TY - CONF T1 - State transfer for clear and efficient runtime updates T2 - 2011 IEEE 27th International Conference on Data Engineering Workshops (ICDEW) Y1 - 2011 A1 - Hayden,C.M. A1 - Smith,E. K A1 - Hicks, Michael W. A1 - Foster, Jeffrey S. KW - C++ language KW - C++ program KW - Cognition KW - complex tool support KW - dynamic software updating KW - efficient runtime update KW - in-place DSU approach KW - Libraries KW - Operating systems KW - program modification KW - Program processors KW - program transfer KW - program version KW - Runtime KW - servers KW - software libraries KW - Software maintenance KW - state transfer update KW - Steady-state KW - updating library KW - VSFTPD AB - Dynamic software updating (DSU), the practice of updating software while it executes, is a lively area of research. The DSU approach most prominent in both commercial and research systems is in-place updating, in which patches containing program modifications are loaded into a running process. However, in-place updating suffers from several problems: it requires complex tool support, it may adversely affect the performance of normal execution, it requires challenging reasoning to understand the behavior of an updated program, and it requires extra effort to modify program state to be compatible with an update. This paper presents preliminary work investigating the potential for state transfer updating to address these problems. State transfer updates work by launching a new process running the updated program version and transferring program state from the running process to the updated version. In this paper, we describe the use and implementation of Ekiden, a new state transfer updating library for C/C++ programs. Ekiden seeks to redress the difficulties of in-place updating, and we report on our experience updating VSFTPD using Ekiden. This initial experience suggests that state transfer provides the availability benefits of in-place DSU approaches while addressing many of their shortcomings. JA - 2011 IEEE 27th International Conference on Data Engineering Workshops (ICDEW) PB - IEEE SN - 978-1-4244-9195-7 M3 - 10.1109/ICDEW.2011.5767632 ER - TY - CHAP T1 - Ecotopia: An Ecological Framework for Change Management in Distributed Systems T2 - Architecting Dependable Systems IV Y1 - 2007 A1 - Tudor Dumitras A1 - Roşu, Daniela A1 - Dan, Asit A1 - Narasimhan, Priya ED - Lemos, Rogério de ED - Gacek, Cristina ED - Romanovsky, Alexander KW - Autonomic Computing KW - Dynamic Change Management KW - Fault-Tolerant Architecture KW - Operating systems KW - Performability KW - Service Orchestration KW - software engineering AB - Dynamic change management in an autonomic, service-oriented infrastructure is likely to disrupt the critical services delivered by the infrastructure. Furthermore, change management must accommodate complex real-world systems, where dependability and performance objectives are managed across multiple distributed service components and have specific criticality/value models. In this paper, we present Ecotopia, a framework for change management in complex service-oriented architectures (SOA) that is ecological in its intent: it schedules change operations with the goal of minimizing the service-delivery disruptions by accounting for their impact on the SOA environment. The change-planning functionality of Ecotopia is split between multiple objective-advisors and a system-level change-orchestrator component. The objective advisors assess the change-impact on service delivery by estimating the expected values of the Key Performance Indicators (KPIs), during and after change. The orchestrator uses the KPI estimations to assess the per-objective and overall business-value changes over a long time-horizon and to identify the scheduling plan that maximizes the overall business value. Ecotopia handles both external change requests, like software upgrades, and internal changes requests, like fault-recovery actions. We evaluate the Ecotopia framework using two realistic change-management scenarios in distributed enterprise systems. JA - Architecting Dependable Systems IV T3 - Lecture Notes in Computer Science PB - Springer Berlin Heidelberg SN - 978-3-540-74033-9, 978-3-540-74035-3 UR - http://link.springer.com/chapter/10.1007/978-3-540-74035-3_12 ER - TY - CONF T1 - Managing policy updates in security-typed languages T2 - 19th IEEE Computer Security Foundations Workshop, 2006 Y1 - 2006 A1 - Swamy,N. A1 - Hicks, Michael W. A1 - Tse,S. A1 - Zdancewic,S. KW - Access control KW - Computer languages KW - Data security KW - Database systems KW - dynamic queries KW - dynamic semantics KW - Educational institutions KW - high level languages KW - Information security KW - information-flow policy management KW - Lattices KW - Network servers KW - Operating systems KW - policy update management KW - Robustness KW - role-based security policies KW - RT role-based trust-management framework KW - Rx security-typed programming language KW - security of data KW - statically verified transactions KW - transitive flows AB - This paper presents Rx, a new security-typed programming language with features intended to make the management of information-flow policies more practical. Security labels in Rx, in contrast to prior approaches, are defined in terms of owned roles, as found in the RT role-based trust-management framework. Role-based security policies allow flexible delegation, and our language Rx provides