Cited By
View all- Mi ZGuo ZHuang FChen H(2023)Hawkeye: Eliminating Kernel Address Leakage in Normal Data FlowsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.319332720:4(3208-3221)Online publication date: 1-Jul-2023
General and Fast Inter-Process Communication via Bypassing Privileged Software
Authors: 
Zeyu Mi, Haoqi Zhuang, Binyu Zang, 
Haibo ChenAuthors Info & Claims
Pages 2435 - 2448
Abstract
IPC (Inter-Process Communication) is a widely used operating system (OS) technique that allows one process to invoke the services of other processes. The IPC participants may share the same OS (<italic>internal IPC</italic>) or use a separate OS (<italic>external IPC</italic>). Even though a long line of researches has optimized the performance of IPC, it is still a major factor of the run-time overhead of IPC-intensive applications. Furthermore, there is no one-size-fits-all solution for both internal and external IPC. This paper presents SkyBridge, a general communication technique designed and optimized for both types of IPC. SkyBridge requires no involvement of the privileged software (the kernel or the hypervisor) and enables a process to directly switch to the virtual address space of the target process, regardless of whether they are running on the same OS or not. We have implemented SkyBridge on two microkernels (seL4 and Google Zircon) as well as an open-source serverless hypervisor (Firecracker). The evaluation results show that SkyBridge improves the latency of internal IPC and external IPC by up to 19.6x and 1265.7x, respectively.
References
[1]
gVisor, Nov. 2021. [Online]. Available: https://github.com/google/gvisor
[2]
Intel 64 and IA-32 architectures software developer’s manual volume 3c, Nov. 2021. [Online]. Available: https://software.intel.com/en-us/articles/intel-sdm
[3]
Openwhisk: Open source serverless cloud platform, Nov. 2021. [Online]. Available: https://openwhisk.apache.org/
[4]
seL4 benchmark results, Nov. 2021. [Online]. Available: http://sel4.systems/About/Performance/
[5]
SQLite3, Nov. 2021. [Online]. Available: https://www.sqlite.org/index.html
[6]
The Zircon microkernel, Nov. 2021. [Online]. Available: https://fuchsia.googlesource.com/zircon
[7]
A. Agacheet al., “Firecracker: Lightweight virtualization for serverless applications,” in Proc. 17th USENIX Symp. Netw. Syst. Des. Implementation, 2020, pp. 419–434.
[8]
I. E. Akkuset al., “SAND: Towards high-performance serverless computing,” in Proc. USENIX Conf. Usenix Annu. Tech. Conf., 2018, pp. 923–935.
[9]
B. N. Bershad, T. E. Anderson, E. D. Lazowska, andH. M. Levy, “Lightweight remote procedure call,” ACM Trans. Comput. Syst., vol. 8, no. 1, pp. 37–55, 1990.
[10]
B. N. Bershadet al., “Extensibility safety and performance in the SPIN operating system,” in Proc. ACM 15th Symp. Oper. Syst. Princ., 1995, vol. 29, pp. 267–283.
[11]
M. Castroet al., “Fast byte-granularity software fault isolation,” in Proc. ACM 22nd Symp. Oper. Syst. Princ., 2009, pp. 45–58.
[12]
H. Chen, D. Ziegler, T. Chajed, A. Chlipala, M. F. Kaashoek, and N. Zeldovich, “Using crash hoare logic for certifying the FSCQ file system,” in Proc. ACM 25th Symp. Oper. Syst. Princ., 2015, pp. 18–37.
[13]
Y. Chen, S. Reymondjohnson, Z. Sun, and L. Lu, “Shreds: Fine-grained execution units with private memory,” in Proc. IEEE Symp. Security Privacy, 2016, pp. 56–71.
[14]
R. K. Clark, E. D. Jensen, and F. D. Reynolds, “An architectural overview of the Alpha real-time distributed kernel,” in Proc. USENIX Workshop Microkernels Kernel Architectures, 1992, pp. 27–28.
[15]
N. Dautenhahn, T. Kasampalis, W. Dietz, J. Criswell, and V. S. Adve, “Nested kernel: An operating system architecture for intra-kernel privilege separation,” in Proc. 20th Int. Conf. Architectural Support Program. Lang. Oper. Syst., 2015, vol. 50, pp. 191–206.
[16]
D. Du, Z. Hua, Y. Xia, B. Zang, and H. Chen, “XPC: Architectural support for secure and efficient cross process call,” in Proc. 46th Int. Symp. Comput. Archit., 2019, pp. 671–684.
[17]
V. Dukic, R. Bruno, A. Singla, and G. Alonso, “Photons: Lambdas on a diet,” in Proc. 11th ACM Symp. Cloud Comput., 2020, pp. 45–59.
