location Dependent Information and Mobile Computing 55 Mobile Agents 56 Protecting the Host from the Mobile Agent 59 Safe Code Interpretation 61 Digital Signatures 63 Proof Carrying Code 63 Path Histories 64 Software-Based Fault Isolation [“Sandboxing”] 64 Protecting the Agent From the Host and Other Agents 64 Secure Control of Remote Agents 65 Read-Only/Append-Only 65 Partial Results Encapsulation 66 Code Obfuscation 67 Computing with Encrypted Functions 67 Environmental Key Generation 68 Execution Tracing 68 Itinerary Recording 69 Security Through Shared Secrets and Interlocking 69 Other Approaches 69 Attacks Based on Device Limitations 71 2 Prevention, Detection and Reaction 71 Intrusion Detection 72 Intrusion Detection and Mobile Agents 75 Part I Conclusion 76 PART 11 THE LEGAL PERSPECTIVE 80 The Debate: A Confluence of Two Streams 81 Uniform Electronic Transactions Act 85 Article 2B of the Uniform Commercial Code 85 The Electronic Signatures in Global and National Commerce Act [“E-Sign Act”] 88 Jurisdiction Selection 90 Reaction- Criminal Law 96 Convention on Cyber-Crime 97 Evidentiary or Procedural Law 99 Practical Considerations 100 Part II Conclusion 101 APPENDIX 103 Digital Millennium Copyright Act 103 BIBLIOGRAPHY 107 3 EXECUTIVE SUMMARY The objectives of this project are twofold.
    [Show full text]
  • Open Ongtang-Phd-Dissertation.Pdf
    The Pennsylvania State University The Graduate School SECURING MOBILE PHONES IN THE EVOLVING MOBILE ECOSYSTEM A Dissertation in Computer Science and Engineering by Machigar Ongtang © 2010 Machigar Ongtang Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy August 2010 The dissertation of Machigar Ongtang was reviewed and approved∗ by the following: Patrick D. McDaniel Associate Professor of Computer Science and Engineering Dissertation Advisor, Chair of Committee Thomas F. La Porta Distinguished Professor of Computer Science and Engineering Trent Jaeger Associate Professor of Computer Science and Engineering Ling Rothrock Associate Professor of Industrial and Manufacturing Engineering Raj Acharya Professor of Computer Science and Engineering Department Head ∗Signatures are on file in the Graduate School. Abstract The revolution of mobile phone industry has been altering our life and business practices over the past few decades. Driven by user demands and technological advancement, we now experience rich mobile phone applications and sophisticated cellular services ranging from mobile payment, stock trading, to social networking, vehicle tracking to in-car control. As more players joining the community, this mobile phone environment has transformed into a complex network of interacting companies, known as mobile ecosystem. Unfortunately, this opening and converging mobile ecosystem has brought in more opportunities for more attacks on mobile phones, a key element of the system. This dissertation aims to achieve mobile phone security. We reveal two main chal- lenges that we need to overcome, namely developing a clear definition of secure phones, and building security infrastructure that imposes such definition on the phones. We also identify three key elements that contribute to the fidelity of mobile phones, namely, mobile phone platforms, mobile phone applications, and mobile content.
    [Show full text]
  • Capability Myths Demolished
    Capability Myths Demolished Mark S. Miller Ka-Ping Yee Jonathan Shapiro Combex, Inc. University of California, Berkeley Johns Hopkins University [email protected] [email protected] [email protected] ABSTRACT The second and third myths state false limitations on We address three common misconceptions about what capability systems can do, and have been capability-based systems: the Equivalence Myth (access propagated by a series of research publications over the control list systems and capability systems are formally past 20 years (including [2, 3, 7, 24]). They have been equivalent), the Confinement Myth (capability systems cited as reasons to avoid adopting capability models cannot enforce confinement), and the Irrevocability and have even motivated some researchers to augment Myth (capability-based access cannot be revoked). The capability systems with extra access checks [7, 13] in Equivalence Myth obscures the benefits of capabilities attempts to fix problems that do not exist. The myths as compared to access control lists, while the Confine- about what capability systems cannot do continue to ment Myth and the Irrevocability Myth lead people to spread, despite formal results [22] and practical see problems with capabilities that do not actually exist. systems [1, 9, 18, 21] demonstrating that they can do these supposedly impossible things. The prevalence of these myths is due to differing inter- pretations of the capability security model. To clear up We believe these severe misunderstandings are rooted the confusion, we examine three different models that in the fact that the term capability has come to be have been used to describe capabilities, and define a set portrayed in terms of several very different security of seven security properties that capture the distinctions models.
