DOCSLIB.ORG

Isolation, Resource Management, and Sharing in Java

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Isolation, Resource Management, and Sharing in Java Processes in KaffeOS: Isolation, Resource Management, and Sharing in Java Godmar Back, Wilson C. Hsieh, Jay Lepreau School of Computing University of Utah Abstract many environments for executing untrusted code: for example, applets, servlets, active packets [41], database Single-language runtime systems, in the form of Java queries [15], and kernel extensions [6]. Current systems virtual machines, are widely deployed platforms for ex- (such as Java) provide memory protection through the ecuting untrusted mobile code. These runtimes pro- enforcement of type safety and secure system services vide some of the features that operating systems pro- through a number of mechanisms, including namespace vide: inter-application memory protection and basic sys- and access control. Unfortunately, malicious or buggy tem services. They do not, however, provide the ability applications can deny service to other applications. For to isolate applications from each other, or limit their re- example, a Java applet can generate excessive amounts source consumption. This paper describes KaffeOS, a of garbage and cause a Web browser to spend all of its Java runtime system that provides these features. The time collecting it. KaffeOS architecture takes many lessons from operating To support the execution of untrusted code, type-safe system design, such as the use of a user/kernel bound- language runtimes need to provide a mechanism to iso- ary, and employs garbage collection techniques, such as late and manage the resources of applications, analogous write barriers. to that provided by operating systems. Although other re- The KaffeOS architecture supports the OS abstraction source management abstractions exist [4], the classic OS of a process in a Java virtual machine. Each process exe- process abstraction is appropriate. A process is the basic cutes as if it were run in its own virtual machine, includ- unit of resource ownership and control; it provides iso- ing separate garbage collection of its own heap. The dif- lation between applications. On a traditional operating ficulty in designing KaffeOS lay in balancing the goals system, untrusted code can be forked in its own process; of isolation and resource management against the goal of CPU and memory limits can be placed on the process; allowing direct sharing of objects. Overall, KaffeOS is and the process can be killed if it is uncooperative. no more than 11% slower than the freely available JVM A number of approaches to isolating applications in on which it is based, which is an acceptable penalty for Java have been developed by others over the last few the safety that it provides. Because of its implementation years. An applet context [9] is an example of an base, KaffeOS is substantially slower than commercial application-specific approach. It provides a separate JVMs for trusted code, but it clearly outperforms those namespace and a separate set of execution permissions JVMs in the presence of denial-of-service attacks or mis- for untrusted applets. Applet contexts do not support re- behaving code. source management, and cannot defend against denial- of-service attacks. In addition, they are not general: ap- 1 Introduction plet contexts are specific to applets, and cannot be used easily in other environments. The need to support the safe execution of untrusted Several general-purpose models for isolating appli- programs in runtime systems for type-safe languages has cations in Java do exist, such as the J-Kernel [23] or become clear. Language runtimes are being used in Echidna [21]. However, these solutions superimpose an operating system kernel abstraction on Java without This research was largely supported by the Defense Advanced Re- changing the underlying virtual machine. As a result, search Projects Agency, monitored by the Air Force Research Labo- ratory, Rome Research Site, USAF, under agreements F30602–96–2– it is impossible in those systems to account for resources 0269 and F30602–99–1–0503. The U.S. Government is authorized to spent on behalf of a given application: for example, CPU reproduce and distribute reprints for Governmental purposes notwith- time spent while garbage collecting a process’s heap. standing any copyright annotation hereon. An alternative approach to separate different applica- Contact information: {gback,wilson,lepreau}@cs.utah.edu. School of Computing, 50 S. Central Campus Drive, Room 3190, University of tions is to give each one its own virtual machine, and Utah, SLC, UT 84112-9205. http://www.cs.utah.edu/flux/ run each virtual machine in a different process on an un- derlying OS [25, 29]. For instance, most operating sys- • We describe how lessons from building traditional tems can limit a process’s heap size or CPU consump- operating systems can and should be used to struc- tion. Such mechanisms could be used to directly limit an ture runtime systems for type-safe languages. entire VM’s resource consumption, but they