A survey of operating system support for persistent memory

Emerging persistent memory technologies, like PCM and 3D XPoint, offer numerous advantages, such as higher density, larger capacity, and better energy efficiency, compared with the DRAM. However, they also have some drawbacks, e.g., slower access speed, limited write endurance, and unbalanced read/write latency. Persistent memory technologies provide both great opportunities and challenges for operating systems. As a result, a large number of solutions have been proposed. With the increasing number and complexity of problems and approaches, we believe this is the right moment to investigate and analyze these works systematically.To this end, we perform a comprehensive and in-depth study on operating system support for persistent memory within three steps. First, we present an overview of how to build the operating system on persistent memory from three perspectives: system abstraction, crash consistency, and system reliability. Then, we classify the existing research works into three categories: storage stack, memory manager, and OS-bypassing library. For each category, we summarize the major research topics and discuss these topics deeply. Specifically, we present the challenges and opportunities in each topic, describe the contributions and limitations of proposed approaches, and compare these solutions in different dimensions. Finally, we also envision the future operating system based on this study.     

Auditing NT — Part 2

This second article on NT auditing focuses on controlling users: whether or not they use the system, what they can do once they are in, and how to keep a record of what they have done. As with the operating system configuration that we looked at in the last article, you will need administrator access to review many of the security settings, and to review the security log. You will also be using tools supplied in the NT Resource kit to get listings of information that cannot be effectively scanned online.     

一个新的安全内核模型研究

利用保护环和安全内核的功能,提出了一种新的增强操作系统安全性的模型.新模型中,虚拟机监控器中被用来保护运行时安全内核.虚拟机监控器运行在有最高特权级的保护环上,安全内核和用户进程分别运行在次高特权级和最低特权级的保护环上.当次高特权级的安全内核试图写某些关键的系统资源时,写操作必须经过运行于最高特权级的虚拟机监控器的验证和许可.结果,该模型能够阻止恶意代码修改并绕过运行时安全内核.     

面向内存访问性能优化的总线仲裁方法

访存交易的处理顺序对内存访问的性能有重要影响.同一个SoC设备发出的多个未决交易往往地址连续且读写类型相同.然而,传统的总线仲裁方法导致各个设备发出的未决交易序列交错地发送至内存控制器,而内存控制器访存调度的范围有限,最终导致此类序列通常无法连续地访问内存.为解决此问题,提出一种新型的总线仲裁方法CGH,该方法利用SoC设备通信行为的特征,通过识别同一个SoC设备发出的、行地址和读写类型相同的未决交易序列并让其连续获得仲裁授权,减少内存切换行地址和读写类型的次数;同时,在选择将要授权的未决交易序列时,优先考虑行地址和读写类型与最近授权交易相同的申请,进一步提高访存效率.将CGH仲裁方法应用至北大众志-SKSoC后,系统访存性能提高了21.37%,而总线面积仅增加2.83%.此外,由于行地址切换次数减少,内存的能耗也降低了15.15%.     

Atomic RMI: A Distributed Transactional Memory Framework

This paper presents Atomic RMI, a distributed transactional memory framework that supports the control flow model of execution. Atomic RMI extends Java RMI with distributed transactions that can run on many Java virtual machines located on different network nodes. Our system employs SVA, a fully-pessimistic concurrency control algorithm that provides exclusive access to shared objects and supports rollback and fault tolerance. SVA is capable of achieving a relatively high level of parallelism by interweaving transactions that access the same objects and by making transactions that do not share objects independent of one another. It also allows any operations within transactions, including irrevocable ones, like system calls, and provides an unobtrusive API. Our evaluation shows that in most cases Atomic RMI performs better than fine grained mutual-exclusion and read/write locking mechanisms. Atomic RMI also performs better than an optimistic transactional memory in environments with high contention and a high ratio of write operations, while being competitive otherwise.     

