cs.OS

arXiv:2501.01334v1 Announce Type: new Abstract: Virtualization is a technique that allows multiple instances typically running different guest operating systems on top of single physical hardware. A hypervisor, a layer of software running on top of the host operating system, typically runs and manages these different guest operating systems. Rather than to run different services on different servers for reliability and security reasons, companies started to employ virtualization over their servers to run these services within a single server. This approach proves beneficial to the companies as it provides much better reliability, stronger isolation, improved security and resource utilization compared to running services on multiple servers. Although hypervisor based virtualization offers better resource utilization and stronger isolation, it also suffers from high overhead as the host operating system has to maintain different guest operating systems. To tackle this issue, another form of virtualization known as Operating System-level virtualization has emerged. This virtualization provides light-weight, minimal and efficient virtualization, as the different instances are run on top of the same host operating system, sharing the resources of the host operating system. But due to instances sharing the same host operating system affects the isolation of the instances. In this paper, we will first establish the basic concepts of virtualization and point out the differences between the hyper-visor based virtualization and operating system-level virtualization. Next, we will discuss the container creation life-cycle which helps in forming a container threat model for the container systems, which allows to map different potential attack vectors within these systems. Finally, we will discuss a case study, which further looks at isolation provided by the containers.

arXiv:2501.00068v1 Announce Type: new Abstract: The exponential growth of data-intensive applications has placed unprecedented demands on modern storage systems, necessitating dynamic and efficient optimization strategies. Traditional heuristics employed for storage performance optimization often fail to adapt to the variability and complexity of contemporary workloads, leading to significant performance bottlenecks and resource inefficiencies. To address these challenges, this paper introduces RL-Storage, a novel reinforcement learning (RL)-based framework designed to dynamically optimize storage system configurations. RL-Storage leverages deep Q-learning algorithms to continuously learn from real-time I/O patterns and predict optimal storage parameters, such as cache size, queue depths, and readahead settings[1]. The proposed framework operates within the storage kernel, ensuring minimal latency and low computational overhead. Through an adaptive feedback mechanism, RL-Storage dynamically adjusts critical parameters, achieving efficient resource utilization across a wide range of workloads. Experimental evaluations conducted on a range of benchmarks, including RocksDB and PostgreSQL, demonstrate significant improvements, with throughput gains of up to 2.6x and latency reductions of 43% compared to baseline heuristics. Additionally, RL-Storage achieves these performance enhancements with a negligible CPU overhead of 0.11% and a memory footprint of only 5 KB, making it suitable for seamless deployment in production environments. This work underscores the transformative potential of reinforcement learning techniques in addressing the dynamic nature of modern storage systems. By autonomously adapting to workload variations in real time, RL-Storage provides a robust and scalable solution for optimizing storage performance, paving the way for next-generation intelligent storage infrastructures.

arXiv:2501.00248v1 Announce Type: new Abstract: This paper reports our experience of providing lightweight correctness guarantees to an open-source Rust OS, Theseus. First, we report new developments in intralingual design that leverage Rust's type system to enforce additional invariants at compile time, trusting the Rust compiler. Second, we develop a hybrid approach that combines formal verification, type checking, and informal reasoning, showing how the type system can assist in increasing the scope of formally verified invariants. By slightly lessening the strength of correctness guarantees, this hybrid approach substantially reduces the proof effort. We share our experience in applying this approach to the memory subsystem and the 10 Gb Ethernet driver of Theseus, demonstrate its utility, and quantify its reduced proof effort.

arXiv:2501.00977v1 Announce Type: new Abstract: The increasing demand for SSDs coupled with scaling difficulties have left manufacturers scrambling for newer SSD interfaces which promise better performance and durability. While these interfaces reduce the rigidity of traditional abstractions, they require application or system-level changes that can impact the stability, security, and portability of systems. To make matters worse, such changes are rendered futile with introduction of next-generation interfaces. Further, there is little guidance on data placement and hardware specifics are often abstracted from the application layer. It is no surprise therefore that such interfaces have seen limited adoption, leaving behind a graveyard of experimental interfaces ranging from open-channel SSDs to zoned namespaces. In this paper, we show how shim layers can to shield systems from changing hardware interfaces while benefiting from them. We present Reshim, an all-userspace shim layer that performs affinity and lifetime based data placement with no change to the operating system or the application. We demonstrate Reshim's ease of adoption with host-device coordination for three widely-used data-intensive systems: RocksDB, MongoDB, and CacheLib. With Reshim, these systems see 2-6 times highe write throughput, up to 6 times lower latency, and reduced write amplification compared to filesystems like F2FS. Reshim performs on par with application-specific backends like ZenFS while offering more generality, lower latency, and richer data placement. With Reshim we demonstrate the value of isolating the complexity of the placement logic, allowing easy deployment of dynamic placement rules across several applications and storage interfaces.

arXiv:2501.00994v1 Announce Type: new Abstract: With the advent of hundreds of cores on a chip to accelerate applications, the operating system (OS) needs to exploit the existing parallelism provided by the underlying hardware resources to determine the right amount of processes to be mapped on the multi-core systems. However, the existing OS is not scalable and is oblivious to applications. We address these issues by adopting a multi-layer network representation of the dynamic application-to OS-to-architecture dependencies, namely the NetworkedOS. We adopt a compile-time analysis and construct a network representing the dependencies between dynamic instructions translated from the applications and the kernel and services. We propose an overlapping partitioning scheme to detect the clusters or processes that can potentially run in parallel to be mapped onto cores while reducing the number of messages transferred. At run time, processes are mapped onto the multi-core systems, taking into consideration the process affinity. Our experimental results indicate that NetworkedOS achieves performance improvement as high as 7.11x compared to Linux running on a 128-core system and 2.01x to Barrelfish running on a 64-core system.