depend on underlying operating system support. • We describe how software mechanisms in the com- Designing JVMs to support multiple processes is a su- piler and runtime can be used to implement isolation perior approach. First, it reduces per-application over- and resource management in a Java virtual machine. head. For example, applications on KaffeOS can share • classes in the same way that an OS allows applications We describe the design and implementation of Kaf- to share libraries. Second, communication between pro- feOS. KaffeOS implements our process model in cesses can be more efficient in one VM, since objects can Java, which isolates applications from each other, be shared directly. (One of the reasons for using type- provides resource management mechanisms for safe language technology in systems such as SPIN [6] them, and also lets them share resources directly. was to reduce the cost of IPC; we want to keep that goal.) • Third, embedding a JVM in another application, such as We show that the performance penalty for using a web server or web browser, is difficult (or impossible) KaffeOS is reasonable, compared to the freely avail- if the JVM relies on an operating system to isolate dif- able JVM on which it is based. Even though, due to ferent activities. Fourth, embedded or portable devices that implementation base, KaffeOS is substantially may not provide OS or hardware support for managing slower than commercial JVMs on standard bench- processes. Finally, a single JVM uses less energy than marks, it outperforms those JVMs in the presence multiple JVM’s on portable devices [19]. of uncooperative code. Our work consists of supporting processes in a modern Sections 2 and 3 describe and discuss the design and type-safe language, Java. Our solution, KaffeOS, adds a implementation of KaffeOS. Section 4 provides some process model to Java that allows a JVM to run multiple performance measurements of KaffeOS, and compares untrusted programs safely, and still supports the direct its performance with that of some commercial Java vir- sharing of resources between programs. The difficulty tual machines. Section 5 describes related work in more in designing KaffeOS lay in balancing conflicting goals: detail, and Section 6 summarizes our conclusions and re- process isolation and resource management versus direct sults. sharing of objects between processes. A KaffeOS process is a general-purpose mechanism that can easily be used in multiple application domains. 2 Design Principles For instance, KaffeOS could be used in a browser to sup- The following principles drove our design of KaffeOS, port multiple applets, within a server to support multiple in decreasing order of importance: servlets, or even to provide a standalone “Java OS” on bare hardware. We have structured our abstractions and • Process separation. We provide the “classical” APIs so that they are as broadly applicable as possible, property of a process: each process is given the il- much as the OS process abstraction is. Because the Kaf- lusion of having the whole virtual machine to itself. feOS architecture is designed to support processes, we have taken lessons from the design of traditional operat- • Safe termination of processes. Processes may ter- ing systems, such as the use of a user/kernel boundary. minate abruptly due to either an internal error or an Our design makes KaffeOS’s isolation and resource external event. In both cases, we ensure that the in- control mechanisms comprehensive. We focus on the tegrity of other processes and the system itself is not management of CPU time and memory, although we plan violated. to address other resources such as network bandwidth. The runtime system is able to account for and control • Direct sharing between processes. Processes can all of the CPU and memory resources consumed on be- directly share objects in order to communicate with half of any process. We have dealt with these issues by each other. structuring the KaffeOS virtual machine so that it sepa- rates the resources used by different processes as much • Precise memory and CPU accounting. The mem- as possible. ory and CPU time spent on almost all activities can To summarize, this paper makes the following contri- be attributed to the application on whose behalf it butions: was expended. • Full reclamation of memory. When a process is User code (untrusted) terminated, its memory must be fully reclaimed. In a language-based system, memory cannot be re- Runtime Libraries User User mode voked by unmapping pages: it must be garbage- (trusted) GC collected. We restrict a process’s heap writes to Kernel mode avoid uncollectable memory in the presence of di- rect object sharing. System Kernel code (trusted) GC • Hierarchical memory management. Memory al- location can be managed in a hierarchy, which pro- vides a simple model for controlling processes. Figure 1: Structure of KaffeOS. System code is divided into kernel and user modes; user code all runs in user mode. In user The interaction between these design principles is com- mode, code can be terminated arbitrarily; in kernel mode, code plex.