[18]
K. Elphinstone and G. Heiser, “From L3 to seL4 what have we learnt in 20 years of L4 microkernels,” in Proc. ACM 24th Symp. Oper. Syst. Princ., 2013, pp. 133–150.
[19]
B. Ford and J. Lepreau, “Evolving Mach 3.0 to a migrating thread model,” in Proc. USENIX Winter Tech. Conf., 1994, pp. 9–9.
[20]
T. Frassetto, P. T. Jauernig, C. Liebchen, and A.-R. Sadeghi, “IMIX: In-process memory isolation extension,” in Proc. 27th USENIX Secur. Symp., 2018, pp. 83–97.
[21]
Y. Ganet al., “An open-source benchmark suite for microservices and their hardware-software implications for cloud & edge systems,” in Proc. 24th Int. Conf. Architectural Support Program. Lang. Oper. Syst., 2019, pp. 3–18.
[22]
J. Guet al., “Harmonizing performance and isolation in microkernels with efficient intra-kernel isolation and communication,” in Proc. USENIX Annu. Tech. Conf., 2020, pp. 401–417.
[23]
D. Haja, Z. R. Turanyi, andL. Toka, “Location, proximity, affinity–the key factors in FaaS,” Infocommunications J., vol. 12, no. 4, pp. 14–21, 2020.
[24]
Z. Hua, D. Du, Y. Xia, H. Chen, and B. Zang, “EPTI: Efficient defence against meltdown attack for unpatched VMs,” in Proc. USENIX Annu. Tech. Conf., 2018, pp. 255–266.
[25]
G. C. Hunt and J. R. Larus, “Singularity: Rethinking the software stack,” Oper. Syst. Rev., vol. 41, no. 2, pp. 37–49, 2007.
[26]
Z. Jia and E. Witchel, “Nightcore: Efficient and scalable serverless computing for latency-sensitive, interactive microservices,” in Proc. 26th Int. Conf. Architectural Support Program. Lang. Oper. Syst., 2021, pp. 301–315.
[27]
A. Kalia, M. Kaminsky, and D. Andersen, “Datacenter RPCs can be general and fast,” in Proc. 16th USENIX Symp. Netw. Syst. Des. Implementation, 2019, pp. 1–16.
[28]
G. Kleinet al., “seL4: Formal verification of an OS kernel,” in Proc. ACM 22nd Symp. Oper. Syst. Princ., 2009, pp. 207–220.
[29]
M. Kogias, G. Prekas, A. Ghosn, J. Fietz, and E. Bugnion, “R2p2: Making RPCs first-class datacenter citizens,” in Proc. USENIX Annu. Tech. Conf., 2019, pp. 863–880.
[30]
S. Kotni, A. Nayak, V. Ganapathy, and A. Basu, “Faastlane: Accelerating function-as-a-service workflows,” in Proc. USENIX Annu. Tech. Conf., 2021, pp. 805–820.
[31]
D. Liet al., “Accelerator virtualization framework based on inter-VM exitless communication,” Int. J. Softw. Informat., vol. 11, no. 2, pp. 169–193, 2021.
[32]
W. Li, Y. Xia, H. Chen, B. Zang, and H. Guan, “Reducing world switches in virtualized environment with flexible cross-world calls,” in Proc. ACM/IEEE 42nd Annu. Int. Symp. Comput. Archit., 2015, vol. 43, pp. 375–387.
[33]
J. Liedtke, “Improving IPC by kernel design,” in Proc. ACM 14th Symp. Oper. Syst. Princ., 1994, vol. 27, pp. 175–188.
[34]
J. Liedtke, “On micro-kernel construction,” in Proc. ACM 15th Symp. Oper. Syst. Princ., 1995, vol. 29, pp. 237–250.
[35]
J. Liedtkeet al., “Achieved IPC performance (still the foundation for extensibility),” in Proc. 6th Workshop Hot Topics Oper. Syst., 1997, pp. 28–31.
[36]
M. Lippet al., “Meltdown: Reading kernel memory from user space,” in Proc. 27th USENIX Secur. Symp., 2018, pp. 973–990.
[37]
Y. Liu, T. Zhou, K. Chen, H. Chen, and Y. Xia, “Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation,” in Proc. 22nd ACM SIGSAC Conf. Comput. Commun. Secur., 2015, pp. 1607–1619.
[38]
A. Markuze, I. Smolyar, A. Morrison, and D. Tsafrir, “DAMN: Overhead-free IOMMU protection for networking,” in Proc. 23rd Int. Conf. Architectural Support Program. Lang. Oper. Syst., 2018, pp. 301–315.