constructs through which programs can robustly update policies and react to policy updates dynamically. Our dynamic semantics use statically verified transactions to eliminate illegal information flows across updates, which we call transitive flows. Because policy updates can be observed through dynamic queries, policy updates can potentially reveal sensitive information. As such, Rx considers policy statements themselves to be potentially confidential information and subject to information-flow metapolicies JA - 19th IEEE Computer Security Foundations Workshop, 2006 PB - IEEE SN - 0-7695-2615-2 M3 - 10.1109/CSFW.2006.17 ER - TY - CHAP T1 - Architecting and Implementing Versatile Dependability T2 - Architecting Dependable Systems III Y1 - 2005 A1 - Tudor Dumitras A1 - Srivastava, Deepti A1 - Narasimhan, Priya ED - Lemos, Rogério de ED - Gacek, Cristina ED - Romanovsky, Alexander KW - Operating systems KW - software engineering AB - Distributed applications must often consider and select the appropriate trade-offs among three important aspects – fault-tolerance, performance and resources. We introduce a novel concept, called versatile dependability, that provides a framework for analyzing and reasoning about these trade-offs in dependable software architectures. We present the architecture of a middleware framework that implements versatile dependability by providing the appropriate ”knobs” to tune and re-calibrate the trade-offs. Our framework can adjust the properties and the behavior of the system at development-time, at deployment-time, and throughout the application’s life-cycle. This renders the versatile dependability approach useful both to applications that require static fault-tolerance configurations supporting the loss/addition of resources and changing workloads, as well as to applications that evolve in terms of their dependability requirements. Through a couple of specific examples, one on adapting the replication style at runtime and the other on tuning the system scalability under given constraints, we demonstrate concretely how versatile dependability can provide an extended coverage of the design space of dependable distributed systems. JA - Architecting Dependable Systems III T3 - Lecture Notes in Computer Science PB - Springer Berlin Heidelberg SN - 978-3-540-28968-5, 978-3-540-31648-0 UR - http://link.springer.com/chapter/10.1007/11556169_10 ER - TY - CHAP T1 - Fault-Tolerant Middleware and the Magical 1% T2 - Middleware 2005 Y1 - 2005 A1 - Tudor Dumitras A1 - Narasimhan, Priya ED - Alonso, Gustavo KW - Computer Communication Networks KW - Information Systems Applications (incl.Internet) KW - Operating systems KW - Programming Languages, Compilers, Interpreters KW - Programming Techniques KW - software engineering AB - Through an extensive experimental analysis of over 900 possible configurations of a fault-tolerant middleware system, we present empirical evidence that the unpredictability inherent in such systems arises from merely 1% of the remote invocations. The occurrence of very high latencies cannot be regulated through parameters such as the number of clients, the replication style and degree or the request rates. However, by selectively filtering out a “magical 1%” of the raw observations of various metrics, we show that performance, in terms of measured end-to-end latency and throughput, can be bounded, easy to understand and control. This simple statistical technique enables us to guarantee, with some level of confidence, bounds for percentile-based quality of service (QoS) metrics, which dramatically increase our ability to tune and control a middleware system in a predictable manner. JA - Middleware 2005 T3 - Lecture Notes in Computer Science PB - Springer Berlin Heidelberg SN - 978-3-540-30323-7, 978-3-540-32269-6 UR - http://link.springer.com/chapter/10.1007/11587552_24 ER - TY - CONF T1 - Running on the bare metal with GeekOS T2 - Proceedings of the 35th SIGCSE technical symposium on Computer science education Y1 - 2004 A1 - Hovemeyer, David A1 - Hollingsworth, Jeffrey K A1 - Bhattacharjee, Bobby KW - education KW - emulation KW - Hardware KW - Operating systems AB - Undergraduate operating systems courses are generally taught using one of two approaches: abstract or concrete. In the abstract approach, students learn the concepts underlying operating systems theory, and perhaps apply them using user-level threads in a host operating system. In the concrete approach, students apply concepts by working on a real operating system kernel. In the purest manifestation of the concrete approach, students implement operating system projects that run on real hardware.GeekOS is an instructional operating system kernel which runs on real hardware. It provides the minimum functionality needed to schedule threads and control essential devices on an x86 PC. On this foundation, we have developed projects in which students build processes, semaphores, a multilevel feedback scheduler, paged virtual memory, a filesystem, and inter-process communication. We use the Bochs emulator for ease of development and debugging. While this approach (tiny kernel run on an emulator) is not new, we believe GeekOS goes further towards the goal of combining realism and simplicity than previous systems have. JA - Proceedings of the 35th SIGCSE technical symposium on Computer science education T3 - SIGCSE '04 PB - ACM CY - New York, NY, USA SN - 1-58113-798-2 UR - http://doi.acm.org/10.1145/971300.971411 M3 - 10.1145/971300.971411 ER - TY - JOUR T1 - Security for virtual private intranets JF - Computer Y1 - 1998 A1 - Arbaugh, William A. A1 - Davin,J. R A1 - Farber,D. J A1 - Smith,J. M KW - businesses KW - Clouds KW - Companies KW - core operating system components KW - cryptography KW - Data security KW - employee homes KW - encryption KW - functional roles KW - hard drive KW - Home computing KW - home working KW - integrity checking KW - Internet KW - Local area networks KW - multiple personalities KW - network authentication KW - network environment KW - operating system modifications KW - Operating systems KW - Roads KW - secure identity based lending KW - security management KW - security of data KW - shared applications KW - SIBL KW - single hardware platform KW - smart cards KW - symmetric algorithm KW - system partition KW - telecommuting KW - Teleworking KW - trust relationship KW - trustworthy system KW - virtual private intranets AB - As telecommuting grows, businesses must consider security when extending their network environment to employees' homes. Researchers at the University of Pennsylvania have addressed the problem with smart cards, operating system modifications, and network authentication. We note the distinction between trust and integrity: trust is determined through the verification of components and the dependencies among them, while integrity demonstrates that components haven't been modified. Thus integrity checking in a trustworthy system is about preserving an established trust or trust relationship. Our solution to the challenge of isolating functional roles that may share a single hardware platform is called secure identity based lending (SIBL). SIBL provides multiple personalities by partitioning the hard drive into n+1 partitions, where n is the number of supported personalities. All personalities use the system partition for core operating system components and shared applications. Each of the personalities is also associated with one of the remaining partitions, which are encrypted using a symmetric algorithm VL - 31 SN - 0018-9162 CP - 9 M3 - 10.1109/2.708450 ER - TY - CONF T1 - MDL: a language and compiler for dynamic program instrumentation T2 - , 1997 International Conference on Parallel Architectures and Compilation Techniques., 1997. Proceedings Y1 - 1997 A1 - Hollingsworth, Jeffrey K A1 - Niam, O. A1 - Miller, B. P A1 - Zhichen Xu A1 - Goncalves,M. J.R A1 - Ling Zheng KW - Alpha architecture KW - application program KW - application program interfaces KW - Application software KW - compiler generators KW - Computer science KW - dynamic code generation KW - Dynamic compiler KW - dynamic program instrumentation KW - Educational institutions KW - files KW - instrumentation code KW - Instruments KW - MDL KW - measurement KW - message channels KW - Message passing KW - Metric Description Language KW - modules KW - nodes KW - Operating systems KW - optimising compilers KW - PA-RISC KW - Paradyn Parallel Performance Tools KW - Parallel architectures KW - parallel programming KW - performance data KW - platform independent descriptions KW - Power 2 architecture KW - Power generation KW - procedures KW - program debugging KW - Program processors KW - running programs KW - Runtime KW - software metrics KW - SPARC KW - Specification languages KW - x86 architecture AB - We use a form of dynamic code generation, called dynamic instrumentation, to collect data about the execution of an application program. Dynamic instrumentation allows us to instrument running programs to collect performance and other types of information. The instrumentation code is generated incrementally and can be inserted and removed at any time. Our instrumentation currently runs on the SPARC, PA-RISC, Power 2, Alpha, and x86 architectures. Specification of what data to collect are written in a specialized language called the Metric Description Language, that is part of the Paradyn Parallel Performance Tools. This language allows platform independent descriptions of how to collect performance data. It also provides a concise way to specify, how to constrain performance data to particular resources such as modules, procedures, nodes, files, or message channels (or combinations of these resources). We also describe the details of how we weave instrumentation into a running program JA - , 1997 International Conference on Parallel Architectures and Compilation Techniques., 1997. Proceedings PB - IEEE SN - 0-8186-8090-3 M3 - 10.1109/PACT.1997.644016 ER - TY - CONF T1 - A secure and reliable bootstrap architecture T2 - , 1997 IEEE Symposium on Security and Privacy, 1997. Proceedings Y1 - 1997 A1 - Arbaugh, William A. A1 - Farber,D. J A1 - Smith,J. M KW - active networks KW - AEGIS architecture KW - bootstrap architecture KW - Computer architecture KW - computer bootstrapping KW - data integrity KW - Distributed computing KW - Hardware KW - hardware validity KW - initialization KW - integrity chain KW - integrity check failures KW - Internet KW - Internet commerce KW - IP networks KW - Laboratories KW - lower-layer integrity KW - Microprogramming KW - Operating systems KW - recovery process KW - reliability KW - robust systems KW - Robustness KW - Security KW - security of data KW - software reliability KW - system integrity guarantees KW - system recovery KW - transitions KW - Virtual machining AB - In a computer system, the integrity of lower layers is typically