Load more

Recommended publications
  • Better Performance Through a Disk/Persistent-RAM Hybrid Design
    The Conquest File System: Better Performance Through a Disk/Persistent-RAM Hybrid Design AN-I ANDY WANG Florida State University GEOFF KUENNING Harvey Mudd College PETER REIHER, GERALD POPEK University of California, Los Angeles ________________________________________________________________________ Modern file systems assume the use of disk, a system-wide performance bottleneck for over a decade. Current disk caching and RAM file systems either impose high overhead to access memory content or fail to provide mechanisms to achieve data persistence across reboots. The Conquest file system is based on the observation that memory is becoming inexpensive, which enables all file system services to be delivered from memory, except providing large storage capacity. Unlike caching, Conquest uses memory with battery backup as persistent storage, and provides specialized and separate data paths to memory and disk. Therefore, the memory data path contains no disk-related complexity. The disk data path consists of only optimizations for the specialized disk usage pattern. Compared to a memory-based file system, Conquest incurs little performance overhead. Compared to several disk-based file systems, Conquest achieves 1.3x to 19x faster memory performance, and 1.4x to 2.0x faster performance when exercising both memory and disk. Conquest realizes most of the benefits of persistent RAM at a fraction of the cost of a RAM-only solution. Conquest also demonstrates that disk-related optimizations impose high overheads for accessing memory content in a memory-rich environment. Categories and Subject Descriptors: D.4.2 [Operating Systems]: Storage Management—Storage Hierarchies; D.4.3 [Operating Systems]: File System Management—Access Methods and Directory Structures; D.4.8 [Operating Systems]: Performance—Measurements General Terms: Design, Experimentation, Measurement, and Performance Additional Key Words and Phrases: Persistent RAM, File Systems, Storage Management, and Performance Measurement ________________________________________________________________________ 1.
    [Show full text]
  • Virtual Memory
    Chapter 4 Virtual Memory Linux processes execute in a virtual environment that makes it appear as if each process had the entire address space of the CPU available to itself. This virtual address space extends from address 0 all the way to the maximum address. On a 32-bit platform, such as IA-32, the maximum address is 232 − 1or0xffffffff. On a 64-bit platform, such as IA-64, this is 264 − 1or0xffffffffffffffff. While it is obviously convenient for a process to be able to access such a huge ad- dress space, there are really three distinct, but equally important, reasons for using virtual memory. 1. Resource virtualization. On a system with virtual memory, a process does not have to concern itself with the details of how much physical memory is available or which physical memory locations are already in use by some other process. In other words, virtual memory takes a limited physical resource (physical memory) and turns it into an infinite, or at least an abundant, resource (virtual memory). 2. Information isolation. Because each process runs in its own address space, it is not possible for one process to read data that belongs to another process. This improves security because it reduces the risk of one process being able to spy on another pro- cess and, e.g., steal a password. 3. Fault isolation. Processes with their own virtual address spaces cannot overwrite each other’s memory. This greatly reduces the risk of a failure in one process trig- gering a failure in another process. That is, when a process crashes, the problem is generally limited to that process alone and does not cause the entire machine to go down.
    [Show full text]
  • Draft SP 800-125A Rev. 1, Security Recommendations for Server
    The attached DRAFT document (provided here for historical purposes), released on April 11, 2018, has been superseded by the following publication: Publication Number: NIST Special Publication (SP) 800-125A Rev. 1 Title: Security Recommendations for Server-based Hypervisor Platforms Publication Date: June 2018 • Final Publication: https://doi.org/10.6028/NIST.SP.800-125Ar1 (which links to https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-125Ar1.pdf). • Related Information on CSRC: Final: https://csrc.nist.gov/publications/detail/sp/800-125a/rev-1/final 1 Draft NIST Special Publication 800-125A 2 Revision 1 3 4 Security Recommendations for 5 Hypervisor Deployment on 6 ServersServer-based Hypervisor 7 Platforms 8 9 10 11 12 Ramaswamy Chandramouli 13 14 15 16 17 18 19 20 21 22 23 C O M P U T E R S E C U R I T Y 24 25 Draft NIST Special Publication 800-125A 26 Revision 1 27 28 29 30 Security Recommendations for 31 Server-based Hypervisor Platforms 32 33 Hypervisor Deployment on Servers 34 35 36 37 Ramaswamy Chandramouli 38 Computer Security Division 39 Information Technology Laboratory 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 April 2018 56 57 58 59 60 61 U.S. Department of Commerce 62 Wilbur L. Ross, Jr., Secretary 63 64 National Institute of Standards and Technology 65 Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology 66 67 Authority 68 69 This publication has been developed by NIST in accordance with its statutory responsibilities under the 70 Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C.
