DOCSLIB.ORG

Poisoning the Event-Driven Architecture: a Full-Stack Look at Node.Js and Friends

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Poisoning the Event-Driven Architecture: A Full-Stack Look at Node.js and Friends Anonymous Author(s) Abstract induced by each additional thread artificially limits the number of In recent years, both industry and the open-source community have clients each server can handle, requiring the service provider to op- turned to the Event-Driven Architecture (EDA) to provide more erate more servers than is strictly necessary. The EDA significantly scalable web services. Though the Event-Driven Architecture can reduces the overhead paid for each additional client, multiplying offer better scalability than the One Thread Per Client Architecture, the number of clients each server can handle. its use can leave service providers vulnerable to a Denial of Service Figure 1 gives some intuition about how the EDA achieves its attack that we call Event Handler Poisoning (EHP). low per-client overhead. Rather than creating a new thread for each In this work we define EHP attacks and examine the ways in request, which introduces overheads in time (context-switching) which EDA frameworks expose applications to this risk. We also and space (per-thread stack), the EDA simply stores the request as touch on application-level EHP vulnerabilities. We focus on three an Event in a queue to be handled by a fixed set of Event Handlers. In popular EDA frameworks: Node.js (JavaScript), Twisted (Python), other words, the EDA achieves scalability using thread multiplexing. and libuv (C/C++). By multiplexing these unrelated computations onto the same Event Our analysis studies both CPU-bound and I/O-bound approaches Handlers, the EDA amortizes the space and time overhead of each to Event Handler Poisoning. For CPU-bound attacks we focus on additional client. Since each client costs less in the EDA, EDA-based Regular Expression Denial of Service (ReDoS). For I/O-bound ap- services can handle a larger number of clients concurrently. proaches we examine the weaknesses of asynchronous I/O imple- mentations in these frameworks. Using our Constant Worst-Case Execution Time pattern, EDA- based services can become invulnerable to EHP attacks. Guided by this pattern, in our system node.cure we implement two framework- level defenses for Node.js that serve as effective antidotes to the concerns we raise. CCS Concepts • Security and privacy → Denial-of-service attacks; Software security engineering; Web application security; Keywords Figure 1: This is the Event-Driven Architecture. Incoming Event-Driven Architecture; Denial of Service; Node.js; Algorithmic events are handled sequentially by the event loop. The Event Complexity; ReDoS Loop may generate new events in the form of tasks it of- floads to the Worker Pool. We refer to the event loopand the workers in the worker pool as Event Handlers. 1 Introduction Web servers are the lifeblood of the modern Internet. To handle Alas, the scalability promised by the EDA comes at a price. Mul- the demands of millions of clients, service providers replicate their tiplexing unrelated work onto the same thread(s) may reduce over- services across many servers. Since each additional server costs head, but it also moves the burden of time sharing out of the thread time and money, service providers want to maximize the number of library or operating system and into the application itself. Where clients each server can handle. Over the past decade, this goal has OTPCA-based services can rely on the preemptive multitasking led the software community to seriously consider a paradigm shift promised by the underlying system to ensure that resources are in their software architecture — from the One Thread Per Client shared fairly, using the EDA requires the service to enforce its own Architecture (OTPCA) to the Event-Driven Architecture (EDA) (also cooperative multitasking [71]. In other words, thread multiplex- known as the reactor pattern). Though using the EDA may increase ing destroys isolation. For example, if a client’s request takes a the number of clients each server can handle, it also exposes the long time to handle in an OTPCA-based service, preemptive mul- service to a class of Denial of Service (DoS) attack unique to the titasking will ensure that other requests are handled fairly. But if EDA: Event Handler Poisoning (EHP). this same lengthy request is submitted to an EDA-based service, Traditionally, web services have been implemented using the and if the service incorrectly implements cooperative multitasking, One Thread Per Client Architecture (OTPCA), and support more then this request will deny service to all other clients because they clients by increasing the number of threads. In practice the overhead cannot use the Event Handler that is processing the request. We call this state of affairs Event Handler Poisoning. Anonymous Submission to ACM CCS 2017, Due 19 May 2017, Dallas, Texas 2017. ACM ISBN 978-x-xxxx-xxxx-x/YY/MM...