Design and Implementation of a Network Server in LibrettOS

dc.contributor.authorSung, Mincheolen
dc.contributor.committeechairRavindran, Binoyen
dc.contributor.committeememberZeng, Haiboen
dc.contributor.committeememberNikolaev, Ruslanen
dc.contributor.departmentElectrical and Computer Engineeringen
dc.date.accessioned2019-01-29T13:47:10Zen
dc.date.available2019-01-29T13:47:10Zen
dc.date.issued2018-12-13en
dc.description.abstractTraditional network stacks in monolithic kernels have reliability and security concerns. Any fault in a network stack affects the entire system owing to lack of isolation in the monolithic kernel. Moreover, the large code size of the network stack enlarges the attack surface of the system. A multiserver OS design solves this problem. In contrast to the traditional network stack, a multiserver OS pushes the network stack into the network server as a user process, which performs three enhancements: (i) allows the network server to run in user mode while having its own address space and isolating any fault occurring in the network server; (ii) minimizes the attack surface of the system because the trusted computing base contracts; (iii) enables failure recovery, which is an important feature supported by a multiserver OS. This thesis proposes a network server for LibrettOS, an operating system based on rumprun unikernels and the Xen Hypervisor developed by Virginia Tech. The proposed network server is a service domain providing an L2 frame forwarding service for application domains and based on rumprun such that the existing device drivers of NetBSD can be leveraged with little modification. In this model, the TCP/IP stack runs directly in the address space of applications. This allows retaining the client state even if the network server crashes and makes it possible to recover from a network server failure. We leverage the Xen PCI passthrough to access a NIC (Network Interface Controller) from the network server. Our experimental evaluation demonstrates that the performance of the network server is good and comparable with Linux and NetBSD. We also demonstrate the successful recovery after a failure.en
dc.description.abstractgeneralWhen it comes to reliability and security in networking systems, concerns have been shown in traditional operating systems (OSs) such as Windows, MacOS, NetBSD, and Linux. Any fault in a networking system can have impacts on the entire system owing to lack of isolation in the OSs. Moreover, the large code size of a networking system enlarges the attack surface of the system. A multiserver OS design solves this problem by running a networking system as a network server, which performs three enhancements: (i) isolates any fault occurring in the network server itself; (ii) minimizes the attack surface of the system; and (iii) enables failure recovery. This thesis proposes a network server for LibrettOS, an operating system developed by Virginia Tech. The proposed network has two-pronged merits: (i) provides a system server providing a network packet forwarding service for applications; (ii) enables the existing device drivers of NetBSD to be leveraged with low amount of modification. Our experimental evaluation demonstrates that the performance of the network server outperforms state-of-the-art and comparable with Linux and that a successful recovery is possible after a failure.en
dc.description.degreeMaster of Scienceen
dc.description.sponsorshipThis research is based upon work supported by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Projects Activity (IARPA). The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the ODNI, IARPA, or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon. This research is also based upon work supported by the Office of Naval Research (ONR) under grants N00014-16-1-2104, N00014-16-1-2711, and N00014-18-1-2022.en
dc.format.mediumETDen
dc.identifier.urihttp://hdl.handle.net/10919/87066en
dc.language.isoen_USen
dc.publisherVirginia Techen
dc.rightsCreative Commons Attribution 4.0 Internationalen
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/en
dc.subjectmultiserver OSen
dc.subjectmicrokernelen
dc.subjecthypervisoren
dc.subjectXenen
dc.titleDesign and Implementation of a Network Server in LibrettOSen
dc.typeThesisen
thesis.degree.disciplineComputer Engineeringen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.levelmastersen
thesis.degree.nameMaster of Scienceen

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
MS_thesis_final.pdf
Size:
1.08 MB
Format:
Adobe Portable Document Format
Description:
License bundle
Now showing 1 - 1 of 1
Name:
license.txt
Size:
1.5 KB
Format:
Item-specific license agreed upon to submission
Description:

Collections