    [Show full text]
  • Chapter 3. Booting Operating Systems
    Chapter 3. Booting Operating Systems Abstract: Chapter 3 provides a complete coverage on operating systems booting. It explains the booting principle and the booting sequence of various kinds of bootable devices. These include booting from floppy disk, hard disk, CDROM and USB drives. Instead of writing a customized booter to boot up only MTX, it shows how to develop booter programs to boot up real operating systems, such as Linux, from a variety of bootable devices. In particular, it shows how to boot up generic Linux bzImage kernels with initial ramdisk support. It is shown that the hard disk and CDROM booters developed in this book are comparable to GRUB and isolinux in performance. In addition, it demonstrates the booter programs by sample systems. 3.1. Booting Booting, which is short for bootstrap, refers to the process of loading an operating system image into computer memory and starting up the operating system. As such, it is the first step to run an operating system. Despite its importance and widespread interests among computer users, the subject of booting is rarely discussed in operating system books. Information on booting are usually scattered and, in most cases, incomplete. A systematic treatment of the booting process has been lacking. The purpose of this chapter is to try to fill this void. In this chapter, we shall discuss the booting principle and show how to write booter programs to boot up real operating systems. As one might expect, the booting process is highly machine dependent. To be more specific, we shall only consider the booting process of Intel x86 based PCs.
    [Show full text]
  • ELF1 7D Virtual Memory
    ELF1 7D Virtual Memory Young W. Lim 2021-07-06 Tue Young W. Lim ELF1 7D Virtual Memory 2021-07-06 Tue 1 / 77 Outline 1 Based on 2 Virtual memory Virtual Memory in Operating System Physical, Logical, Virtual Addresses Kernal Addresses Kernel Logical Address Kernel Virtual Address User Virtual Address User Space Young W. Lim ELF1 7D Virtual Memory 2021-07-06 Tue 2 / 77 Based on "Study of ELF loading and relocs", 1999 http://netwinder.osuosl.org/users/p/patb/public_html/elf_ relocs.html I, the copyright holder of this work, hereby publish it under the following licenses: GNU head Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. CC BY SA This file is licensed under the Creative Commons Attribution ShareAlike 3.0 Unported License. In short: you are free to share and make derivative works of the file under the conditions that you appropriately attribute it, and that you distribute it only under a license compatible with this one. Young W. Lim ELF1 7D Virtual Memory 2021-07-06 Tue 3 / 77 Compling 32-bit program on 64-bit gcc gcc -v gcc -m32 t.c sudo apt-get install gcc-multilib sudo apt-get install g++-multilib gcc-multilib g++-multilib gcc -m32 objdump -m i386 Young W.
    [Show full text]
  • Designing and Implementing the OP and OP2 Web Browsers
    Designing and Implementing the OP and OP2 Web Browsers CHRIS GRIER, SHUO TANG and SAMUEL T. KING, University of Illinois at Urbana-Champaign Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browser-based attacks. Browser security efforts that retrofit existing browsers have had lim- ited success because the design of modern browsers is fundamentally flawed. To enable more secure web browsing, we design and implement a new browser, called the OP web browser, that attempts to improve the state-of-the-art in browser security. We combine operating system design principles with formal methods to design a more secure web browser by drawing on the expertise of both communities. Our design philosophy is to partition the browser into smaller subsystems and make all communication between subsystems sim- ple and explicit. At the core of our design is a small browser kernel that manages the browser subsystems and interposes on all communications between them to enforce our new browser security features. To show the utility of our browser architecture, we design and implement three novel security features. First, we develop flexible security policies that allow us to include browser plugins within our security framework. Second, we use formal methods to prove useful security properties including user interface invariants and browser security policy. Third, we design and implement a browser-level information-flow tracking system to enable post-mortem analysis of browser-based attacks. In addition to presenting the OP browser architecture, we discuss the design and implementation of a second version of OP, OP2, that includes features from other secure web browser designs to improve on the overall security and performance of OP.
    [Show full text]
  • Libresource - Getting System Resource Information with Standard Apis Tuesday, 13 November 2018 14:55 (15 Minutes)
    Linux Plumbers Conference 2018 Contribution ID: 255 Type: not specified libresource - Getting system resource information with standard APIs Tuesday, 13 November 2018 14:55 (15 minutes) System resource information, like memory, network and device statistics, are crucial for system administrators to understand the inner workings of their systems, and are increasingly being used by applications to fine tune performance in different environments. Getting system resource information on Linux is not a straightforward affair. The best way is tocollectthe information from procfs or sysfs, but getting such information from procfs or sysfs presents many challenges. Each time an application wants to get a system resource information, it has to open a file, read the content and then parse the content to get actual information. If application is running in a container then even reading from procfs directly may give information about resources on whole system instead of just the container. Libresource tries to fix few of these problems by providing a standard library with set of APIs through which we can get system resource information e.g. memory, CPU, stat, networking, security related information. Libresource provides/may provide following benefits: • Virtualization: In cases where application is running in a virtualized environment using cgroup or namespaces, reading from /proc and /sys file-systems might not give correct information as these are not cgroup aware. Library API will take care of this e.g. if a process is running in a cgroup then library should provide information which is local to that cgroup. • Ease of use: Currently applications needs to read this info mostly from /proc and /sys file-systems.
