the open kernel environment
play

The Open Kernel Environment (opening up all levels of the processing - PowerPoint PPT Presentation

Dec 15, 2023 •370 likes •631 views

The Open Kernel Environment (opening up all levels of the processing hierarchy in a 'safe' manner) Herbert Bos Bart Samwel Leiden University {herbertb,bsamwel}@liacs.nl http://www.liacs.nl/~herbertb/projects/oke/ H. Bos Leiden University

  1. The Open Kernel Environment (opening up all levels of the processing hierarchy in a 'safe' manner) Herbert Bos Bart Samwel Leiden University {herbertb,bsamwel}@liacs.nl http://www.liacs.nl/~herbertb/projects/oke/ H. Bos – Leiden University 1/15/03 1

  2. What is this about? ● goals: (1) allow 3 rd party programming of lower levels (2) safety enforced by software based isolation ● target: environments with little hardware support for isolating applications – so, no MMU or privileged instructions – example: Linux kernel, network processors ● fully optimised native code / speed ● safety/resource control – CPU, heap, stack, API, etc H. Bos – Leiden University 1/15/03 1

  3. OKE: Open Kernel Environment explicit trust management + trusted compiler ● • compiler: restrict code's access to resources depending on privileges • code loader • accepts code + authentication + credentials • if match : load code of specific type • type = with specific resource restrictions • instantiation of type happens by parameterisation • example: type = { MAX_HEAP < 1 MB } • example: instantiation = { MAX_HEAP = 100 kB } • restrictions • CPU, heap, stack (recursion), APIs • pointer, private data, access to memory bus (and more) H. Bos – Leiden University 1/15/03 1

  4. OKE Compiler object src OKE credentials Compiler (trusted) ESC policy Network parameter Object code Module A OKE Module B Compilation support code record Module C H. Bos – Leiden University 1/15/03 1

  5. OKE Code Loader admission control resources object code OKE credentials Code Loader compilation record Network Module A • credential-based authorisation used for other SCAMPI operations as well OKE Module B • compilation record is just another credential support code Module C • credentials are set explicitly and used transparently: scampi _set_authorisation_cred () H. Bos – Leiden University 1/15/03 1

  6. OKE Credentials: delegated trust management • delegated trust management using KeyNote and OpenSSL • condition can be environment specific KeyNote-Version: 2 Comment: trivial policy: authorise licensees for operation 'createFlow' Authorizer: "POLICY" Licensees: "rsa-base64:MEgCQQDMcZukqn3Wa4Z2y3wKljB/eoFnDRfNN\ B72OJLsfW6SnFRLKbXrgEnEP+7LevQEI0KsUq8NsgQmtx1btq\ lqyETdAgMBAAE=" Conditions: app_domain == "SCAMPI.MAPI" && op == "createFlow" -> "true"; KeyNote-Version: 2 Comment: OKE CL credential authorising client to load code of this type Authorizer: "rsa-base64:MEgCQQDMcZukqn3Wa4Z2y3wKljB/eoFnDRfNN\ B72OJLsfW6SnFRLKbXrgEnEP+7LevQEI0KsUq8NsgQmtx1btq\ lqyETdAgMBAAE=" Licensees: "rsa-base64:ABCDE12345" Conditions: app_domain == "SCAMPI.MAPI" && op == "createFlow" \ && param2 == "10.0.0.1" -> "true"; Signature: "sig-rsa-sha1-base64:Du1uNVtNv8sAhjni/8UnzI9H+/VM\ 9GnSM/ppgfEOAmO/QzSESYZgrwsMEPlzAFqnbNGfwusxlXEIz\ H. Bos – Leiden University 1/15/03 1

  7. Environment Setup Code (ESC) ● policies implemented as ESC that is automatically prepended to user code – defines runtime support – explicitly declares API the code can use – removes the ability to ● declare/import new APIs ● access the 'private parts' of ESC ● perform unsafe operations ● 1 translation unit => whole program analysis - part 1: macro definitions expressing parameterisation - part 2: ESC - part 3: user code H. Bos – Leiden University 1/15/03 1

