Operating System (OS) is the fundamental layer that provides and mediates accessesto a computer system’s resources for user application programs. The everincreasing size and complexity of the OS code bring the inevitable increase in thenumber of security vulnerabilities that can be exploited by attackers. A successfulsecurity attack on the OS has a profound impact because the OS runs at the highestprocessor privilege level. An OS kernel crash can freeze the entire system, terminateall running processes, and cause a long period of system unavailability. Given the increasingtrend of OS security faults and the dire consequences of successful OS kernelattacks, we strive to make the OS kernel survivable, i.e. able to keep normal systemoperation despite security faults.This works makes several contributions. First, we propose an OS survivabilityscheme that consists of three inseparable components: (1) Security attack detectionmechanism, (2) security fault isolation mechanism, and (3) recovery mechanism thatresumes normal system operation. We analyze the underlying performance requirementfor each of the components and propose simple but carefully-designed architecturesupport to reduce the performance overhead. When testing with real worldsecurity attacks, our survivability scheme automatically isolates the security faultsfrom corrupting the kernel state or affecting other executing processes, recovers the kernel state and resumes execution.Second, in order to overcome the performance overhead incurred by the checkpointing-based recovery mechanism that extensively uses bulk memory copying andinitialization operations, we propose efficient architecture support for improving bulkmemory copying and initialization performance. While many of the current systemsrely on a loop of loads and stores, or use a single copying instruction to performmemory copying, in this work we demonstrate that the key to significantly improvingthe performance is removing pipeline and cache bottlenecks of the code that followsthe copying instructions. We show that the bottlenecks arise due to (1) the pipelineclogged by the copying instruction, (2) lengthened critical path due to dependentinstructions stalling while waiting for the copying to complete, and (3) the inabilityto specify (separately) the cacheability of the source and destination regions. Wepropose FastBCI, an architecture support that achieves the granularity efficiency of abulk copying/initialization instruction, but without its pipeline and cache bottlenecks.When applied to OS kernel buffer management, we show that on average FastBCIachieves anywhere between 23% to 32% speedup ratios, which is roughly 3×–4× ofan alternative scheme, and 1.5×–2× of a highly optimistic DMA; When applied toour OS survivability scheme, we show that an average of 1.0% performance overheadcan be achieved by our survivability scheme.
【 预 览 】
附件列表
Files
Size
Format
View
Architecture Support for Operating System Survivability and Efficient Bulk Memory Copying and Initialization
PDF
download
878987797
028-85220240