    [Show full text]
  • Introduction to Performance Management
    C HAPTER 1 Introduction to Performance Management Application developers and system administrators face similar challenges in managing the performance of a computer system. Performance manage- ment starts with application design and development and migrates to administration and tuning of the deployed production system or systems. It is necessary to keep performance in mind at all stages in the development and deployment of a system and application. There is a definite over- lap in the responsibilities of the developer and administrator. Sometimes determining where one ends and the other begins is more difficult when a single person or small group develops, admin- isters and uses the application. This chapter will look at: • Application developer’s perspective • System administrator’s perspective • Total system resource perspective • Rules of performance tuning 1.1 Application Developer’s Perspective The tasks of the application developer include: • Defining the application • Determining the specifications • Designing application components • Developing the application codes • Testing, tuning, and debugging • Deploying the system and application • Maintaining the system and application 3 4 Chapter 1 • Introduction to Performance Management 1.1.1 Defining the Application The first step is to determine what the application is going to be. Initially, management may need to define the priorities of the development group. Surveys of user organizations may also be carried out. 1.1.2 Determining Application Specifications Defining what the application will accomplish is necessary before any code is written. The users and developers should agree, in advance, on the particular features and/or functionality that the application will provide. Often, performance specifications are agreed upon at this time, and these are typically expressed in terms of user response time or system throughput measures.
    [Show full text]
  • FIRM: Fair and High-Performance Memory Control for Persistent Memory Systems
    FIRM: Fair and High-Performance Memory Control for Persistent Memory Systems Jishen Zhao∗†, Onur Mutlu†, Yuan Xie‡∗ ∗Pennsylvania State University, †Carnegie Mellon University, ‡University of California, Santa Barbara, Hewlett-Packard Labs ∗ † ‡ [email protected], [email protected], [email protected] Abstract—Byte-addressable nonvolatile memories promise a new tech- works [54, 92] even demonstrated a persistent memory system with nology, persistent memory, which incorporates desirable attributes from performance close to that of a system without persistence support in both traditional main memory (byte-addressability and fast interface) memory. and traditional storage (data persistence). To support data persistence, a persistent memory system requires sophisticated data duplication Various types of physical devices can be used to build persistent and ordering control for write requests. As a result, applications memory, as long as they appear byte-addressable and nonvolatile that manipulate persistent memory (persistent applications) have very to applications. Examples of such byte-addressable nonvolatile different memory access characteristics than traditional (non-persistent) memories (BA-NVMs) include spin-transfer torque RAM (STT- applications, as shown in this paper. Persistent applications introduce heavy write traffic to contiguous memory regions at a memory channel, MRAM) [31, 93], phase-change memory (PCM) [75, 81], resis- which cannot concurrently service read and write requests, leading to tive random-access memory (ReRAM) [14, 21], battery-backed memory bandwidth underutilization due to low bank-level parallelism, DRAM [13, 18, 28], and nonvolatile dual in-line memory mod- frequent write queue drains, and frequent bus turnarounds between reads ules (NV-DIMMs) [89].1 and writes. These characteristics undermine the high-performance and fairness offered by conventional memory scheduling schemes designed As it is in its early stages of development, persistent memory for non-persistent applications.