$15.00 We present a general principle, borrowed from the real-time https://doi.org/10.1145/nnnnnnn.nnnnnnn systems community, that EDA-based services can use to defend 1 Anonymous submission #23 to ACM CCS 2017 against EHP. As EHP attacks are possible when one request to an Although EDA approaches have been discussed and implemented EDA-based server doesn’t cooperatively yield to other requests, in the academic and professional communities for decades (e.g. [30, our antidote is simple: the server must ensure that every stage 42, 48, 69, 74, 77]), historically EDA has only seen wide adoption in of the request handling takes no more than constant time before user interface settings like web browsers. How things have changed. it yields to other requests. In applying this principle, EDA-based The EDA is increasingly relevant in systems programming today servers extend input sanitization from the realm of data into the thanks to the explosion of interest in Node.js [12], an event-driven realm of the algorithms used to process it. We evaluate several server-side JavaScript framework. Although the OTPCA and EDA popular EDA frameworks in light of this principle, identifying EHP architectures have the same expressive power [55], in practice EDA vulnerabilities in each. Our node.cure prototype extends Node.js to implementations have been found to offer greater scaling [67]. defend against the vulnerabilities we identified there. Several variations on the server-side EDA have been proposed: This paper is an extension of a workshop paper [28]. There we single-process event-driven (SPED), asymmetric multi-process event- introduced the idea of EHP attacks, argued that some previously- driven (AMPED), and scalable event-driven (SEDA). The AMPED reported security vulnerabilities were actually EHP vulnerabilities, architecture is depicted in Figure 1, while in SPED there is no worker and gave a sketch of our antidote. Here we offer the complete pool [66]. In the SEDA architecture, applications are designed as a package: a refined definition of EHP, a general principle for defense, pipeline composed of stages, each of which resembles Figure 1 [77]. examples of vulnerabilities in the wild, and effective framework- Figure 1 illustrates the widely used AMPED EDA formulation, level defenses. which is common to all mainstream general-purpose EDA frame- In summary, this paper makes the following contributions: works today. In the AMPED EDA (hereafter simply “the EDA”) the operating system or a framework places events in a queue (e.g. (1) We are the first to define Event Handler Poisoning, an attack that through Linux’s poll system call1), and pending events are handled exploits a general vulnerability in the EDA (§3). Our definition by an event loop. The event loop may offload expensive activity to of EHP is general, and captures attacks targeting either the a small, fixed-size worker pool, which in turn generates an event event loop or the worker pool. to inform the event loop when an offloaded task completes. The (2) Using concepts borrowed from the real-time systems commu- worker pool is implemented using threads or separate processes, nity, we describe a general antidote for Event Handler Poisoning and offers services like “asynchronous” (blocking but concurrent) (§4). Our antidote gives developers precise guidance, replacing access to the file system or DNS. the dangerous heuristics currently offered in the EDA commu- In applications built using EDA, there is a set of possible Events nity. (e.g. “new network traffic”) for which the developer supplies asetof (3) We identify potential EHP vulnerabilities in software built using Callbacks [46]. During the execution of an EDA-based application, the popular Node.js EDA framework (§5). In doing so we extend events are generated by external activity or internal processing and the state of the art in ReDoS detection. routed to the appropriate Callbacks. Each Callback is executed on (4) Informed by our EHP antidote, we identify weaknesses in one of the Event Handlers; synchronous Callbacks are executed on Node.js itself that expose its community to EHP. In node.cure the event loop, asynchronous Callbacks on a worker. we implement effective solutions to these problems, defending Node.js applications against two forms of EHP: ReDoS (§5.2) 2.2 Popular EDA Frameworks and Large/Slow I/O (§6.3). An EDA approach can be (and has been) implemented in most pro- gramming languages. Table 1 lists the dominant2 general-purpose 2 Background EDA framework for a range of languages: Node.js (JavaScript) [12], In this section we contrast the EDA with the OTPCA (§2.1). We Twisted (Python) [19], libuv (C/C++) [9], Reactor (Java) [16], Event- then explain our choice of EDA frameworks for study (§2.2), and Machine (Ruby) [5], Zotonic (Erlang) [21], and Microsoft’s P# [41]. finish by explaining formative work on Algorithmic Complexity To capture the ongoing investment in each framework, we surveyed (AC) attacks (§2.3).
Recommended publications
  • Knot DNS Resolver Release 1.2.0

