Sandboxing restricts what applications do, and prevents exploited processes being abused; yet relatively few applications get sandboxed: why? We report a usability trial with 7 experienced Seccomp developers exploring how they approached sandboxing an application and the difficulties they faced. The developers each approached sandboxing the application differently and each came to different solutions. We highlight many challenges of using Seccomp, the sandboxing designs by the participants, and what developers think would make it easier for them to sandbox applications effectively.
The European Union technological sovereignty strategy centers around the RISC-V Instruction Set Architecture, with the European Processor Initiative leading efforts to build production-ready processors. Focusing on realizing a functional RISC-V ecosystem, the BZL initiative (www.bzl.es) is making an effort to create a software stack along with the hardware. In this work, we detail the efforts made in porting a widely used syscall interception library, mainly used on AdHocFS (i.e., DAOS, GekkoFS), to RISC-V and how we overcame some of the limitations encountered.
Far-memory systems, where applications store less-active data in more energy-efficient memory media, are increasingly adopted by data centers. However, applications are bottlenecked by on-demand data fetching from far- to local-memory. We present Memix, a far-memory system that embodies a deep-learning-system co-design for efficient and accurate prefetching, minimizing on-demand far-memory accesses. One key observation is that memory accesses are shaped by both application semantics and runtime context, providing an opportunity to optimize each independently. Preliminary evaluation of Memix on data-intensive workloads shows that it outperforms the state-of-the-art far-memory system by up to 42%.
We present a novel mechanism to construct a covert channel based on page faults. A page fault is an event that occurs when a process or a thread tries to access a page of memory that is not currently mapped to its address space. The kernel typically responds to this event by performing a context switch to allow another process or thread to execute while the page is being fetched from the disk. We exploit this behavior to allow a malicious process to leak secret data to another process, bypassing the isolation mechanisms enforced by the operating system. These attacks do not leverage timers and are hardwareagnostic. Experimental results demonstrate that this attack can achieve a bit error rate of under 4%
Heitor Romero Marques, Patricia Dos Santos Figueiredo
Este artigo, de abordagem qualitativa, método analítico-sintético do tipo revisão bibliográfica, e pertinente ao estudo de Braille/Libras, foi implementado e norteado sobre a história, a crítica e a linguística desses dois sistemas de inclusão. O Braille é um código tátil para leitura e escrita, usado pelos cegos e pelos surdoscegos. Já, a Libras é uma Língua que apresenta classes gramaticais, lexicais e até dialetos regionais, ou seja, é um idioma usado pelos surdos brasileiros, portanto, a Língua de Sinais sofre mudanças nos demais países do mundo. Ambos os métodos linguísticos, trazem tanto a comunidade surda quanto a comunidade cega, uma demanda de dor e abandono que sofreram na sociedade preconceituosa, que desde a antiguidade já apresentava tabus, crenças limitantes; mas que foram abolidas na prática, por Leis e pelas lutas árduas que os surdos e os cegos, e, os surdoscegos tiveram até chegarem ao cenário atual, espaço que ainda precisa muito a melhorar, crescer e expandir. Em suma, é imprescindível falar do Braille e da Libras, sem falar da cultura surda, da cultura cega, sem mencionar da trajetória sincrônica e diacrônica que ambas as comunidades passaram para conquistar seus direitos humanos e educacionais
In the context of Project Lilliput, which attempts to reduce the size of object header in the HotSpot Java Virtual Machine (JVM), we explore a curated set of synchronization algorithms. Each of the algorithms could serve as a potential replacement implementation for the "synchronized" construct in HotSpot. Collectively, the algorithms illuminate trade-offs in space-time properties. The key design decisions are where to locate synchronization metadata (monitor fields), how to map from an object to those fields, and the lifecycle of the monitor information. The reader is assumed to be familiar with current HotSpot implementation of "synchronized" as well as the Compact Java Monitors (CJM) design and Project Lilliput.
NVM is used as a new hierarchy in the storage system, due to its intermediate speed and capacity between DRAM, and its byte granularity. However, consistency problems emerge when we attempt to put DRAM, NVM, and disk together as an efficient whole. In this paper, we discuss the challenging consistency problems faced by heterogeneous storage systems, and propose our solution to the problems. The discussion is based on NVPC as a case study, but can be inspiring and adaptive to all similar heterogeneous storage systems.
Mariana Villarim, João Marcos Costa, Diomadson Belfort
U-Boot is a notorious bootloader and Open Source project. This work had as objective adding support for the SquashFS filesystem to U-Boot and the support developed was submitted as a contribution to the project. The bootloader is responsible, in this context, for loading the kernel and the device tree blob into RAM. It needs to be capable of reading a storage device's partition formatted with a specific filesystem type. Adding this support allows U-Boot to read from SquashFS partitions. The source code was submitted to U-Boot's mailing list through a series of patches to be reviewed by one of the project's maintainer. Once it gets merged, the support will be used and modified by U-Boot's international community.