arXiv:2412.18104v1 Announce Type: new Abstract: Real-time operating systems employ spatial and temporal isolation to guarantee predictability and schedulability of real-time systems on multi-core processors. Any unbounded and uncontrolled cross-core performance interference poses a significant threat to system time safety. However, the current Linux kernel has a number of interference issues and represents a primary source of interference. Unfortunately, existing research does not systematically and deeply explore the cross-core performance interference issue within the OS itself. This paper presents our industry practice for mitigating cross-core performance interference in Linux over the past 6 years. We have fixed dozens of interference issues in different Linux subsystems. Compared to the version without our improvements, our enhancements reduce the worst-case jitter by a factor of 8.7, resulting in a maximum 11.5x improvement over system schedulability. For the worst-case latency in the Core Flight System and the Robot Operating System 2, we achieve a 1.6x and 1.64x reduction over RT-Linux. Based on our development experience, we summarize the lessons we learned and offer our suggestions to system developers for systematically eliminating cross-core interference from the following aspects: task management, resource management, and concurrency management. Most of our modifications have been merged into Linux upstream and released in commercial distributions.

arXiv:2412.17246v1 Announce Type: new Abstract: Model autoscaling is the key mechanism to achieve serverless model-as-a-service, but it faces a fundamental trade-off between scaling speed and storage/memory usage to cache parameters, and cannot meet frequent scaling requirements across multiple hosts. The key problem is that data plane performance is slow, and scaled instances remain stopped while parameters are loading. We first show that data plane can be made fast with no/O(1) caching by loading parameters through the compute network between GPUs because: (1) its speed is comparable host cache and is underutilized; (2) scaling multiple instances requires no or O(1) caching with network-optimized multicast. Second, autoscaling can be made live by breaking the scaling abstraction from a coarse-grained instance-level to a fine-grained layer-level. This allows us to offload the layer computation from the overloaded serving instances to the scaled instance with cooperative execution, thus handles cases even when the compute network is not sufficiently fast. Our system BLITZSCALE reduces the serving tail latencies by up to 86% without caching, and we achieve comparable performance (or even better) to an optimal setup where all the parameters are cached at all the host for autoscaling.

arXiv:2411.10612v2 Announce Type: replace Abstract: The growing reliance on software in vehicles has given rise to the concept of Software-Defined Vehicles (SDVs), fundamentally reshaping the vehicles and the automotive industry. This survey explores the cybersecurity and privacy challenges posed by SDVs, which increasingly integrate features like Over-the-Air (OTA) updates and Vehicle-to-Everything (V2X) communication. While these advancements enhance vehicle capabilities and flexibility, they also come with a flip side: increased exposure to security risks including API vulnerabilities, third-party software risks, and supply-chain threats. The transition to SDVs also raises significant privacy concerns, with vehicles collecting vast amounts of sensitive data, such as location and driver behavior, that could be exploited using inference attacks. This work aims to provide a detailed overview of security threats, mitigation strategies, and privacy risks in SDVs, primarily through a literature review, enriched with insights from a targeted questionnaire with industry experts. Key topics include defining SDVs, comparing them to Connected Vehicles (CVs) and Autonomous Vehicles (AVs), discussing the security challenges associated with OTA updates and the impact of SDV features on data privacy. Our findings highlight the need for robust security frameworks, standardized communication protocols, and privacy-preserving techniques to address the issues of SDVs. This work ultimately emphasizes the importance of a multi-layered defense strategy,integrating both in-vehicle and cloud-based security solutions, to safeguard future SDVs and increase user trust.

arXiv:2407.14567v2 Announce Type: replace Abstract: In the era of the Internet of Everything, operating systems (OSs) face unprecedented challenges posed by an evolving application landscape and increasingly heterogeneous hardware ecosystems. This shift toward increasingly dynamic and unpredictable operational contexts presents significant challenges for both OS developers and users. Against this backdrop, the fusion of Artificial Intelligence (AI) with Operating Systems emerges as a critical frontier for innovation. This survey delves into the intricate interplay between AI and OSs, illustrating how existing OS mechanisms combined with AI significantly elevate the performance, security, and efficiency of modern operating systems. We investigate a range of AI methodologies applied to optimize core OS functionalities and clarify the correlation to related studies. Our analysis touches on the existing hurdles and prospective avenues in this interdisciplinary domain, underscoring the imperative for robust and seamless integration of AI capabilities into OS architectures. Through an examination of illustrative case studies and cutting-edge developments, we offer a thorough review of the current status of AI-OS integration, accentuating its pivotal role in steering the evolution of advanced computing paradigms. We also envision the promising prospects of Intelligent Operating Systems, debating how groundbreaking OS designs will usher in novel possibilities and highlight the central role that AI will assume in propelling these next-generation systems forward. This forward-thinking outlook illuminates the profound influence of AI on the foundational elements of computing, heralding the advent of a new epoch characterized by intelligent, self-adapting, and highly adaptive software ecosystems.