    [Show full text]
  • Plugging Into High-Volume Consumer Products
    ISSUE 53, SECOND QUARTER 2005ISSUE 53, SECOND QUARTER XCELL JOURNAL XILINX, INC. Issue 53 Second Quarter 2005 XcellXcelljournaljournal THETHE AUTHORITATIVEAUTHORITATIVE JOURNALJOURNAL FORFOR PROGRAMMABLEPROGRAMMABLE LOGICLOGIC USERSUSERS PluggingPlugging intointo High-VolumeHigh-Volume ConsumerConsumer ProductsProducts HIGH VOLUME Spartan-3E: A New Era Multimedia for Automotive DSP Algorithms DESIGN TOOLS New ISE 7.1i Software Control Your Designs SERIAL I/O Extend Your Reach SUBSCRIBE NOW R SEE PAGE 3 Xilinx is the only FPGA supplier in the world to have achieved high-volume 90nm production, resulting in the lowest-cost FPGAs in the industry. Our leadership in 90nm products gives you all the performance and features you need, at the lowest price points ever. Both our SpartanTM and VirtexTM product lines__ the world's most widely adopted FPGAs__ are shipping on our optimized 90nm process now. Contact your Xilinx rep today and let's ramp up for success together. The Programmable Logic CompanySM www.xilinx.com/spartan3 Pb-free devices available now ©2004 Xilinx, Inc., 2100 Logic Drive, San Jose, CA 95124. Europe +44-870-7350-600; Japan +81-3-5321-7711; Asia Pacific +852-2-424-5200; Xilinx is a registered trademark, Spartan and Virtex are trademarks, and The Programmable Logic Company is a service mark of Xilinx, Inc. LETTER FROM THE EDITOR What’s Both High and Low, and Used Everywhere...? This issue of the Xcell Journal focuses on high-volume, low-cost consumer applications and the design tools used to implement them. Business Viewpoints Our Business Viewpoints column offers an independent business perspective by Rich Wawrzyniak, Senior Analyst, ASICs Services for Semico Research Corporation.
    [Show full text]
  • Scalability of Microkernel-Based Systems
    Scalability of Microkernel-Based Systems Zur Erlangung des akademischen Grades eines DOKTORS DER INGENIERWISSENSCHAFTEN von der Fakultat¨ fur¨ Informatik der Universitat¨ Fridericiana zu Karlsruhe (TH) genehmigte DISSERTATION von Volkmar Uhlig aus Dresden Tag der mundlichen¨ Prufung:¨ 30.05.2005 Hauptreferent: Prof. Dr. rer. nat. Gerhard Goos Universitat¨ Fridericiana zu Karlsruhe (TH) Korreferent: Prof. Dr. sc. tech. (ETH) Gernot Heiser University of New South Wales, Sydney, Australia Karlsruhe: 15.06.2005 i Abstract Microkernel-based systems divide the operating system functionality into individ- ual and isolated components. The system components are subject to application- class protection and isolation. This structuring method has a number of benefits, such as fault isolation between system components, safe extensibility, co-existence of different policies, and isolation between mutually distrusting components. How- ever, such strict isolation limits the information flow between subsystems including information that is essential for performance and scalability in multiprocessor sys- tems. Semantically richer kernel abstractions scale at the cost of generality and mini- mality–two desired properties of a microkernel. I propose an architecture that al- lows for dynamic adjustment of scalability-relevant parameters in a general, flex- ible, and safe manner. I introduce isolation boundaries for microkernel resources and the system processors. The boundaries are controlled at user-level. Operating system components and applications can transform their semantic information into three basic parameters relevant for scalability: the involved processors (depending on their relation and interconnect), degree of concurrency, and groups of resources. I developed a set of mechanisms that allow a kernel to: 1. efficiently track processors on a per-resource basis with support for very large number of processors, 2.
    [Show full text]
  • What Have We Learnt in 20 Years of L4 Microkernels?