  8. OKE programming language ● many different user 'classes' with different trade- offs regarding the amount of restriction needed – students – system administrators – anonymous ● avoid special-purpose languages (rather: 1 language that can be customised) ● interfacing with rest of kernel important ● ideally something like C ● Cyclone (“a crash-free dialect of C”) H. Bos – Leiden University 1/15/03 1

  9. Language features for safety ● Cyclone: strongly typed, pointer protected, garbage collected, and provides region-based mem protection ● A measure of safety is provided by combination of existing Cyclone and new features ● Spatial pointer safety – bounded pointers – non-nullable pointers -> not checked – 'normal' C pointers -> always checked H. Bos – Leiden University 1/15/03 1

  10. Language features for safety ● Temporal pointer safety – region-based protection (e.g. to prevent returning the address of a local variable), added kernel region – RBP and GC work well for Cyclone-only, but present safety issues when interacting with C code – for example: suppose an OKE module holds a pointer to kernel memory – OKE solution: ● delayed freeing plus (place blocks on kill list) ● new GC: O(n) in # of allocated blocks) ● GC round just prior to activation of the OKE module (hmmm...) ● nullifies pointers or kills modules ● delayed freeing: not always needed H. Bos – Leiden University 1/15/03 1

  11. Language features for safety ● Language restrictions forbid construct, e.g.: – forbid extern “C” // no import of C APIs – forbid namespace ... // no access to specific namespace – forbid catch ... // do not catch certain exceptions ● API and entry point wrapping – potential entry points explicitly declared (pointers can only be taken of functions declared extern) – automatically wrapped in ESC (“wrap extern”) – kernel APIs may also be wrapped H. Bos – Leiden University 1/15/03 1

  12. Language features for safety ● Sensitive data protection at compile time locked construct – sharing: parts of a data structure should be inaccessible – normal solution: anonymising – locked variables cannot be used in calculations and cannot be cast – may be declared const H. Bos – Leiden University 1/15/03 1

  13. Language features for safety ● Stack overrun protection – some dynamic checking needed (but flexible) – 2 parameters: bound and granularity H. Bos – Leiden University 1/15/03 1

  14. OKE features for safety ● timeout protection – multiple solutions ● dynamic checks in backward jumps ● timer interrupt: applied in Linux kernel ● other: applied in IXP1200 network processor – timer interrupt ● on return from interrupt: check if timeout is detected ● if so, jump to callback function registered by ESC ● this function may throw exception ● takes into account if code is executing kernel or OKE code H. Bos – Leiden University 1/15/03 1

  15. FEC overhead over C H. Bos – Leiden University 1/15/03 1

  16. Audio resampling overhead over C H. Bos – Leiden University 1/15/03 1

  17. OKE sub-projects ● OKE Corral (“OKE, Click and a dash of active networks”) ● Diet OKE (“network processors”) OKE Corral: H. Bos – Leiden University 1/15/03 1

  18. HOKE-POKE: applying OKE concepts to multiple levels push monitoring functionality to the microengines • counters • filters H. Bos – Leiden University 1/15/03 1

  19. Conclusions Advantages � OKE may form a basis for resource control even when there are multiple, mutually mistrusting parties � OKE provides resource control if required, while not incurring overhead, if not � OKE authorisation procedures can be applied throughout SCAMPI � OKE overhead can be very small indeed Disadvantages � runtime resource control comes at a runtime cost � writing ESC is complex In SCAMPI � // authorise any operation scampi_set_authorisation_creds(priv, pub, creds) � // load code (OKE or other) anywhere scampi_load_code (id, type, location, param) � scampi_unload_code (id) H. Bos – Leiden University 1/15/03 1

  20. Diet OKE – multiple application simultaneous access to microengines – application granularity: microengine ● killing applications running on MEs – by control processor (StrongARM) ● packet access – prefiltering – locked fields (compile time) ● memory access – static memory allocation + protection in API – bounds checking at runtime ● stack is not a problem H. Bos – Leiden University 1/15/03 1

  21. Diet OKE ● application framework: granularity = microengine ● 1 ME for packet reception ● 5 MEs for applications ● target: network monitors ● third parties can “plugin” their own functions ● 4 threads H. Bos – Leiden University 1/15/03 1