LINUX系统下GPIB驱动优化设计与实现

为方便开发基于LINUX操作系统的GPIB仪器,近几年,Linux内核也集成了专用在测试测量领域里的GPIB总线驱动,但直接拿来利用发现,在向仪器发命令的频率比较高时,此驱动传输性能不是很理想,偶尔还会出现驱动挂掉,造成LINUX内核崩溃。针对以上问题,给出了在LINUX架构下GPIB驱动优化设计方案。分析了LINUX字符设备驱动模型;在中断服务程序底半部里,引入了结合睡眠机制的非原子操作工作队列,提高了驱动运行效率;提出了利用FIFO半满而非传统的全满标志位作为数据传输判断标准,提升了数据传输速率,引入了读写操作互斥的信号量,消除了由于读写竞态引起的驱动异常;对优化后的GPIB驱动进行测试,结果表明,上述问题得到了一定的改善。     

针对安卓手机提权漏洞的新型防范模型设计与验证

目前,智能手机安全问题引起了人们高度的重视。木马作为一种隐蔽性、欺骗性很高的攻击手段,在该平台上不断蔓延,虽然受到广泛关注,但却没有很好的防范手段。在各种漏洞中,提权漏洞对于Android系统的安全威胁巨大,一旦攻击者有机会获得内核的内存地址,就能够通过关闭内核内存的写保护获得向内核内存写入恶意指令的权限,并实现下载木马病毒的目的。为应对这一漏洞,首先分析SEAndroid机制,并基于此机制提出一种新型的将内核加强和数据包过滤2种方法结合的提权漏洞防范模块,并通过实验对所提出的防范模块的有效性进行验证。     

一种基于X86架构的多核绑定技术

针对如何利用高性能多核化设备,提高网络安全产品的处理能力,设计和实现了一种基于x86架构的Llinux平台多核绑定技术。该技术首先建立DMA缓冲队列映射,减少网卡访问次数,采用SIMD多核思想设计和实现了虚拟数据桶,并对进入数据桶的数据实施负载均衡;将Netfilter主函数多线程化,并采用内核线程绑定技术将多线程绑定到指定核.实验结果表明,DMA缓冲队列映射可以提高网络设备的I/O吞吐量,虚拟数据桶减少了数据包二次拷贝的开销,节省内核态内存,多核绑定技术提高网络安全设备多核利用率和数据包处理能力。     

基于非易失性存储器的存储引擎性能优化

非易失性存储器具有接近内存的读写速度,可利用其替换传统的存储设备,从而提升存储引擎的性能。但是,传统的存储引擎通常使用通用块接口读写数据,导致了较长的 I/O 软件栈,增加了软件层的读写延迟,进而限制了非易失性存储器的性能优势。针对这一问题,该文以 Ceph 大数据存储系统为基础,研究设计了基于非易失性存储器的新型存储引擎 NVMStore,通过内存映射的方式访问存储设备,根据非易失性存储器的字节可寻址和数据持久化特性,优化数据读写流程,从而减小数据写放大以及软件栈的开销。实验结果表明,与使用非易失性存储器的传统存储引擎相比,NVMStore能够显著提升 Ceph 的小块数据读写性能。     

基于RAM/Disk混合设备模型的FC-SAN存储系统

磁盘存取是基于光纤通道网络的SAN存储系统的目前性能瓶径，在综合和分析目前各种文件系统I／O操作工作负载的研究结果的基础上，提出了一个新的改进FC-SAN存储系统性能的方法：将各种文件系统I／O操作分为大数据量的文件读写操作、小数据量的文件读写操作和文件属性操作，大数据量的文件读写操作还是按照原来的I／O路径进行，存取物理磁盘；但其他各种文件操作包括小数据量的文件读写操作对基于内存的RAMDisk设备进行操作，实验结果显示，基于混合I／O子系统的FC-SAN存储系统的存取速率可以接近线速。     