    [Show full text]
  • Cali: Compiler-Assisted Library Isolation
    Cali: Compiler-Assisted Library Isolation Markus Bauer Christian Rossow CISPA Helmholtz Center for Information Security CISPA Helmholtz Center for Information Security Saarbrücken, Saarland, Germany Saarbrücken, Saarland, Germany [email protected] [email protected] ABSTRACT the full program’s privileges and address space. This lack of privi- Software libraries can freely access the program’s entire address lege separation and memory isolation has led to numerous critical space, and also inherit its system-level privileges. This lack of sepa- security incidents. ration regularly leads to security-critical incidents once libraries We can significantly reduce this threat surface by isolating the contain vulnerabilities or turn rogue. We present Cali, a compiler- library from the main program. In most cases, a library (i) neither assisted library isolation system that fully automatically shields a requires access to the entire program’s address space, (ii) nor needs program from a given library. Cali is fully compatible with main- the full program’s privileges to function properly. In fact, even line Linux and does not require supervisor privileges to execute. We complex libraries such as parsers require only limited interaction compartmentalize libraries into their own process with well-defined with the program and/or system. Conceptually, there is thus little security policies. To preserve the functionality of the interactions need to grant an untrusted library access to the program or to between program and library, Cali uses a Program Dependence critical system privileges. Basic compartmentalization principles Graph to track data flow between the program and the library dur- thus help to secure a program from misuse by untrusted code.
    [Show full text]
  • Linux® Resource Administration Guide
    Linux® Resource Administration Guide 007–4413–004 CONTRIBUTORS Written by Terry Schultz Illustrated by Chris Wengelski Production by Karen Jacobson Engineering contributions by Jeremy Brown, Marlys Kohnke, Paul Jackson, John Hesterberg, Robin Holt, Kevin McMahon, Troy Miller, Dennis Parker, Sam Watters, and Todd Wyman COPYRIGHT © 2002–2004 Silicon Graphics, Inc. All rights reserved; provided portions may be copyright in third parties, as indicated elsewhere herein. No permission is granted to copy, distribute, or create derivative works from the contents of this electronic documentation in any manner, in whole or in part, without the prior written permission of Silicon Graphics, Inc. LIMITED RIGHTS LEGEND The electronic (software) version of this document was developed at private expense; if acquired under an agreement with the USA government or any contractor thereto, it is acquired as "commercial computer software" subject to the provisions of its applicable license agreement, as specified in (a) 48 CFR 12.212 of the FAR; or, if acquired for Department of Defense units, (b) 48 CFR 227-7202 of the DoD FAR Supplement; or sections succeeding thereto. Contractor/manufacturer is Silicon Graphics, Inc., 1600 Amphitheatre Pkwy 2E, Mountain View, CA 94043-1351. TRADEMARKS AND ATTRIBUTIONS Silicon Graphics, SGI, the SGI logo, and IRIX are registered trademarks and SGI Linux and SGI ProPack for Linux are trademarks of Silicon Graphics, Inc., in the United States and/or other countries worldwide. SGI Advanced Linux Environment 2.1 is based on Red Hat Linux Advanced Server 2.1 for the Itanium Processor, but is not sponsored by or endorsed by Red Hat, Inc.
    [Show full text]
  • Improving the Performance of Hybrid Main Memory Through System Aware Management of Heterogeneous Resources
    IMPROVING THE PERFORMANCE OF HYBRID MAIN MEMORY THROUGH SYSTEM AWARE MANAGEMENT OF HETEROGENEOUS RESOURCES by Juyoung Jung B.S. in Information Engineering, Korea University, 2000 Master in Computer Science, University of Pittsburgh, 2013 Submitted to the Graduate Faculty of the Kenneth P. Dietrich School of Arts and Sciences in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science University of Pittsburgh 2016 UNIVERSITY OF PITTSBURGH KENNETH P. DIETRICH SCHOOL OF ARTS AND SCIENCES This dissertation was presented by Juyoung Jung It was defended on December 7, 2016 and approved by Rami Melhem, Ph.D., Professor at Department of Computer Science Bruce Childers, Ph.D., Professor at Department of Computer Science Daniel Mosse, Ph.D., Professor at Department of Computer Science Jun Yang, Ph.D., Associate Professor at Electrical and Computer Engineering Dissertation Director: Rami Melhem, Ph.D., Professor at Department of Computer Science ii IMPROVING THE PERFORMANCE OF HYBRID MAIN MEMORY THROUGH SYSTEM AWARE MANAGEMENT OF HETEROGENEOUS RESOURCES Juyoung Jung, PhD University of Pittsburgh, 2016 Modern computer systems feature memory hierarchies which typically include DRAM as the main memory and HDD as the secondary storage. DRAM and HDD have been extensively used for the past several decades because of their high performance and low cost per bit at their level of hierarchy. Unfortunately, DRAM is facing serious scaling and power consumption problems, while HDD has suffered from stagnant performance improvement and poor energy efficiency. After all, computer system architects have an implicit consensus that there is no hope to improve future system’s performance and power consumption unless something fundamentally changes.
    [Show full text]