Portable Resource Control in Java The J-SEAL2 Approach

Similar documents
Portable Resource Control in Java: Application to Mobile Agent Security

A Quantitative Evaluation of the Contribution of Native Code to Java Workloads

Context Threading: A flexible and efficient dispatch technique for virtual machine interpreters

JRes: A Resource Accounting Interface for Java

Design and Implementation of the J-SEAL2 Mobile Agent Kernel

Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems. Robert Grimm University of Washington

Compiler construction 2009

SOFTWARE ARCHITECTURE 7. JAVA VIRTUAL MACHINE

A Trace-based Java JIT Compiler Retrofitted from a Method-based Compiler

Improving Java Code Performance. Make your Java/Dalvik VM happier

Java Security. Compiler. Compiler. Hardware. Interpreter. The virtual machine principle: Abstract Machine Code. Source Code

Java: framework overview and in-the-small features

CS2110 Fall 2011 Lecture 25. Under the Hood: The Java Virtual Machine, Part II

Improving Java Performance

The Java Language Implementation

CMPSC 497: Java Security

Java TM Introduction. Renaud Florquin Isabelle Leclercq. FloConsult SPRL.

High-Level Language VMs

Java Internals. Frank Yellin Tim Lindholm JavaSoft

An Introduction to Multicodes. Ben Stephenson Department of Computer Science University of Western Ontario

Today. Instance Method Dispatch. Instance Method Dispatch. Instance Method Dispatch 11/29/11. today. last time

Code Profiling. CSE260, Computer Science B: Honors Stony Brook University

Java Class Loading and Bytecode Verification

CSc 453 Interpreters & Interpretation

Running class Timing on Java HotSpot VM, 1

02 B The Java Virtual Machine

HydraVM: Mohamed M. Saad Mohamed Mohamedin, and Binoy Ravindran. Hot Topics in Parallelism (HotPar '12), Berkeley, CA

Java byte code verification

SABLEJIT: A Retargetable Just-In-Time Compiler for a Portable Virtual Machine p. 1

T E C H N I Q U E S F O R T H E D E S I G N O F J AVA O P E R AT I N G S Y S T E M S

Mixed Mode Execution with Context Threading

Compiling Techniques

Method-Level Phase Behavior in Java Workloads

Just In Time Compilation

Static Program Analysis

Run-time Program Management. Hwansoo Han

CSC 4181 Handout : JVM

YETI. GraduallY Extensible Trace Interpreter VEE Mathew Zaleski, Angela Demke Brown (University of Toronto) Kevin Stoodley (IBM Toronto)

Software Speculative Multithreading for Java

Developing Mobile Applications

SECURITY RISKS IN JAVA-BASED MOBILE CODE SYSTEMS

Compiler construction 2009

Android Internals and the Dalvik VM!

Jupiter: A Modular and Extensible JVM

Trusting Virtual Trust

Learning objectives. The Java Environment. Java timeline (cont d) Java timeline. Understand the basic features of Java

Objectives. Problem Solving. Introduction. An overview of object-oriented concepts. Programming and programming languages An introduction to Java

Agenda. CSE P 501 Compilers. Java Implementation Overview. JVM Architecture. JVM Runtime Data Areas (1) JVM Data Types. CSE P 501 Su04 T-1

CSE P 501 Compilers. Java Implementation JVMs, JITs &c Hal Perkins Winter /11/ Hal Perkins & UW CSE V-1

Enhancing Java Grid Computing Security with Resource Control

Managed runtimes & garbage collection. CSE 6341 Some slides by Kathryn McKinley

Running Mistyped Code. Lecture 19: Java Security. Running Mistyped Code. Java Security Architecture. JavaVM. Reference Monitors

15CS45 : OBJECT ORIENTED CONCEPTS

Threads. What is a thread? Motivation. Single and Multithreaded Processes. Benefits

Translating JVM Code to MIPS Code 1 / 43

Confinement (Running Untrusted Programs)

Managed runtimes & garbage collection

Towards future method hotness prediction for Virtual Machines

JVML Instruction Set. How to get more than 256 local variables! Method Calls. Example. Method Calls

EXAMINATIONS 2008 MID-YEAR COMP431 COMPILERS. Instructions: Read each question carefully before attempting it.

Chapter 4: Threads. Chapter 4: Threads

Atelier Java - J1. Marwan Burelle. EPITA Première Année Cycle Ingénieur.

JSR 292 backport. (Rémi Forax) University Paris East

Problem: Too Many Platforms!

CMSC 433 Programming Language Technologies and Paradigms. Concurrency

Limits of Parallel Marking Garbage Collection....how parallel can a GC become?