The use of architectural principles in the design of certifiably secure systems

The notion of security, as it applies to information processing, encompasses many approaches and a wide variety of desired ends. A great deal of effort has gone into the problem of certifying the security of a system for use in a ‘multi-level’ environment. Both the data and the population of users are assumed to have different (but discernable) characteristics; policies are established to determine the access rights of users to data based upon these characteristics; and the system is deemed secure if and only if it may be shown never to permit violations of the policy. As the policy typically involves both read and write access, this paradigm has relevance to both national security and the private sector, concerned with disclosure and fraudulent modification of data respectively.It has been customary to model the mechanisms enforcing policies as security kernels. The original notion was of a reference monitor with three notable properties, and the security kernel was one possible embodiment of the monitor. This paper argues that the kernel, seen as being at the heart of the operating system, is in need of rethinking in light of the newer architectures (especially those based upon capabilities) and the proliferation of excellent, readily available, supporting software. What is suggested is that an appropriate use of architectural principles, coupled with vigorously applied administrative procedures and some of the advances in technology, might very well serve to form the basis of the demonstration that a system is secure. It will be argued that only such an amalgam of mechanisms will provide sufficient power both to demonstrate the security of a system and to serve as a criterion of certification for those concerned with this type of security.     

CPU bugs, CPU backdoors and consequences on security

In this paper, we present the security implications of x86 processor bugs or backdoors on operating systems and virtual machine monitors. We will not try to determine whether the backdoor threat is realistic or not, but we will assume that a bug or a backdoor exists and analyze the consequences on systems. We will show how it is possible for an attacker to implement a simple and generic CPU backdoor in order—at some later point in time—to bypass mandatory security mechanisms with very limited initial privileges. We will explain practical difficulties and show proof of concept schemes using a modified Qemu CPU emulator. Backdoors studied in this paper are all usable from the software level without any physical access to the hardware.     

Write-only oblivious RAM-based privacy-preserved access of outsourced data

Data outsourcing is plagued with several security and privacy concerns. Oblivious RAM (ORAM) can be used to address one of the many concerns, specifically to protect the privacy of data access pattern from outsourced cloud storage. This is achieved by simulating each original read or write operation with some read and write operations on both real and dummy data items. This paper proposes two single-server write-only ORAM schemes and one multi-server scheme, which simulate only the write operations and protect only the write pattern. The reduction in functionality however allows to build much simpler and efficient (in terms of communication/storage cost) ORAMs. Our schemes can achieve constant communication cost with acceptable storage usage. Write-only ORAM can be used in two situations: (i) only the write pattern is considered to contain sensitive information and needs protection. (ii) In outsourced data sharing, ORAM cannot be used to protect read pattern anyway due to access control issues, and Private Information Retrieval (PIR) has to be used instead. In this paper, we also study how to augment ORAM to support the use of PIR in the latter situation.     

高性能路由器操作系统HEROS的设计与实现

实时分布式操作系统是高性能分布式路由器的控制核心 ,为了保证路由器系统的整体性能和安全性 ,本文设计并实现了实时分布式操作系统 HEROS(Highly Efficient Router Operating System) .HEROS基于微内核体系结构 ,其多任务内核实现了基于优先级的抢先式调度 ,高效率的任务间同步和通信原语 ,实时的中断处理和高效的内存管理机制 .为了更好地服务于分布式路由器体系结构 ,HEROS基于 Compact PCI总线实现了一种分布式通信机制和面向网络协议的高性能的缓冲管理机制 .目前 ,基于 HEROS的高性能安全路由器原型系统已经设计完成     