Michael Greenberg, Konstantinos Kallas, Nikos Vasilakis
et al.
This document summarizes the challenges and possible research directions around the shell and its ecosystem, collected during and after the HotOS21 Panel on the future of the shell. The goal is to create a snapshot of what a number of researchers from various disciplines -- connected to the shell to varying degrees -- think about its future. We hope that this document will serve as a reference for future research on the shell and its ecosystem.
Mixed-criticality systems combine real-time components of different levels of criticality, i.e. severity of failure, on the same processor, in order to obtain good resource utilisation. They must guarantee deadlines of highly-critical tasks at the expense of lower-criticality ones in the case of overload. Present operating systems provide inadequate support for this kind of system, which is of growing importance in avionics and other verticals. We present an approach that provides the required asymmetric integrity and its implementation in the high-assurance seL4 microkernel.
Failure injection in distributed systems has been an important issue to experiment with robust, resilient distributed systems. In order to reproduce real-life conditions, parts of the application must be killed without letting the operating system close the existing network communications in a "clean" way. When a process is simply killed, the OS closes them. SystemTap is a an infrastructure that probes the Linux kernel's internal calls. If processes are killed at kernel-level, they can be destroyed without letting the OS do anything else. In this paper, we present a kernel-level failure injection system based on SystemTap. We present how it can be used to implement deterministic and probabilistic failure scenarios.
This paper is a comprehensive survey of the various operating systems available for the Internet of Things environment. At first the paper introduces the various aspects of the operating systems designed for the IoT environment where resource constraint poses a huge problem for the operation of the general OS designed for the various computing devices. The latter part of the paper describes the various OS available for the resource constraint IoT environment along with the various platforms each OS supports, the software development kits available for the development of applications in the respective OS along with the various protocols implemented in these OS for the purpose of communication and networking.
This paper is proposing a general periodicity result concerning any deterministic and memoryless scheduling algorithm (including non-work-conserving algorithms), for any context, on identical multiprocessor platforms. By context we mean the hardware architecture (uniprocessor, multicore), as well as task constraints like critical sections, precedence constraints, self-suspension, etc. Since the result is based only on the releases and deadlines, it is independent from any other parameter. Note that we do not claim that the given interval is minimal, but it is an upper bound for any cycle of any feasible schedule provided by any deterministic and memoryless scheduler.
The objective of this article is to provide for the reader a basic description of all the steps involved in the COM object life-cycle process. COM is a software technology and process performer. The first section briefly introduces the Component Object Model (COM), considering the process of the COM object life cycle as the baseline of all COM issues. The second part describes in detail the basic steps of the process - client request, server location, object creation, interaction, and disconnection. A brief description is given for the components involved in each step. Finally, the third section provides a brief conclusion summarizing all the process steps.
We investigate the global scheduling of sporadic, implicit deadline, real-time task systems on multiprocessor platforms. We provide a task model which integrates job parallelism. We prove that the time-complexity of the feasibility problem of these systems is linear relatively to the number of (sporadic) tasks for a fixed number of processors. We propose a scheduling algorithm theoretically optimal (i.e., preemptions and migrations neglected). Moreover, we provide an exact feasibility utilization bound. Lastly, we propose a technique to limit the number of migrations and preemptions.
Energy-efficient real-time task scheduling has been actively explored in the past decade. Different from the past work, this paper considers schedulability conditions for stochastic real-time tasks. A schedulability condition is first presented for frame-based stochastic real-time tasks, and several algorithms are also examined to check the schedulability of a given strategy. An approach is then proposed based on the schedulability condition to adapt a continuous-speed-based method to a discrete-speed system. The approach is able to stay as close as possible to the continuous-speed-based method, but still guaranteeing the schedulability. It is shown by simulations that the energy saving can be more than 20% for some system configurations
The development of many highly dynamic environments, like pervasive environments, introduces the possibility to use geographically close-related services. Dynamically integrating and unintegrating these services in running applications is a key challenge for this use. In this article, we classify service integration issues according to interfaces exported by services and internal combining techniques. We also propose a contextual integration service, IntegServ, and an interface, Integrable, for developing services.
Demands for implementing original OSs that can achieve high I/O performance on PC/AT compatible hardware have recently been increasing, but conventional OS debugging environments have not been able to simultaneously assure their stability, be easily customized to new OSs and new I/O devices, and assure efficient execution of I/O operations. We therefore developed a novel OS debugging method using a lightweight virtual machine. We evaluated this debugging method experimentally and confirmed that it can transfer data about 5.4 times as fast as the conventional virtual machine monitor.