Iso-UniK: lightweight multi-process unikernel through memory protection keys
Tóm tắt
Unikernel, specializing a minimalistic libOS with an application, is an attractive design for cloud computing. However, the Achilles’ heel of unikernel is the lack of multi-process support, which makes it less flexible and applicable. Many applications rely on the process abstraction to isolate different components. For example, Apache with the multi-processing module isolates a request handler in a process to guarantee security. Prior art tackles the problem by simulating multi-process with multiple unikernels, which is incompatible with existing cloud providers and also introduces high overhead. This paper proposes Iso-UniK, a new unikernel design enabling multi-task applications with the support of both functionality and isolation. Iso-UniK leverages a recent hardware feature, named Intel Memory Protection Key (Intel MPK), to provide lightweight and efficient isolation for multi-process in unikernel. Our design has three benefits compared with previous approaches. First, Iso-UniK does not need hypervisor support and is thus compatible with existing cloud computing platforms; second, Iso-UniK promises fast system calls with only 45 cycles; last, a process can be isolated with a flexible configuration. We have implemented a prototype based on OSv, a unikernel system supporting unmodified applications. Iso-UniK can achieve fast fork operation with only 66 μs for multi-process applications. Our evaluation shows that the isolation and multi-process support in Iso-UniK will not damage the applications’ performance.
Tài liệu tham khảo
Amit, N, Wei M (2018) The design and implementation of hyperupcalls In: 2018 USENIX Annual Technical Conference (USENIX ATC 18), 97–112.. USENIX Association, Boston, MA. https://www.usenix.org/conference/atc18/presentation/amit.
Apache HTTP server benchmarking tool. https://httpd.apache.org/docs/2.4/programs/ab.html. Accessed Dec 2019.
Apache http server project. https://httpd.apache.org/. Accessed Dec 2019.
Apache MPM prefork. https://httpd.apache.org/docs/2.4/mod/prefork.html. Accessed Dec 2019.
AWS, AmazonWebServices. https://aws.amazon.com/?. Accessed Dec 2019.
Belay, A, Bittau A, Mashtizadeh A, Terei D, Mazières D, Kozyrakis C (2012) Dune: Safe user-level access to privileged CPU features In: Presented as Part of the 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12), 335–348.. USENIX, Hollywood, CA. https://www.usenix.org/conference/osdi12/technical-sessions/presentation/belay.
Dautenhahn, N, Kasampalis T, Dietz W, Criswell J, Adve V (2015) Nested kernel: An operating system architecture for intra-kernel privilege separation In: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS ’15, 191–206.. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/2694344.2694386.
Du, D, Hua Z, Xia Y, Zang B, Chen H (2019) Xpc: Architectural support for secure and efficient cross process call In: Proceedings of the 46th International Symposium on Computer Architecture, ISCA ’19, 671–684.. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3307650.3322218.
gVisor. https://gvisor.dev/. Accessed Dec 2019.
Hu, H, Shinde S, Adrian S, Chua ZL, Saxena P, Liang Z (2016) Data-oriented programming: On the expressiveness of non-control data attacks In: 2016 IEEE Symposium on Security and Privacy (SP), 969–986. https://doi.org/10.1109/SP.2016.62.
Hua, Z, Du D, Xia Y, Chen H, Zang B (2018) EPTI: Efficient defence against meltdown attack for unpatched vms In: 2018 USENIX Annual Technical Conference (USENIX ATC 18), 255–266.. USENIX Association, Boston, MA. https://www.usenix.org/conference/atc18/presentation/hua.
Hua, Z, Gu J, Xia Y, Chen H, Zang B, Guan H (2017) vtz: Virtualizing ARM trustzone In: 26th USENIX Security Symposium (USENIX Security 17), 541–556.. USENIX Association, Vancouver, BC. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/hua.
Intel Ⓡ 64 and IA-32 architectures software developer’s manual. https://software.intel.com/en-us/articles/intel-sdm. Accessed Dec 2019, Published November 11, 2019.
Jos Tiny Server. https://pdos.csail.mit.edu/6.828/2014/labs/lab6/. Accessed Dec 2019.
Kashyap, S, Min C, Kim T (2018) Scaling guest OS critical sections with ecs In: 2018 USENIX Annual Technical Conference (USENIX ATC 18), 159–172.. USENIX Association, Boston, MA. https://www.usenix.org/conference/atc18/presentation/kashyap.
Kivity, A, Laor D, Costa G, Enberg P, Har’El N, Marti D, Zolotarov V (2014) Osv—optimizing the operating system for virtual machines In: 2014 USENIX Annual Technical Conference (USENIX ATC 14), 61–72.. USENIX Association, Philadelphia, PA. https://www.usenix.org/conference/atc14/technical-sessions/presentation/kivity.
Klein, G, Elphinstone K, Heiser G, Andronick J, Cock D, Derrin P, Elkaduwe D, Engelhardt K, Kolanski R, Norrish M, et al. (2009) Sel4: Formal verification of an os kernel In: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, SOSP ’09, 207–220.. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/1629575.1629596.