    Knot DNS Resolver Release 1.2.0

    Knot DNS Resolver Release 1.2.0 CZ.NIC Labs Apr 25, 2017 Contents 1 Building project 3 1.1 Installing from packages.........................................3 1.2 Platform considerations.........................................3 1.3 Requirements...............................................3 1.4 Building from sources..........................................5 1.5 Getting Docker image..........................................7 2 Knot DNS Resolver library 9 2.1 Requirements...............................................9 2.2 For users.................................................9 2.3 For developers..............................................9 2.4 Writing layers.............................................. 11 2.5 APIs in Lua................................................ 12 2.6 API reference............................................... 15 3 Knot DNS Resolver daemon 47 3.1 Enabling DNSSEC............................................ 47 3.2 CLI interface............................................... 48 3.3 Scaling out................................................ 48 3.4 Running supervised........................................... 49 3.5 Configuration............................................... 49 3.6 Using CLI tools............................................. 64 4 Knot DNS Resolver modules 67 4.1 Static hints................................................ 67 4.2 Statistics collector............................................ 69 4.3 Query policies.............................................. 71 4.4 Views and ACLs............................................
  • Safeguard for Privileged Passwords 6.0.9 LTS Release Notes

    Safeguard for Privileged Passwords 6.0.9 LTS Release Notes

    Safeguard for Privileged Passwords 6.0.9 LTS Release Notes 03 March 2021, 06:20 These release notes provide information about the Safeguard for Privileged Passwords 6.0.9 LTS release. If you are updating a Safeguard for Privileged Passwords version prior to this release, read the release notes for the version found at: One Identity Safeguard for Privileged Passwords Technical Documentation. For the most recent documents and product information, see One Identity Safeguard for Privileged Passwords Technical Documentation. Release options Safeguard for Privileged Passwords includes two release versions: l Long Term Support (LTS) release, version 6.0.9 LTS l Feature release, version 6.9 The versions align with Safeguard for Privileged Sessions. For more information, see Long Term Support (LTS) and Feature Releases on page 13. About this release Safeguard for Privileged Passwords Version 6.0.9 LTS is a minor LTS release with resolved issues. For more details on the features and resolved issues, see: Safeguard for Privileged Passwords 6.0.9 LTS 1 Release Notes l Resolved issues NOTE: For a full list of key features in Safeguard for Privileged Passwords, see the Safeguard for Privileged Passwords Administration Guide. About the Safeguard product line The Safeguard for Privileged Passwords Appliance is built specifically for use only with the Safeguard for Privileged Passwords privileged management software, which is pre- installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system, and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management and shortening the time frame to value.
  • Efficient Parallel I/O on Multi-Core Architectures

    Efficient Parallel I/O on Multi-Core Architectures

    Lecture series title/ lecture title Efficient parallel I/O on multi-core architectures Adrien Devresse CERN IT-SDC-ID Thematic CERN School of Computing 2014 1 Author(s) names – Affiliation Lecture series title/ lecture title How to make I/O bound application scale with multi-core ? What is an IO bound application ? → A server application → A job that accesses big number of files → An application that uses intensively network 2 Author(s) names – Affiliation Lecture series title/ lecture title Stupid example: Simple server monothreaded // create socket socket_desc = socket(AF_INET , SOCK_STREAM , 0); // bind the socket bind(socket_desc,(struct sockaddr *)&server , sizeof(server)); listen(socket_desc , 100); //accept connection from an incoming client while(1){ // declarations client_sock = accept(socket_desc, (struct sockaddr *)&client, &c); //Receive a message from client while( (read_size = recv(client_sock , client_message , 2000 , 0)) > 0{ // Wonderful, we have a client, do some useful work std::string msg("hello bob"); write(client_sock, msg.c_str(), msg.size()); } } 3 Author(s) names – Affiliation Lecture series title/ lecture title Stupid example: Let's make it parallel ! int main(int argc, char** argv){ // creat socket void do_work(int socket){ socket_desc = socket(AF_INET , SOCK_STREAM , 0); //Receive a message while( (read_size = // bind the socket recv(client_sock , bind(socket_desc, server , sizeof(server)); client_message , 2000 , 0)) > 0{ listen(socket_desc , 100); // Wonderful, we have a client // useful works //accept connection
  • Message Passing and Network Programming

    Message Passing and Network Programming

    Message Passing and Network Programming Advanced Operating Systems Lecture 13 Colin Perkins | https://csperkins.org/ | Copyright © 2017 | This work is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. Lecture Outline • Actors, sockets, and network protocols • Asynchronous I/O frameworks • Higher level abstractions Colin Perkins | https://csperkins.org/ | Copyright © 2017 2 Message Passing and Network Protocols • Recap: • Actor-based framework for message passing Send to • Each actor has a receive loop other actors Mailbox Actor Calls to one function per state Queue • Receive Message • Messages delivered by runtime system; Receiver processed sequentially Message Done Message Process • Actor can send messages in reply; Message Dispatcher return identity of next state Dequeue • Can we write network code this way? Request next • Send data by sending a message to an actor representing a socket • Receive messages representing data received on a socket Colin Perkins | https://csperkins.org/ | Copyright © 2017 3 Integrating Actors and Sockets Sending Thread Send to other actors Encoder Network Socket Mailbox Actor Queue Parser Receive Message Receiver Message Done Receiving Thread Message Process Message Dispatcher • Conceptually straightforward to integrate Dequeue actors with network code Request next • Runtime system maintains sending and
  • Copyright by Tongliang Liao 2017

    Copyright by Tongliang Liao 2017

    Copyright by Tongliang Liao 2017 The Thesis committee for Tongliang Liao certifies that this is the approved version of the following thesis: TAI: Threaded Asynchronous I/O Library for Performance and Portability APPROVED BY SUPERVISING COMMITTEE: Vijaychidambaram Velayudhan Pillai, Supervisor Simon Peter TAI: Threaded Asynchronous I/O Library for Performance and Portability by Tongliang Liao Thesis Presented to the Faculty of the Graduate School of the University of Texas at Austin in Partial Fulfillment of the Requirements for the Degree of Master of Science in Computer Science The University of Texas at Austin Dec 2017 TAI: Threaded Asynchronous I/O Library for Performance and Portability by Tongliang Liao, M.S.C.S The University of Texas at Austin, 2017 Supervisor: Vijaychidambaram Velayudhan Pillai In this paper, we investigate the behavior and performance of disk I/O using different types of libraries. We analyze the scenario where we can benefit from asyn- chronous I/O, and propose our cross-platform library design called TAI (Threaded Async I/O). TAI is designed to be a C++17 library with developer-friendly API. Our benchmark shows it can out-perform other libraries when asynchronous I/O is beneficial, and keep competitive speed in other cases. It also demonstrates TAI’s ability to retrieve 20% - 60% speedup on poorly scaled serial code by a simple library replacement. iv Table of Contents 1 Introduction 1 1.1 Related Work .................................................................................. 2 1.2 Background ..................................................................................... 2 1.2.1 POSIX Sync I/O ................................................................... 3 1.2.2 POSIX AIO .......................................................................... 3 1.2.3 C/C++ Standard I/O Functions............................................
  • A Sense of Time for Node.Js: Timeouts As a Cure for Event Handler Poisoning

    A Sense of Time for Node.Js: Timeouts As a Cure for Event Handler Poisoning

    A Sense of Time for Node.js: Timeouts as a Cure for Event Handler Poisoning Anonymous Abstract—The software development community has begun to new Denial of Service attack that can be used against EDA- adopt the Event-Driven Architecture (EDA) to provide scalable based services. Our Event Handler Poisoning attack exploits web services. Though the Event-Driven Architecture can offer the most important limited resource in the EDA: the Event better scalability than the One Thread Per Client Architecture, Handlers themselves. its use exposes service providers to a Denial of Service attack that we call Event Handler Poisoning (EHP). The source of the EDA’s scalability is also its Achilles’ heel. Multiplexing unrelated work onto the same thread re- This work is the first to define EHP attacks. After examining EHP vulnerabilities in the popular Node.js EDA framework and duces overhead, but it also moves the burden of time sharing open-source npm modules, we explore various solutions to EHP- out of the thread library or operating system and into the safety. For a practical defense against EHP attacks, we propose application itself. Where OTPCA-based services can rely on Node.cure, which defends a large class of Node.js applications preemptive multitasking to ensure that resources are shared against all known EHP attacks by making timeouts a first-class fairly, using the EDA requires the service to enforce its own member of the JavaScript language and the Node.js framework. cooperative multitasking [89]. An EHP attack identifies a way to defeat the cooperative multitasking used by an EDA-based Our evaluation shows that Node.cure is effective, broadly applicable, and offers strong security guarantees.
  • Overview Guide Release 21B F45060-01

    Overview Guide Release 21B F45060-01

    Oracle Utilities Customer Care and Billing Cloud Service Overview Guide Release 21B F45060-01 August 2021 Oracle Utilities Customer Care and Billing Cloud Service Release 21B Overview Guide Copyright © 2012, 2021 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation"
  • Industrial Ethernet Quick and Simple Explanation of Key Terms

    Industrial Ethernet Quick and Simple Explanation of Key Terms

    Industrial Ethernet Quick and simple explanation of key terms EN_Bro_Glossar_Netzwerktechnik_A6_Rev02.indd 1 26.05.14 15:26 Industrial Ethernet The use of industrial Ethernet communication offers many advantages and is becoming more common in the automation of production plants and machinery. Many new technical terms from the IT world are also being used in this context among industrial users. In this glossary, we have listed and explained the main techni- cal terms from the field of Industrial Ethernet – we make Ethernet easy. 2 PHOENIX CONTACT EN_Bro_Glossar_Netzwerktechnik_A6_Rev02.indd 2 26.05.14 15:26 Table of contents Glossary Pages 04 – 45 IEEE standards Pages 46 – 47 PHOENIX CONTACT 3 EN_Bro_Glossar_Netzwerktechnik_A6_Rev02.indd 3 26.05.14 15:26 Industrial Ethernet 10Base-T Standard for data transmission of 10 Mbps Ethernet using unshielded twisted pair cables (Category 3, 4 or 5). 100Base-FX Standard for data transmission of 100 Mbps Ethernet using fiber optic cables. 100Base-TX Standard for data transmission of 100 Mbps Ethernet using twisted pair cables (Category 5). Each connection is established via two wire pairs, one wire pair for “transmit data” and the other for “receive data”. 100Base-T Fast Ethernet; 100Base-T has been officially elevated to an IEEE standard as ITU 802.3u. This standard is essentially based on technologies for 10Base-T, the Ethernet version for twisted pair cables. There are several versions of 100Base-T, which differ with respect to the physical layer and therefore the transmission media: 100Base-TX, 100Base-T2, 100Base-T4, and 100Base-FX. With this method, the MAC level and therefore the conventional CSMA/CD access method are retained at a transmission speed of 100 Mbps.
  • Python Guide Documentation 0.0.1

    Python Guide Documentation 0.0.1

    Python Guide Documentation 0.0.1 Kenneth Reitz 2015 11 07 Contents 1 3 1.1......................................................3 1.2 Python..................................................5 1.3 Mac OS XPython.............................................5 1.4 WindowsPython.............................................6 1.5 LinuxPython...............................................8 2 9 2.1......................................................9 2.2...................................................... 15 2.3...................................................... 24 2.4...................................................... 25 2.5...................................................... 27 2.6 Logging.................................................. 31 2.7...................................................... 34 2.8...................................................... 37 3 / 39 3.1...................................................... 39 3.2 Web................................................... 40 3.3 HTML.................................................. 47 3.4...................................................... 48 3.5 GUI.................................................... 49 3.6...................................................... 51 3.7...................................................... 52 3.8...................................................... 53 3.9...................................................... 58 3.10...................................................... 59 3.11...................................................... 62
  • Node.Js: Building for Scalability with Server-Side Javascript