[39]
Z. Mi, D. Li, H. Chen, B. Zang, and H. Guan, “(Mostly) exitless VM protection from untrusted hypervisor through disaggregated nested virtualization,” in Proc. 29th USENIX Secur. Symp., 2020, pp. 1695–1712.
[40]
Z. Mi, D. Li, Z. Yang, X. Wang, and H. Chen, “SkyBridge: Fast and secure inter-process communication for microkernels,” in Proc. 14th EuroSys Conf., 2019, Art. no.
[41]
V. Narayanan, Y. Huang, G. Tan, T. Jaeger, and A. Burtsev, “Lightweight kernel isolation with virtualization and VM functions,” in Proc. 16th ACM SIGPLAN/SIGOPS Int. Conf. Virt. Execution Environ., 2020, pp. 157–171.
[42]
A. Pourhabibiet al., “Optimus prime: Accelerating data transformation in servers,” in Proc. 25th Int. Conf. Architectural Support Program. Lang. Oper. Syst., 2020, pp. 1203–1216.
[43]
L. Shi, Y. Wu, Y. Xia, N. Dautenhahn, H. Chen, and B. Zang, “Deconstructing xen,” in Proc. 24th Netw. Distrib. Syst. Secur. Symp., 2017.
[44]
L. Soares and M. Stumm, “FlexSC: Flexible system call scheduling with exception-less system calls,” in Proc. 9th USENIX Conf. Oper. Syst. Des. Implementation, 2010, pp. 33–46.
[45]
W. Tang and Z. Mi, “Secure and efficient in-hypervisor memory introspection using nested virtualization,” in Proc. IEEE Symp. Service-Oriented Syst. Eng., 2018, pp. 186–191.
[46]
A. Vahldiek-Oberwagner, E. Elnikety, N. O. Duarte, M. Sammler, P. Druschel, and D. Garg, “ERIM: Secure, efficient in-process isolation with protection keys (MPK),” in 28th USENIX Secur. Symp., Santa Clara, CA: USENIX Assoc., Aug. 2019, pp. 1221–1238.
[47]
L. Vilanova, M. Jordà, N. Navarro, Y. Etsion, and M. Valero, “Direct inter-process communication (dIPC): Repurposing the CODOMs architecture to accelerate IPC,” in Proc. 12th Eur. Conf. Comput. Syst., 2017, pp. 16–31.
[48]
R. N. Watsonet al., “Fast protection-domain crossing in the CHERI capability-system architecture,” IEEE Micro, vol. 36, no. 5, pp. 38–49, Sep./Oct. 2016.
[49]
Wikipedia, “Kernel page-table isolation,” Nov. 2021. [Online]. Available: https://en.wikipedia.org/wiki/Kernel_page-table_isolation
[50]
J. Woodruffet al., “The CHERI capability model: Revisiting RISC in an age of risk,” in Proc. ACM/IEEE 41st Annu. Int. Symp. Comput. Archit., 2014, vol. 42, pp. 457–468.
[51]
Z. Yang, Z. Mi, and Y. Xia, “Undertow: An intra-kernel isolation mechanism for hardware-assisted virtual machines,” in Proc. IEEE Int. Conf. Service-Oriented Syst. Eng., 2019, pp. 257–2575.
Index Terms
- General and Fast Inter-Process Communication via Bypassing Privileged Software
Index terms have been assigned to the content through auto-classification.
Recommendations
Boosting Inter-process Communication with Architectural Support
IPC (inter-process communication) is a critical mechanism for modern OSes, including not only microkernels such as seL4, QNX, and Fuchsia where system functionalities are deployed in user-level processes, but also monolithic kernels like Android where ...
Portable Inter Process Communication Programming
ADVCOMP '08: Proceedings of the 2008 The Second International Conference on Advanced Engineering Computing and Applications in SciencesMost applications are consisted of several activities that are fulfilled by different processes. And even processes are included different child processes named light processes or threads. The basic idea of dividing the whole activities to processes is ...
Inter-cluster communication in VLIW architectures
The traditional VLIW (very long instruction word) architecture with a single register file does not scale up well to address growing performance demands on embedded media processors. However, splitting a VLIW processor in smaller clusters, which are ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
0018-9340 © 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.
Publisher
IEEE Computer Society
United States
Publication History
Published: 01 October 2022
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 14 Jan 2025
Other Metrics
Citations
Cited By
View all- Mi ZGuo ZHuang FChen H(2023)Hawkeye: Eliminating Kernel Address Leakage in Normal Data FlowsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.319332720:4(3208-3221)Online publication date: 1-Jul-2023