The Java Virtual Machine. CSc 553. Principles of Compilation. 3 : The Java VM. Department of Computer Science University of Arizona

Exercise 7 Bytecode Verification self-study exercise sheet

Operating Systems (2INC0) 2018/19. Introduction (01) Dr. Tanir Ozcelebi. Courtesy of Prof. Dr. Johan Lukkien. System Architecture and Networking Group

Java Code Coverage Mechanics Evgeny Mandrikov Marc Hoffmann #JokerConf 2017, Saint-Petersburg

Certified Core Java Developer VS-1036

Concurrent Programming using Threads

Processes. Process Concept

Java Instrumentation for Dynamic Analysis

A Quantitative Analysis of Java Bytecode Sequences

Experiences with Multi-threading and Dynamic Class Loading in a Java Just-In-Time Compiler

JAVA MOCK TEST JAVA MOCK TEST III

Compaq Interview Questions And Answers

Introduction to Visual Basic and Visual C++ Introduction to Java. JDK Editions. Overview. Lesson 13. Overview

Over-view. CSc Java programs. Java programs. Logging on, and logging o. Slides by Michael Weeks Copyright Unix basics. javac.

Java On Steroids: Sun s High-Performance Java Implementation. History

Introduction to Java. Lecture 1 COP 3252 Summer May 16, 2017

Process Description and Control

WebAssembly. neither Web nor Assembly, but Revolutionary

Core JAVA Training Syllabus FEE: RS. 8000/-

JAVA PERFORMANCE. PR SW2 S18 Dr. Prähofer DI Leopoldseder

JavaSplit. A Portable Distributed Runtime for Java. Michael Factor Assaf Schuster Konstantin Shagin

Chapter 3: Operating-System Structures

Low latency & Mechanical Sympathy: Issues and solutions

IBM WebSphere Application Server V4.0. Performance. 10/02/01 Copyright 2001 IBM Corporation WS40ST11.prz Page 248 of of 28

Java language. Part 1. Java fundamentals. Yevhen Berkunskyi, NUoS

Building a Compiler with. JoeQ. Outline of this lecture. Building a compiler: what pieces we need? AKA, how to solve Homework 2

CS510 Operating System Foundations. Jonathan Walpole

The security mechanisms of Java

Course Overview. PART I: overview material. PART II: inside a compiler. PART III: conclusion

Project. there are a couple of 3 person teams. a new drop with new type checking is coming. regroup or see me or forever hold your peace

JVM Independent Replay in Java

ELEC 377 Operating Systems. Week 1 Class 2

Last class: OS and Architecture. OS and Computer Architecture

Last class: OS and Architecture. Chapter 3: Operating-System Structures. OS and Computer Architecture. Common System Components

Transcription:

Portable Resource Control in Java The J-SEAL2 Approach Walter Binder w.binder@coco.co.at CoCo Software Engineering GmbH Austria Jarle Hulaas Jarle.Hulaas@cui.unige.ch Alex Villazón Alex.Villazon@cui.unige.ch Rory Vidal University of Geneva Switzerland

Overview Motivation Portable resource control layer Architecture and functions Memory accounting CPU accounting Example Evaluation Integration with J-SEAL2 2

Motivation: Java and Mobile Code Most mobile code environments are based on Java Applets Mobile objects (agents) Protection of host requires resource control Java has no support for resource control 3

Benefits of Resource Control Security Prevention against denial-of-service attacks E-commerce Billing for resource consumption Quality of service guarantees Software development Monitoring and profiling of distributed applications 4

Different Approaches to Resource Control in Java Special JVM KaffeOS (based on Kaffe VM) Alta Aroma Native code JRes (CPU control) JUM (Java Usage Monitor; JVMPI) Bytecode transformations JRes (memory control) J-RAF (Java Resource Accounting Facility) 5

J-RAF: Portable Resource Control Layer for Java Resource control Resource accounting Enforcing resource limits Resources Physical (e.g., memory, CPU) Logical (e.g., threads, tasks) Communication (e.g., with services) Pure Java No dependence on operating system Standard JVMs (state-of-the-art JITs) Java processors (e.g., embedded systems) 6

Layered Architecture for Resource Control Resource-aware Applications High-level RC API (All Resources) Low-level RC API (Memory, CPU) Resource-aware JDK Classes JVM Native Code online offline control policy offline Bytecode Rewriting 7

Functions of the Low-level Resource Control Layer Memory accounting and control Pre-accounting, enforcement of limits Pluggable control strategy Single thread Multi-threaded task (synchronization!) Multiple tasks (consistency after termination!) CPU accounting Pre-accounting for each thread Pre-accounting for estimated future GC costs during object allocation 8

