期刊文献+
共找到2篇文章
< 1 >
每页显示 20 50 100
Iso-UniK:lightweight multi-process unikernel through memory protection keys
1
作者 Guanyu Li Dong Du Yubin Xia 《Cybersecurity》 CSCD 2020年第1期141-154,共14页
Unikernel,specializing a minimalistic libOS with an application,is an attractive design for cloud computing.However,the Achilles’heel of unikernel is the lack of multi-process support,which makes it less flexible and... Unikernel,specializing a minimalistic libOS with an application,is an attractive design for cloud computing.However,the Achilles’heel of unikernel is the lack of multi-process support,which makes it less flexible and applicable.Many applications rely on the process abstraction to isolate different components.For example,Apache with the multi-processing module isolates a request handler in a process to guarantee security.Prior art tackles the problem by simulating multi-process with multiple unikernels,which is incompatible with existing cloud providers and also introduces high overhead.This paper proposes Iso-UniK,a new unikernel design enabling multi-task applications with the support of both functionality and isolation.Iso-UniK leverages a recent hardware feature,named Intel Memory Protection Key(Intel MPK),to provide lightweight and efficient isolation for multi-process in unikernel.Our design has three benefits compared with previous approaches.First,Iso-UniK does not need hypervisor support and is thus compatible with existing cloud computing platforms;second,Iso-UniK promises fast system calls with only 45 cycles;last,a process can be isolated with a flexible configuration.We have implemented a prototype based on OSv,a unikernel system supporting unmodified applications.Iso-UniK can achieve fast fork operation with only 66μs for multi-process applications.Our evaluation shows that the isolation and multi-process support in Iso-UniK will not damage the applications’performance. 展开更多
关键词 Unikernel MULTI-PROCESS Intel MPK ISOLATION
原文传递
Iso-UniK:lightweight multi-process unikernel through memory protection keys
2
作者 Guanyu Li Dong Du Yubin Xia 《Cybersecurity》 2018年第1期34-47,共14页
Unikernel,specializing a minimalistic libOS with an application,is an attractive design for cloud computing.However,the Achilles’heel of unikernel is the lack of multi-process support,which makes it less flexible and... Unikernel,specializing a minimalistic libOS with an application,is an attractive design for cloud computing.However,the Achilles’heel of unikernel is the lack of multi-process support,which makes it less flexible and applicable.Many applications rely on the process abstraction to isolate different components.For example,Apache with the multi-processing module isolates a request handler in a process to guarantee security.Prior art tackles the problem by simulating multi-process with multiple unikernels,which is incompatible with existing cloud providers and also introduces high overhead.This paper proposes Iso-UniK,a new unikernel design enabling multi-task applications with the support of both functionality and isolation.Iso-UniK leverages a recent hardware feature,named Intel Memory Protection Key(Intel MPK),to provide lightweight and efficient isolation for multi-process in unikernel.Our design has three benefits compared with previous approaches.First,Iso-UniK does not need hypervisor support and is thus compatible with existing cloud computing platforms;second,Iso-UniK promises fast system calls with only 45 cycles;last,a process can be isolated with a flexible configuration.We have implemented a prototype based on OSv,a unikernel system supporting unmodified applications.Iso-UniK can achieve fast fork operation with only 66μs for multi-process applications.Our evaluation shows that the isolation and multi-process support in Iso-UniK will not damage the applications’performance. 展开更多
关键词 Unikernel MULTI-PROCESS Intel MPK ISOLATION
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部