Samantha Miller, Kaiyuan Zhang, Danyang Zhuo, Shibin Xu, A. Krishnamurthy, T. Anderson
{"title":"实用安全的Linux内核可扩展性","authors":"Samantha Miller, Kaiyuan Zhang, Danyang Zhuo, Shibin Xu, A. Krishnamurthy, T. Anderson","doi":"10.1145/3317550.3321429","DOIUrl":null,"url":null,"abstract":"The ability to extend kernel functionality safely has long been a design goal for operating systems. Modern operating systems, such as Linux, are structured for extensibility to enable sharing a single code base among many environments. Unfortunately, safety has lagged behind, and bugs in kernel extensions continue to cause problems. We study three recent kernel extensions critical to Docker containers (Overlay File System, Open vSwitch Datapath, and AppArmor) to guide further research in extension safety. We find that all the studied kernel extensions suffer from the same set of low-level memory, concurrency, and type errors. Though safe kernel extensibility is a well-studied area, existing solutions are heavyweight, requiring extensive changes to the kernel and/or expensive runtime checks. We then explore the feasibility of writing kernel extensions in a high-level, type safe language (i.e., Rust) while preserving compatibility with Linux and find this to be an appealing approach. We show that there are key challenges to implementing this approach and propose potential solutions.","PeriodicalId":224944,"journal":{"name":"Proceedings of the Workshop on Hot Topics in Operating Systems","volume":"49 7","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Practical Safe Linux Kernel Extensibility\",\"authors\":\"Samantha Miller, Kaiyuan Zhang, Danyang Zhuo, Shibin Xu, A. Krishnamurthy, T. Anderson\",\"doi\":\"10.1145/3317550.3321429\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The ability to extend kernel functionality safely has long been a design goal for operating systems. Modern operating systems, such as Linux, are structured for extensibility to enable sharing a single code base among many environments. Unfortunately, safety has lagged behind, and bugs in kernel extensions continue to cause problems. We study three recent kernel extensions critical to Docker containers (Overlay File System, Open vSwitch Datapath, and AppArmor) to guide further research in extension safety. We find that all the studied kernel extensions suffer from the same set of low-level memory, concurrency, and type errors. Though safe kernel extensibility is a well-studied area, existing solutions are heavyweight, requiring extensive changes to the kernel and/or expensive runtime checks. We then explore the feasibility of writing kernel extensions in a high-level, type safe language (i.e., Rust) while preserving compatibility with Linux and find this to be an appealing approach. We show that there are key challenges to implementing this approach and propose potential solutions.\",\"PeriodicalId\":224944,\"journal\":{\"name\":\"Proceedings of the Workshop on Hot Topics in Operating Systems\",\"volume\":\"49 7\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-05-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Workshop on Hot Topics in Operating Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3317550.3321429\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Workshop on Hot Topics in Operating Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3317550.3321429","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
摘要
长期以来,安全地扩展内核功能一直是操作系统的设计目标。现代操作系统(如Linux)的结构具有可扩展性,可以在许多环境中共享单个代码库。不幸的是,安全性落后了,内核扩展中的错误继续引起问题。我们研究了最近三个对Docker容器至关重要的内核扩展(Overlay File System, Open vSwitch Datapath和AppArmor),以指导扩展安全性的进一步研究。我们发现所研究的所有内核扩展都有相同的低级内存、并发性和类型错误。尽管安全的内核可扩展性是一个研究得很好的领域,但现有的解决方案都是重量级的,需要对内核进行大量更改和/或昂贵的运行时检查。然后,我们探讨了用一种高级的、类型安全的语言(如Rust)编写内核扩展的可行性,同时保持与Linux的兼容性,并发现这是一种吸引人的方法。我们展示了实施这种方法的关键挑战,并提出了潜在的解决方案。
The ability to extend kernel functionality safely has long been a design goal for operating systems. Modern operating systems, such as Linux, are structured for extensibility to enable sharing a single code base among many environments. Unfortunately, safety has lagged behind, and bugs in kernel extensions continue to cause problems. We study three recent kernel extensions critical to Docker containers (Overlay File System, Open vSwitch Datapath, and AppArmor) to guide further research in extension safety. We find that all the studied kernel extensions suffer from the same set of low-level memory, concurrency, and type errors. Though safe kernel extensibility is a well-studied area, existing solutions are heavyweight, requiring extensive changes to the kernel and/or expensive runtime checks. We then explore the feasibility of writing kernel extensions in a high-level, type safe language (i.e., Rust) while preserving compatibility with Linux and find this to be an appealing approach. We show that there are key challenges to implementing this approach and propose potential solutions.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