  22. Diet OKE ● packets received in circular buffer structure in SRAM + SDRAM ● applications can read packets whenever data is available ● fields: receive – Count – flags: W, R*, Done* ● mopping mechanism.... mop H. Bos – Leiden University 1/15/03 1

  23. Diet OKE Throughput H. Bos – Leiden University 1/15/03 1

  24. Diet OKE Applications H. Bos – Leiden University 1/15/03 1

  25. Garbage collector ● mark and sweep, assumes strong typing ● automatically generated code based on whole program analysis (compiler front-end) ● compiler detects which types can be allocated by module – by enumerating types of new and malloc – generates marking functions for each type – defines how to scan mem block of specific type for pointers – contains call to GC for every pointer in type – mem allocation calls: pass * marking function to mem subsystem – GC time: call marking functions for each block H. Bos – Leiden University 1/15/03 1

Recommend

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
P4 and Open vSwitch Ben Pfaff blp@nicira.com Open vSwitch Commiter Open vSwitch Architecture

P4 and Open vSwitch Ben Pfaff blp@nicira.com Open vSwitch Commiter Open vSwitch Architecture

P4 and Open vSwitch Ben Pfaff blp@nicira.com Open vSwitch Commiter Open vSwitch Architecture ... VM 1 VM 2 VM n VMs Netlink Hypervisor OVSDB kernel module ovsdb-server ovs-vswitchd user kernel OpenFlow OVSDB NICs Controller

163 views • 13 slides
ZFS Enhancing the Open Source Storage System (and the Kernel) 1 Christian Kendi Who am I?

ZFS Enhancing the Open Source Storage System (and the Kernel) 1 Christian Kendi Who am I?

ZFS Enhancing the Open Source Storage System (and the Kernel) 1 Christian Kendi Who am I? Soy Christian Kendi I do IT-Security Consultant (Kernel)-Developer Penetration tester Exploit coder CEO &amp; Founder of

591 views • 35 slides
LHC Open Network Environment LHC Open Network Environment LHC ONE Artur Barczyk California

LHC Open Network Environment LHC Open Network Environment LHC ONE Artur Barczyk California

LHC Open Network Environment LHC Open Network Environment LHC ONE Artur Barczyk California Institute of Technology California Institute of Technology GLIF Technical Working Group Meeting Hong Kong, February 25 th , 2011 g g, y , 1 2

779 views • 28 slides
A Runtime Environment for Online Processing of Operating System Kernel Events Michael Schbel,

A Runtime Environment for Online Processing of Operating System Kernel Events Michael Schbel,

A Runtime Environment for Online Processing of Operating System Kernel Events Michael Schbel, Andreas Polze 7th Intl. Workshop on Dynamic Analysis (WODA) 20. July 2009 Chicago, IL OS Kernel Event Tracing 2 Dynamic Analysis Usage

889 views • 20 slides
Feb 6: Parametric distributions What is a notebook anyway? The kernel stores the environment ,

Feb 6: Parametric distributions What is a notebook anyway? The kernel stores the environment ,

Feb 6: Parametric distributions What is a notebook anyway? The kernel stores the environment , representing variable names and their values. The notebook server listens for web requests The browser only stores the and passes them to the

490 views • 11 slides
FreeBSD Development for Smarties The quest for a better kernel development environment Lawrence

FreeBSD Development for Smarties The quest for a better kernel development environment Lawrence

FreeBSD Development for Smarties The quest for a better kernel development environment Lawrence Stewart lastewart@swin.edu.au Centre for Advanced Internet Architectures (CAIA) Swinburne University of Technology Outline Getting started 1

394 views • 35 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
Mapping the Urban Environment: Open Map Dataand Why it Matters Now @TylerSRadford @HOTOSM

Mapping the Urban Environment: Open Map Dataand Why it Matters Now @TylerSRadford @HOTOSM

Mapping the Urban Environment: Open Map Dataand Why it Matters Now @TylerSRadford @HOTOSM City populations soaring; Africa urbanizing most rapidly Why open map data, and why now? What is Open Map Data? OpenStreetMap Free, open,

605 views • 44 slides
Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based

Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based

Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based multihoming protocol 2 Traditional Multihoming peerlink switch2 switch1 Host2 Host1 3 Open Multihoming solution with VxLAN Overlay E-VPN