A multiprocessor bus design model validated by system measurement

An accurate and efficient model of a commercial multiprocessor bus is developed. Four important characteristics of the bus design are modeled: asynchronous memory write operations; in-order delivery of responses to processor read requests; priority scheduling of memory responses; and upper bounds on the number of outstanding processor requests. A two-level hierarchical model employing both Markov chain and mean value analysis techniques for analyzing queueing networks is used. The model is shown to accurately predict measured system performance for two parallel program workloads that have different memory access characteristics. The results provide evidence that analytic queueing models can be extremely accurate in spite of simplifying assumptions required for model tractability. Model estimates are compared against detailed simulation of the bus to investigate in more detail the likely source of small model inaccuracies. The use of the analytical model for assessing system design tradeoffs is illustrated     

PCI总线电机控制卡的WDM设备驱动程序设计

结合基于PCI总线的精密电机运动控制卡，介绍了PCI设备的WDM设备驱动程序的设计过程，PCI设备的获得，I／O端口的读写，内存的读写以及中断的处理，和设备驱动程序的安装。     

Secure and efficient data collaboration with hierarchical attribute-based encryption in cloud computing

With the increasing trend of outsourcing data to the cloud for efficient data storage, secure data collaboration service including data read and write in cloud computing is urgently required. However, it introduces many new challenges toward data security. The key issue is how to afford secure write operation on ciphertext collaboratively, and the other issues include difficulty in key management and heavy computation overhead on user since cooperative users may read and write data using any device. In this paper, we propose a secure and efficient data collaboration scheme, in which fine-grained access control of ciphertext and secure data writing operation can be afforded based on attribute-based encryption (ABE) and attribute-based signature (ABS) respectively. In order to relieve the attribute authority from heavy key management burden, our scheme employs a full delegation mechanism based on hierarchical attribute-based encryption (HABE). Further, we also propose a partial decryption and signing construction by delegating most of the computation overhead on user to cloud service provider. The security and performance analysis show that our scheme is secure and efficient.     

基于SPR4096的SPCE061A单片机存储器扩展设计

SPR4096是一款高性能4Mbits的FLASH存储器,广泛应用于语音图像处理等大容量存储器扩展场合。该文介绍了SPR4096芯片的特点及工作特性,根据SPR4096的不同应用,设计了与SPCE061A单片机分别采用总线与串行接口方式时的具体硬件连接原理图,给出了两种接口方式下SPCE061A对SPR4096实现读写控制的软件设计要点及相应的程序代码。     

VM内部隔离驱动程序的可靠性架构

利用虚拟化技术来整合资源已成为高性能服务器提高资源利用率的重要手段,虚拟化技术的可靠性对于高性能服务器所提供服务的质量至关重要.然而,驱动故障严重影响了虚拟机中操作系统的可靠性,也同样影响到整个服务器的可靠性.为此,提出一种在虚拟机内部通过隔离故障驱动程序来提高虚拟机可靠性的架构,该架构通过监视驱动程序所使用的内存信息来建立驱动可写权限的授权表,并在虚拟机监视器中设置虚拟机内核空间对应影子页表的写保护来捕获虚拟机的写操作,进而结合授权表判断被隔离驱动程序写操作的正确性.目前,该架构能够在无需修改驱动程序的情况下,在虚拟机内部实现对驱动程序的隔离.实验结果表明：该架构可以隔离84.63%的注入故障造成的系统崩溃失效,并且对于驱动性能的影响小于20%,提高了虚拟化环境的可靠性.     

Data parallel address architecture

Data parallel memory systems must maintain a large number of outstanding memory references to fully use increasing DRAM bandwidth in the presence of increasing latency. At the same time, the throughput of modern DRAMs is very sensitive to access pattern's due to the time required to precharge and activate banks and to switch between read and write access. To achieve memory reference parallelism a system may simultaneously issue references from multiple reference threads. Alternatively multiple references from a single thread can be issued in parallel. In this paper, we examine this tradeoff and show that allowing only a single thread to access DRAM at any given time significantly improves performance by increasing the locality of the reference stream and hence reducing precharge/activate operations and read/write turnaround. Simulations of scientific and multimedia applications show that generating multiple references from a single thread gives, on average, 17% better performance than generating references from two parallel threads.