    Lecture 6 From L3 to seL4: What Have We Learnt in 20 Years of L4 Microkernels? Kevin Elphinstone and Gernot Heiser Operating Systems Practical 12 November, 2014 OSP Lecture 6, L4 Microkernels 1/42 Contents Introduction and design principles Brief history of microkernels L4: Basic abstractions L4: Design and implementation choices Keywords Questions OSP Lecture 6, L4 Microkernels 2/42 Outline Introduction and design principles Brief history of microkernels L4: Basic abstractions L4: Design and implementation choices Keywords Questions OSP Lecture 6, L4 Microkernels 3/42 Context and terminology I Operating system I Kernel I Monolithic kernel I Microkernel OSP Lecture 6, L4 Microkernels 4/42 Operating system I abbrv. OS I Software (collection) to interface hardware with user I Components: I Kernel: Linux, FreeBSD, Windows NT, XNU, L4, ::: I Services/daemons: sysvinit, CUPS print server, udev, ::: I Utilities: ls, Windows Commander, top I Other applications OSP Lecture 6, L4 Microkernels 5/42 Kernel I Components directly interfacing with hardware I Examples? I \Core" of OS I No general definition of \core" OSP Lecture 6, L4 Microkernels 6/42 Monolithic vs. Micro-kernel Application Syscall User VFS "ode Uni File Server Device Server IPC, file system Application Driver Scheduler, virtual memory !ernel "ode Device drivers, dispatcher IPC, virtual memory IPC Hardware Hardware Source: http://www.cse.unsw.edu.au/ OSP Lecture 6, L4 Microkernels 7/42 Monolithic vs. Micro-kernel Monolithic kernel Microkernel I IPC, scheduling, I IPC, scheduling, memory management memory management I File systems I API closer to the I Drivers hardware I Higher-level API OSP Lecture 6, L4 Microkernels 8/42 Microkernel principles: minimality I If it's not critical, leave it out of the kernel I Pros: I Small code base I Easy to debug I Trusted Computing Base, feasible for formal verification I Cons: I Harder to find the \right" API design I Harder to optimize for high-performance OSP Lecture 6, L4 Microkernels 9/42 Microkernel principles: user-level services I Drivers, file systems, etc.
    [Show full text]
  • 855400Cd46b6c9e7683b5ace58a55234.Pdf
    Ars TeAchrsn iTceachnica UK Register Log in ▼ ▼ Ars Technica has arrived in Europe. Check it out! × Encryption options are great, but Apple's attitude on checksums is still funky. by Adam H. Leventhal - Jun 26, 2016 1:00pm UTC KEEPING ON TRUCKING INDEPENDENCE, WHAT INDEPENDENCE? Two hours or so of WWDC keynoting and Tim Cook didn't mention a new file system once? Andrew Cunningham This article was originally published on Adam Leventhal's blog in multiple parts. Programmer Andrew Nõmm: "I had to be made Apple announced a new file system that will make its way into all of its OS variants (macOS, tvOS, iOS, an example of as a warning to all IT people." watchOS) in the coming years. Media coverage to this point has been mostly breathless elongations of Apple's developer documentation. With a dearth of detail I decided to attend the presentation and Q&A with the APFS team at WWDC. Dominic Giampaolo and Eric Tamura, two members of the APFS team, gave an overview to a packed room; along with other members of the team, they patiently answered questions later in the day. With those data points and some first-hand usage I wanted to provide an overview and analysis both as a user of Apple-ecosystem products and as a long-time operating system and file system developer. The overview is divided into several sections. I'd encourage you to jump around to topics of interest or skip right to the conclusion (or to the tweet summary). Highest praise goes to encryption; ire to data integrity.
    [Show full text]
  • Toward Automatic Context-Based Attribute Assignment for Semantic file Systems
    Toward automatic context-based attribute assignment for semantic file systems Craig A. N. Soules, Gregory R. Ganger CMU-PDL-04-105 June 2004 Parallel Data Laboratory Carnegie Mellon University Pittsburgh, PA 15213-3890 Abstract Semantic file systems enable users to search for files based on attributes rather than just pre-assigned names. This paper devel- ops and evaluates several new approaches to automatically generating file attributes based on context, complementing existing approaches based on content analysis. Context captures broader system state that can be used to provide new attributes for files, and to propagate attributes among related files; context is also how humans often remember previous items [2], and so should fit the primary role of semantic file systems well. Based on our study of ten systems over four months, the addition of context-based mechanisms, on average, reduces the number of files with zero attributes by 73%. This increases the total number of classifiable files by over 25% in most cases, as is shown in Figure 1. Also, on average, 71% of the content-analyzable files also gain additional valuable attributes. Acknowledgements: We thank the members and companies of the PDL Consortium (including EMC, Hewlett-Packard, HGST, Hitachi, IBM, Intel, LSI Logic, Microsoft, Network Appliance, Panasas, Seagate, Sun, and Veritas) for their interest, insights, feedback, and support. We thank IBM and Intel for hardware grants supporting our research efforts. Keywords: semantic filesystems, context, attributes, classfication 1 Introduction As storage capacity continues to increase, the number of files belonging to an individual user has increased accordingly. Already, storage capacity has reached the point where there is little reason for a user to delete old content—in fact, the time required to do so would be wasted.
    [Show full text]