Functions of the High-level Resource Control Layer Integration with hierarchical task model Pluggable control strategies Memory control policies Scheduling for CPU control Uniform API for all resources Extensible API Charging for resource consumption 9

Reification of Physical Resources by Bytecode Rewriting 10 Introduction of account objects Associated with threads (thread-locals) Passed as extra argument (optimization) Wrapper methods with unmodified signature (called by native code) Memory accounting and control Allocated bytes on heap (estimation) Before allocation CPU accounting Executed bytecode instructions In every basic block of code

Memory Account (Simplified) Supports aggregation (single account for multiple threads/tasks) Weak references to allocated objects public final class Mem { public static Mem getorcreate(); } public void setlimit(long limit); public void checkallocation(int size) throws ResourceOveruseException; public void register(object o); 11

CPU Account Separate account for each thread No synchronization Accessed by high-priority scheduler thread (high-level RC layer) public final class CPU { public static CPU getorcreate(); } public volatile int usage; 12

Rewriting Example: Passing Account Objects Unmodified method Object f(int x) { if (x < 0) return null; else return new Foo(g(x)); } Added account objects Object f(int x, Mem mem, CPU cpu) { if (x < 0) return null; else return new Foo(g(x, mem, cpu), mem, cpu); } 13

Rewriting Example: Memory Accounting (Simplified) Object f(int x, Mem mem, CPU cpu) { if (x < 0) return null; else { int y = g(x, mem, cpu); mem.checkallocation(sizeof_foo); Object o = new Foo(y, mem, cpu); mem.register(o); return o; } } 14

Rewriting Example: CPU Accounting Object f(int x, Mem mem, CPU cpu) { cpu.usage += 8; if (x < 0) { cpu.usage += 8; return null; } else { cpu.usage += 26; int y = g(x, mem, cpu); mem.checkallocation(sizeof_foo); Object o = new Foo(y, mem, cpu); mem.register(o); return o; } } 15

Accounting Block Analysis 16 1 2 3 4 5 6 7 8 0 bipush 10 2 istore_1 3 iconst_1 6 istore_3 7 goto 25 10 invokestatic #2 <Method java.lang.thread currentthread()> 13 pop 14 ldc2_w #3 <Long 100> 17 bipush 100 19 invokestatic #5 <Method void sleep(long, int)> 22 iinc 3 1 25 iload_3 26 iconst_1 27 if_icmple 10 30 iload_2 31 iconst_1 32 if_icmpl1 3 35 iinc 2-1 38 goto 44 41 astore_2 42 iconst_0 43 istore 3 44 return Exception table: from to target type 3 38 41 <Class java.lang.exception> 1 (size=2) 2 (size=3) 3 (size=6) 4 (size=3) 7 (size=3) 5 (size=3) 6 (size=2) 8 (size=1)

Overhead of CPU Accounting relative execution time 1,6 1,4 1,2 1 0,8 0,6 0,4 0,2 0 mtrt jess compr. db mpeg jack javac mean Application JDK Unmodified Unmodified Rewritten Unmodified Rewritten Rewritten Mean 100% 115% 125% 17

Limitations Requires Java 2 platform No accounting for resources consumed by native code Restrictions (compensation for native code) Reflection Deserialization Class loading Object cloning 18

Case study: The J-SEAL2 Mobile Object Kernel Operating system structure Isolated tasks Safe task termination Mediated communication Resource control Small micro-kernel (< 150 KB) Portable (pure Java) Flexible and extensible Efficient and scalable 19

Nested Tasks in J-SEAL2 Hierarchy of tasks Parent task controls children Communication control Resource control Transformation control Termination of sub-hierarchies Sandboxes with different privileges 20

J-SEAL2 System Structure Root Net GUI Mail Services Sandbox Trusted Manager Stationary Domains Sandbox Anonym Mobile Objects M.O. 1 M.O. 2 M.O. 3 M.O. 4 21

Hierarchical Resource Control in J-SEAL2 Startup Root task owns all resources Sub-task creation Parent may donate resources to child Parent may share resources with child 22

Resource Donation and Sharing in J-SEAL2 Trusted domains share share Root CPU MEM split 20% split 50MB share MEM 10MB CPU 5% MEM 40MB split 10MB share Untrusted applications split 75% CPU 15% 23

Summary Resource control is crucial for host security, but missing in Java Resource control layer for Java Portable (pure Java) Reification of physical resources Bytecode rewriting Moderate overhead 24

Get More Information! J-SEAL2 URL: http://www.jseal2.com/ Email: w.binder@coco.co.at Java Resource Accounting Facility Collaboration with TiOS (Uni Geneva) URL: http://abone.unige.ch/ 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback