Light-Weight Contexts An OS Abstraction for Safety and Performance James Litton Anjo Vahldiek-Oberwagner Eslam Elnikety Deepak Garg Bobby Bhattacharjee Peter Druschel Max Planck Institute for Software Systems Process Unit of isolation, privilege separation, and program state 2 Fork Used to achieve distinct isolation, privilege separation, and program state Imposes scheduling and coordination overhead 3 Light-Weight Context Intra-process isolation of system resources 4 Light-Weight Context 5 Creating lwCs 6 lwCreate 7 lwCreate 8 lwCreate new,caller,args lwCreate(spec, options) ← 9 lwCreate new,caller,args lwCreate(spec, options) ← The child is a copy (via COW) of the parent by default 10 lwCreate new,caller,args lwCreate(spec, options) ← 11 lwCreate new,caller,args lwCreate(spec, options) ← The child may share or omit parent resources 12 lwSwitch caller,args lwSwitch(target, args) ← 13 lwSwitch caller,args lwSwitch(target, args) ← 14 lwSwitch caller,args lwSwitch(target, args) ← lwSwitch provides coroutine semantics 15 lwSwitch caller,args lwSwitch(target, args) ← lwSwitch provides coroutine semantics 16 API Summary Create lwC new,caller,args lwCreate(spec, options) Switch to lwC ← caller,args lwSwitch(target, args) Resource Access ← status lwRestrict(lwc, spec) status lwOverlay(lwc, spec) ← status lwSyscall(target, mask, ← syscall, args) ← 17 Common uses • Session isolation 18 Common uses • Session isolation • Sensitive data isolation 19 Common uses • Session isolation • Sensitive data isolation • Snapshot and rollback 20 Common uses • Session isolation • Sensitive data isolation • Snapshot and rollback • Reference monitoring 21 Snapshots 22 Snapshots 23 Snapshots 24 Snapshots 25 Snapshots 26 Snapshots 27 Snapshots 28 Snapshots 29 Snapshots 30 Snapshots 31 Snapshots 32 Snapshots 33 Snapshots 34 Snapshots 35 Snapshots 36 Snapshots 37 Reference Monitor 38 Reference Monitor 39 Reference Monitor 40 Reference Monitor 41 Reference Monitor 42 Reference Monitor 43 Reference Monitor 44 Reference Monitor 45 Reference Monitor 46 Reference Monitor 47 Reference Monitor 48 Reference Monitor 49 Reference Monitor 50 Reference Monitor 51 Evaluation • Microbenchmarks – lwCreate – lwSwitch – Reference monitoring (systrap) • Apache (v. 2.4.18) – Session isolation – Reference monitoring • Nginx (v. 1.9.15) – Session isolation – Reference monitoring – SSL private key isolation • PHP (v. 7.0.11) – Fast startup via snapshots 52 Creation/Destruction Cost • No pages dirtied – 87.7 microseconds • Additional COW cost per page dirtied – ~ 3.4 microseconds 53 Switching Cost 4.5 4 3.5 3 2.5 2 microseconds 1.5 1 0.5 0 lwC process k-thread Switch target 54 Evaluation – nginx • High performance web server – Asynchronous & event-driven – No session isolation 55 nginx execution 56 nginx execution 57 nginx execution 58 nginx execution 59 nginx execution 60 nginx execution 61 nginx execution 62 Evaluation - nginx H T T P 63 Evaluation - nginx H T T P 64 Evaluation - nginx H T T P 65 Evaluation - PHP-FCGI • Use lwC snapshots to speed up PHP • Evaluated using Zend MVC Framework 66 PHP Execution 67 PHP Execution 68 PHP Execution 69 PHP Execution 70 PHP Execution 71 PHP Fast Startup 72 PHP Fast Startup 73 PHP Fast Startup 74 Evaluation - PHP-FCGI 1800 1600 1400 1200 1000 opcode cache disabled 800 opcode cache enabled 600 Requests per per second Requests 400 200 0 Stock PHP lwC PHP 75 Light-Weight Contexts Source code will be available at http://www.cs.umd.edu/projects/lwc/ Max Planck Institute for 76 Software Systems.