SPARTA: A Divide and Conquer Approach to Address Translation for Accelerators arXiv.cs.OS Pub Date : 2020-01-20 Javier Picorel; Seyed Alireza Sanaee Kohroudi; Zi Yan; Abhishek Bhattacharjee; Babak Falsafi; Djordje Jevdjic
Virtual memory (VM) is critical to the usability and programmability of hardware accelerators. Unfortunately, implementing accelerator VM efficiently is challenging because the area and power constraints make it difficult to employ the large multi-level TLBs used in general-purpose CPUs. Recent research proposals advocate a number of restrictions on virtual-to-physical address mappings in order to reduce the TLB size or increase its reach. However, such restrictions are unattractive because they forgo many of the original benefits of traditional VM, such as demand paging and copy-on-write. We propose SPARTA, a divide and conquer approach to address translation. SPARTA splits the address translation into accelerator-side and memory-side parts. The accelerator-side translation hardware consists of a tiny TLB covering only the accelerator's cache hierarchy (if any), while the translation for main memory accesses is performed by shared memory-side TLBs. Performing the translation for memory accesses on the memory side allows SPARTA to overlap data fetch with translation, and avoids the replication of TLB entries for data shared among accelerators. To further improve the performance and efficiency of the memory-side translation, SPARTA logically partitions the memory space, delegating translation to small and efficient per-partition translation hardware. Our evaluation on index-traversal accelerators shows that SPARTA virtually eliminates translation overhead, reducing it by over 30x on average (up to 47x) and improving performance by 57%. At the same time, SPARTA requires minimal accelerator-side translation hardware, reduces the total number of TLB entries in the system, gracefully scales with memory size, and preserves all key VM functionalities.
Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX arXiv.cs.OS Pub Date : 2020-01-21 Youren Shen; Hongliang Tian; Yu Chen; Kang Chen; Runji Wang; Yi Xu; Yubin Xia
Intel Software Guard Extensions (SGX) enables user-level code to create private memory regions called enclaves, whose code and data are protected by the CPU from software and hardware attacks outside the enclaves. Recent work introduces library operating systems (LibOSes) to SGX so that legacy applications can run inside enclaves with few or even no modifications. As virtually any non-trivial application demands multiple processes, it is essential for LibOSes to support multitasking. However, none of the existing SGX LibOSes support multitasking both securely and efficiently. This paper presents Occlum, a system that enables secure and efficient multitasking on SGX. We implement the LibOS processes as SFI-Isolated Processes (SIPs). SFI is a software instrumentation technique for sandboxing untrusted modules (called domains). We design a novel SFI scheme named MPX-based, Multi-Domain SFI (MMDSFI) and leverage MMDSFI to enforce the isolation of SIPs. We also design an independent verifier to ensure the security guarantees of MMDSFI. With SIPs safely sharing the single address space of an enclave, the LibOS can implement multitasking efficiently. The Occlum LibOS outperforms the state-of-the-art SGX LibOS on multitasking-heavy workloads by up to 6,600X on micro-benchmarks and up to 500X on application benchmarks.
SGX-LKL: Securing the Host OS Interface for Trusted Execution arXiv.cs.OS Pub Date : 2019-08-29 Christian Priebe; Divya Muthukumaran; Joshua Lind; Huanzhou Zhu; Shujie Cui; Vasily A. Sartakov; Peter Pietzuch
Hardware support for trusted execution in modern CPUs enables tenants to shield their data processing workloads in otherwise untrusted cloud environments. Runtime systems for the trusted execution must rely on an interface to the untrusted host OS to use external resources such as storage, network, and other functions. Attackers may exploit this interface to leak data or corrupt the computation. We describe SGX-LKL, a system for running Linux binaries inside of Intel SGX enclaves that only exposes a minimal, protected and oblivious host interface: the interface is (i) minimal because SGX-LKL uses a complete library OS inside the enclave, including file system and network stacks, which requires a host interface with only 7 calls; (ii) protected because SGX-LKL transparently encrypts and integrity-protects all data passed via low-level I/O operations; and (iii) oblivious because SGX-LKL performs host operations independently of the application workload. For oblivious disk I/O, SGX-LKL uses an encrypted ext4 file system with shuffled disk blocks. We show that SGX-LKL protects TensorFlow training with a 21% overhead.
On Schedulability Analysis of EDF Scheduling by Considering Suspension as Blocking arXiv.cs.OS Pub Date : 2020-01-16 Mario Guenzel; Jian-Jia Chen
During the execution of a job, it may suspend itself, i.e., its computation ceases to process until certain activities are complete to be resumed. This paper provides a counterexample of the schedulability analysis by Devi in Euromicro Conference on Real-Time Systems (ECRTS) in 2003.
Online Scheduling with Makespan Minimization: State of the Art Results, Research Challenges and Open Problems arXiv.cs.OS Pub Date : 2020-01-14 Debasis Dwibedy; Rakesh Mohanty
Online scheduling has been a well studied and challenging research problem over the last five decades since the pioneering work of Graham with immense practical significance in various applications such as interactive parallel processing, routing in communication networks, distributed data management, client-server communications, traffic management in transportation, industrial manufacturing and production. In this problem, a sequence of jobs is received one by one in order by the scheduler for scheduling over a number of machines. On arrival of a job, the scheduler assigns the job irrevocably to a machine before the availability of the next job with an objective to minimize the completion time of the scheduled jobs. This paper highlights the state of the art contributions for online scheduling of a sequence of independent jobs on identical and uniform related machines with a special focus on preemptive and non-preemptive processing formats by considering makespan minimization as the optimality criterion. We present the fundamental aspects of online scheduling from a beginner's perspective along with a background of general scheduling framework. Important competitive analysis results obtained by well-known deterministic and randomized online scheduling algorithms in the literature are presented along with research challenges and open problems. Two of the emerging recent trends such as resource augmentation and semi-online scheduling are discussed as a motivation for future research work.
Runtime Verification of Linux Kernel Security Module arXiv.cs.OS Pub Date : 2020-01-06 Denis Efremov; Ilya Shchepetkov
The Linux kernel is one of the most important Free/Libre Open Source Software (FLOSS) projects. It is installed on billions of devices all over the world, which process various sensitive, confidential or simply private data. It is crucial to establish and prove its security properties. This work-in-progress paper presents a method to verify the Linux kernel for conformance with an abstract security policy model written in the Event-B specification language. The method is based on system call tracing and aims at checking that the results of system call execution do not lead to accesses that violate security policy requirements. As a basis for it, we use an additional Event-B specification of the Linux system call interface that is formally proved to satisfy all the requirements of the security policy model. In order to perform the conformance checks we use it to reproduce intercepted system calls and verify accesses.