    Node.Js: Building for Scalability with Server-Side Javascript

    #141 CONTENTS INCLUDE: n What is Node? Node.js: Building for Scalability n Where does Node fit? n Installation n Quick Start with Server-Side JavaScript n Node Ecosystem n Node API Guide and more... By Todd Eichel Visit refcardz.com Consider a food vending WHAT IS NODE? truck on a city street or at a festival. A food truck In its simplest form, Node is a set of libraries for writing high- operating like a traditional performance, scalable network programs in JavaScript. Take a synchronous web server look at this application that will respond with the text “Hello would have a worker take world!” on every HTTP request: an order from the first customer in line, and then // require the HTTP module so we can create a server object the worker would go off to var http = require(‘http’); prepare the order while the customer waits at the window. Once Get More Refcardz! Refcardz! Get More // Create an HTTP server, passing a callback function to be the order is complete, the worker would return to the window, // executed on each request. The callback function will be give it to the customer, and take the next customer’s order. // passed two objects representing the incoming HTTP // request and our response. Contrast this with a food truck operating like an asynchronous var helloServer = http.createServer(function (req, res) { web server. The workers in this truck would take an order from // send back the response headers with an HTTP status the first customer in line, issue that customer an order number, // code of 200 and an HTTP header for the content type res.writeHead(200, {‘Content-Type’: ‘text/plain’}); and have the customer stand off to the side to wait while the order is prepared.
  • Event Handler Poisoning: Attacks and Defenses

    Event Handler Poisoning: Attacks and Defenses

    Event Handler Poisoning: Attacks and Defenses Anonymous Anonymous [email protected] Abstract—The software development community has begun to are the first to examine the security implications of using the adopt the Event-Driven Architecture (EDA) to provide scalable EDA at a software architecture-level. In xIII we describe a web services. Though the Event-Driven Architecture can offer new Denial of Service attack that can be used against EDA- better scalability than the One Thread Per Client Architecture, based services. Our Event Handler Poisoning attack identifies its use exposes service providers to a Denial of Service attack the most important limited resource in the EDA: the Event that we call Event Handler Poisoning (EHP). With the rise in the Handlers themselves. use of the EDA may come a plague of EHP attacks threatening critical Internet services. The EDA’s scalability is also its Achilles’ heel. Multiplex- In this work we define EHP attacks, dividing them into ing unrelated work onto the same thread reduces overhead, two types, CPU-bound and I/O-bound. After examining EHP but it also moves the burden of time sharing out of the thread vulnerabilities in the popular Node.js EDA framework and open- library or operating system and into the application itself. source npm modules, we explore two representative EHP attacks Where OTPCA-based services can rely on the preemptive in detail: Regular Expression Denial of Service (ReDoS) and I/O- multitasking promised by the underlying system to ensure based Denial of Service (IODoS). that resources are shared fairly, using the EDA requires the Using our Constant Worst-Case Execution Time (C-WCET) service to enforce its own cooperative multitasking [48].
  • Enhancing Quality of Service Metrics for High Fan-In Node.Js Applications by Optimising the Network Stack

    Enhancing Quality of Service Metrics for High Fan-In Node.Js Applications by Optimising the Network Stack

    DEGREE PROJECT, IN COMPUTER SCIENCE , SECOND LEVEL LAUSANNE, SWITZERLAND 2015 Enhancing Quality of Service Metrics for High Fan-In Node.js Applications by Optimising the Network Stack LEVERAGING IX: THE DATAPLANE OPERATING SYSTEM FREDRIK PETER LILKAER KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF COMPUTER SCIENCE AND COMMUNICATION (CSC) Enhancing Quality of Service Metrics for High Fan-in Node.js Applications by Optimising the Network Stack -Leveraging IX: The Dataplane Operating System FREDRIK PETER LILKAER DD221X, Master’s Thesis in Computer Science (30 ECTS credits) Degree Progr. in Computer Science and Engineering 300 credits Master Programme in Computer Science 120 credits Royal Institute of Technology year 2015 Supervisor at EPFL was Edouard Bugnion Supervisor at CSC wa s Carl-Henrik Ek Examiner wa s Johan Håstad Presented: 2015-10-01 Royal Institute of Technology School of Computer Science and Communication KTH CSC SE-100 44 Stockholm, Sweden URL: www.kth.se/csc Abstract This thesis investigates the feasibility of porting Node.js, a JavaScript web application framework and server, to IX, a data- plane operating system specifically developed to meet the needs of high performance microsecond-computing type of applications in a datacentre setting. We show that porting requires exten- sions to the IX kernel to support UDS polling, which we imple- ment. We develop a distributed load generator to benchmark the framework. The results show that running Node.js on IX improves throughput by up to 20.6%, latency by up to 5.23×, and tail latency by up to 5.68× compared to a Linux baseline. We show how server side request level reordering affect the la- tency distribution, predominantly in cases where the server is load saturated.