Li, W, Xia Y, Chen H, Zang B, Guan H (2015) Reducing world switches in virtualized environment with flexible cross-world calls In: Proceedings of the 42nd Annual International Symposium on Computer Architecture, ISCA ’15, 375–387.. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/2749469.2750406.
Li, W, Xia Y, Lu L, Chen H, Zang B (2019) Teev: Virtualizing trusted execution environments on mobile platforms In: Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE 2019, 2–16.. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3313808.3313810.
Lipp, M, Schwarz M, Gruss D, Prescher T, Haas W, Fogh A, Horn J, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018) Meltdown: Reading kernel memory from user space In: 27th USENIX Security Symposium (USENIX Security 18), 973–990.. USENIX Association, Baltimore, MD. https://www.usenix.org/conference/usenixsecurity18/presentation/lipp.
Liu, Y, Zhou T, Chen K, Chen H, Xia Y (2015) Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, 1607–1619.. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/2810103.2813690.
Madhavapeddy, A, Mortier R, Rotsos C, Scott D, Singh B, Gazagnaire T, Smith S, Hand S, Crowcroft J (2013) Unikernels: Library operating systems for the cloud, vol. 41, 461–472.. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/2490301.2451167.
Manco, F, Lupu C, Schmidt F, Mendes J, Kuenzer S, Sati S, Yasukata K, Raiciu C, Huici F (2017) My vm is lighter (and safer) than your container In: Proceedings of the 26th Symposium on Operating Systems Principles, SOSP ’17, 218–233.. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3132747.3132763.
Mi, Z, Li D, Yang Z, Wang X, Chen H (2019) Skybridge: Fast and secure inter-process communication for microkernels In: Proceedings of the Fourteenth EuroSys Conference 2019, EuroSys ’19.. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3302424.3303946.
Nginx. http://nginx.org/en/. Accessed Dec 2019.
Open Container Initiative. https://www.opencontainers.org/about. Accessed Dec 2019.
Park, S, Lee S, Xu W, Moon H, Kim T (2019) libmpk: Software abstraction for intel memory protection keys (intel MPK) In: 2019 USENIX Annual Technical Conference (USENIX ATC 19), 241–254.. USENIX Association, Renton, WA. https://www.usenix.org/conference/atc19/presentation/park-soyeon.
Sehr, D, Muth R, Biffle C, Khimenko V, Pasko E, Schimpf K, Yee B, Chen B (2010) Adapting software fault isolation to contemporary cpu architectures In: Proceedings of the 19th USENIX Conference on Security, USENIX Security’10, 1.. USENIX Association, USA.
Shi, L, Wu Y, Xia Y, Dautenhahn N, Chen H, Zang B, Guan H, Li J (2017) Deconstructing xen In: 24th Annual Network and Distributed System Security Symposium,(NDSS’17), San Diego, CA, USA.. The Internet Society, Reston, Virginia, U.S.https://doi.org/10.14722/ndss.2017.23455.
The heartbleed bug. http://heartbleed.com/. Accessed Dec 2019.
Tsai, C-C, Arora KS, Bandi N, Jain B, Jannen W, John J, Kalodner HA, Kulkarni V, Oliveira D, Porter DE (2014) Cooperation and security isolation of library oses for multi-process applications In: Proceedings of the Ninth European Conference on Computer Systems, EuroSys ’14.. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/2592798.2592812.
Vahldiek-Oberwagner, A, Elnikety E, Duarte NO, Sammler M, Druschel P, Garg D (2019) ERIM: Secure, efficient in-process isolation with protection keys (MPK) In: 28th USENIX Security Symposium (USENIX Security 19), 1221–1238.. USENIX Association, Santa Clara, CA. https://www.usenix.org/conference/usenixsecurity19/presentation/vahldiek-oberwagner.
Vilanova, L, Ben-Yehuda M, Navarro N, Etsion Y, Valero M (2014) Codoms: Protecting software with code-centric memory domains In: 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA), 469–480. https://doi.org/10.1109/ISCA.2014.6853202.
Vogl, S, Pfoh J, Kittel T, Eckert C (2014) Persistent data-only malware: Function hooks without code.. The Internet Society, Reston, Virginia, U.S.https://doi.org/10.14722/ndss.2014.23019.
Yee, B, Sehr D, Dardyk G, Chen JB, Muth R, Ormandy T, Okasaka S, Narula N, Fullagar N (2009) Native client: A sandbox for portable, untrusted x86 native code In: 2009 30th IEEE Symposium on Security and Privacy, 79–93. https://doi.org/10.1109/SP.2009.25.
Zhang, Y, Crowcroft J, Li D, Zhang C, Li H, Wang Y, Yu K, Xiong Y, Chen G (2018) Kylinx: A dynamic library operating system for simplified and efficient cloud virtualization In: 2018 USENIX Annual Technical Conference (USENIX ATC 18), 173–186.. USENIX Association, Boston, MA. https://www.usenix.org/conference/atc18/presentation/zhang-yiming.