673 views • 11 slides
The Case for Cooperative Kernel Threads Yanjin Zhu (student) Leonid Ryzhyk (student) Peter Chubb

The Case for Cooperative Kernel Threads Yanjin Zhu (student) Leonid Ryzhyk (student) Peter Chubb

The Case for Cooperative Kernel Threads Yanjin Zhu (student) Leonid Ryzhyk (student) Peter Chubb Ihor Kuz Gernot Heiser NICTA, University of New South Wales, Open Kernel Labs Preemptive Kernel Threads Most OS kernels are multithreaded

231 views • 5 slides
Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Kernel Method Many machine learning tasks can be expressed as a function of the inner product

389 views • 22 slides
1 Kernel methods &amp; optimization One example of a kernel that is frequently used in practice

1 Kernel methods &amp; optimization One example of a kernel that is frequently used in practice

Machine Learning Class Notes 9-25-12 Prof. David Sontag 1 Kernel methods &amp; optimization One example of a kernel that is frequently used in practice and which allows for highly non-linear discriminant functions is the Gaussian kernel,

241 views • 5 slides
SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk

SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk

SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang, Peng Ning Samsung KNOX R&amp;D, Samsung Research America Motivation Operating system kernels

543 views • 25 slides
Coccinelle: 10 Years of Automated Evolution in the Linux Kernel Julia Lawall (Inria-Whisper team,

Coccinelle: 10 Years of Automated Evolution in the Linux Kernel Julia Lawall (Inria-Whisper team,

Coccinelle: 10 Years of Automated Evolution in the Linux Kernel Julia Lawall (Inria-Whisper team, Julia.Lawall@inria.fr) March 2, 2020 1 Our focus: The Linux kernel Open source OS kernel, developed by Linus Torvalds First released in

460 views • 44 slides
A Survivor's Guide to Contributing to the Linux Kernel Javier Martinez Canillas Samsung Open

A Survivor's Guide to Contributing to the Linux Kernel Javier Martinez Canillas Samsung Open

A Survivor's Guide to Contributing to the Linux Kernel Javier Martinez Canillas Samsung Open Source Group javier@osg.samsung.com Samsung Open Source Group 1 Agenda Motivation Linux development process Contribution steps

1.17k views • 55 slides
Rump File Systems Kernel Code Reborn Antti Kantee pooka@cs.hut.fi Helsinki University of

Rump File Systems Kernel Code Reborn Antti Kantee pooka@cs.hut.fi Helsinki University of

Rump File Systems Kernel Code Reborn Antti Kantee pooka@cs.hut.fi Helsinki University of Technology USENIX Annual Technical Conference, San Diego, USA June 2009 Introduction kernel / userspace dichotomy interfaces dictate environment

544 views • 25 slides
Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Overview Preliminaries Kernel ridge regression Kernel -means clustering

476 views • 25 slides
Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

3/1/20 COMP 790: OS Implementation COMP 790: OS Implementation Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

647 views • 8 slides
D-Bus in the Kernel LinuxCon 2014, Tokyo, Japan May 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel LinuxCon 2014, Tokyo, Japan May 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel LinuxCon 2014, Tokyo, Japan May 2014 D-Bus in the Kernel Who? Greg Kroah-Hartman, David Herrmann, Daniel Mack, Lennart Poettering, Kay Sievers with help from Tejun Heo D-Bus in the Kernel Most newer OS designs started

1.35k views • 111 slides
Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda mulix@mulix.org IBM Haifa Research Lab Kernel Debugging, Haifux 2003 p.1/19 Kernel Debugging - Why? Why would we want to debug the kernel? after

308 views • 19 slides
1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
Kernel PCA for SNe Kernel PCA for SNe photometric classification photometric classification

Kernel PCA for SNe Kernel PCA for SNe photometric classification photometric classification

Kernel PCA for SNe Kernel PCA for SNe photometric classification photometric classification Emille E. O. Ishida IAG University of Sao Paulo, Brazil In collaboration with Rafael S. De Souza (KASI) astro-ph/1201.6676 IAU General Assembly,

155 views • 14 slides
The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel

The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel

The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel Asynchrony Processes Protection Kernel The software component that controls the hardware directly and implements the core privileged OS

934 views • 62 slides

More recommend