treated as axiomatic by higher layers. Under the presumption that the hardware comprising the machine (the lowest layer) is valid, the integrity of a layer can be guaranteed if and only if: (1) the integrity of the lower layers is checked and (2) transitions to higher layers occur only after integrity checks on them are complete. The resulting integrity “chain” inductively guarantees system integrity. When these conditions are not met, as they typically are not in the bootstrapping (initialization) of a computer system, no integrity guarantees can be made, yet these guarantees are increasingly important to diverse applications such as Internet commerce, security systems and “active networks”. In this paper, we describe the AEGIS architecture for initializing a computer system. It validates integrity at each layer transition in the bootstrap process. AEGIS also includes a recovery process for integrity check failures, and we show how this results in robust systems JA - , 1997 IEEE Symposium on Security and Privacy, 1997. Proceedings PB - IEEE SN - 0-8186-7828-3 M3 - 10.1109/SECPRI.1997.601317 ER - TY - CONF T1 - Dynamic program instrumentation for scalable performance tools T2 - Scalable High-Performance Computing Conference, 1994., Proceedings of the Y1 - 1994 A1 - Hollingsworth, Jeffrey K A1 - Miller, B. P A1 - Cargille, J. KW - Application software KW - binary image KW - compiler writing KW - Computer architecture KW - Computer displays KW - Computerized monitoring KW - Concurrent computing KW - data acquisition KW - data collection KW - data visualisation KW - Data visualization KW - dynamic program instrumentation KW - efficient monitoring KW - executing program KW - Instruments KW - large-scale parallel applications KW - Large-scale systems KW - operating system design KW - Operating systems KW - parallel programming KW - program analysis KW - program diagnostics KW - program visualization KW - Programming profession KW - Sampling methods KW - scalable performance tools KW - software tools AB - Presents a new technique called `dynamic instrumentation' that provides efficient, scalable, yet detailed data collection for large-scale parallel applications. Our approach is unique because it defers inserting any instrumentation until the application is in execution. We can insert or change instrumentation at any time during execution by modifying the application's binary image. Only the instrumentation required for the currently selected analysis or visualization is inserted. As a result, our technique collects several orders of magnitude less data than traditional data collection approaches. We have implemented a prototype of our dynamic instrumentation on the CM-5, and present results for several real applications. In addition, we include recommendations to operating system designers, compiler writers, and computer architects about the features necessary to permit efficient monitoring of large-scale parallel systems JA - Scalable High-Performance Computing Conference, 1994., Proceedings of the PB - IEEE SN - 0-8186-5680-8 M3 - 10.1109/SHPCC.1994.296728 ER - TY - JOUR T1 - IPS-2: the second generation of a parallel program measurement system JF - IEEE Transactions on Parallel and Distributed Systems Y1 - 1990 A1 - Miller, B. P A1 - Clark, M. A1 - Hollingsworth, Jeffrey K A1 - Kierstead, S. A1 - Lim,S. -S A1 - Torzewski, T. KW - 4.3BSD UNIX systems KW - automatic guidance techniques KW - Automatic testing KW - Charlotte distributed operating system KW - CPA KW - DECstation KW - design concepts KW - distributed programs KW - graphical user interface KW - Graphical user interfaces KW - Instruments KW - interactive program analysis KW - IPS-2 KW - measurement KW - message systems KW - network operating systems KW - Operating systems KW - parallel program measurement system KW - parallel programming KW - parallel programs KW - Performance analysis KW - performance analysis techniques KW - performance evaluation KW - performance measurement system KW - Power system modeling KW - program bottlenecks KW - program diagnostics KW - Programming profession KW - semantics KW - Sequent Symmetry multiprocessor KW - shared-memory systems KW - software tools KW - Springs KW - Sun KW - Sun 4 KW - Unix KW - VAX AB - IPS, a performance measurement system for parallel and distributed programs, is currently running on its second implementation. IPS's model of parallel programs uses knowledge about the semantics of a program's structure to provide two important features. First, IPS provides a large amount of performance data about the execution of a parallel program, and this information is organized so that access to it is easy and intuitive. Secondly, IPS provides performance analysis techniques that help to guide the programmer automatically to the location of program bottlenecks. The first implementation of IPS was a testbed for the basic design concepts, providing experience with a hierarchical program and measurement model, interactive program analysis, and automatic guidance techniques. It was built on the Charlotte distributed operating system. The second implementation, IPS-2, extends the basic system with new instrumentation techniques, an interactive and graphical user interface, and new automatic guidance analysis techniques. This implementation runs on 4.3BSD UNIX systems, on the VAX, DECstation, Sun 4, and Sequent Symmetry multiprocessor VL - 1 SN - 1045-9219 CP - 2 M3 - 10.1109/71.80132 ER -