Casuar - A Protected Library OS for running Windows applications on top of Vortex

Master thesis English OPEN
Graff, Erlend Helland;
(2015)
  • Publisher: UiT Norges arktiske universitet
  • Subject: INF-3990 | VDP::Matematikk og Naturvitenskap: 400::Informasjons- og kommunikasjonsvitenskap: 420::Systemutvikling og – arbeid: 426 | VDP::Mathematics and natural science: 400::Information and communication science: 420::System development and system design: 426

Today, virtual machines (VMs) are commonly employed to encapsulate and isolate workloads in the cloud, enabling efficient utilization of hardware resources through the use of statistical multiplexing. Still, there is a significant overhead associated with the use of VMs... View more
  • References (18)
    18 references, page 1 of 2

    1 Introduction 1 1.1 Thesis Statement . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 Targeted Applications . . . . . . . . . . . . . . . . . . . . . 4 1.3 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.4 Summary of Contributions . . . . . . . . . . . . . . . . . . . 6 1.5 Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

    2 Architecture 9 2.1 Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.2 The Vortex Omni-Kernel . . . . . . . . . . . . . . . . . . . . 13 2.2.1 Protected Library Operating Systems . . . . . . . . . 15 2.3 Casuar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.4 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . 19

    3 Low-level Synchronization and Signaling Mechanisms 21 3.1 Interrupt Request Levels (IRQLs) and Software Interrupts . . 22 3.1.1 Emulating Software Interrupts in Casuar . . . . . . . 26 3.2 Asynchronous Procedure Calls (APCs) . . . . . . . . . . . . 36 3.2.1 Implementing APCs in Casuar . . . . . . . . . . . . . 40 3.3 Blocking Synchronization . . . . . . . . . . . . . . . . . . . 44 3.3.1 Dispatcher Objects . . . . . . . . . . . . . . . . . . . 45 3.3.2 Implementation of Blocking in Windows . . . . . . . 49 3.3.3 Implementing Blocking Waits in Casuar . . . . . . . . 52 3.4 Suspend and Resume . . . . . . . . . . . . . . . . . . . . . 58 3.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

    4 Executive Services 63 4.1 Object Manager . . . . . . . . . . . . . . . . . . . . . . . . 63 4.1.1 Implementation of an Object Manager in Casuar . . . 68 4.2 I/O Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 70 4.2.1 I/O in Casuar . . . . . . . . . . . . . . . . . . . . . . 72 4.3 Memory Manager . . . . . . . . . . . . . . . . . . . . . . . 73 4.4 Other Executive Components . . . . . . . . . . . . . . . . . 75 4.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

    5 Achieving ABI Compatibility 79 5.1 Basic Approach . . . . . . . . . . . . . . . . . . . . . . . . . 80 5.2 Monitoring Memory Accesses to User-Mode Data Structures . 82 5.3 Using Stack Traces to Provide Context . . . . . . . . . . . . 87 5.4 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

    6 Evaluation 97 6.1 Experimental Setup . . . . . . . . . . . . . . . . . . . . . . 97 6.2 System Call Benchmarks . . . . . . . . . . . . . . . . . . . . 98 6.2.1 Benchmark results . . . . . . . . . . . . . . . . . . . 101 6.3 I/O benchmarks . . . . . . . . . . . . . . . . . . . . . . . . 104 6.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

    7 Concluding Remarks 109 7.1 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 7.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . 111 3.1 Example of how a processor's IRQL may change in the face of interrupts. . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 IRQLs used in Windows on x64. . . . . . . . . . . . . . . . . 3.3 Layout of a machine frame that is pushed onto a kernel stack by the CPU when an interrupt occurs. . . . . . . . . . . . . . 3.4 APC queue implemented as a circular list of KAPC objects. . . 3.5 Layout of user stack before dispatching a user APC to user mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.6 Example illustrating how threads are released from a dispatcher object's wait list. . . . . . . . . . . . . . . . . . . . 3.7 Illustration of how wait blocks links together dispatcher objects with threads waiting for the objects. . . . . . . . . . . 3.8 Examples of races between a faulting thread, an interrupter, and the exception dispatcher thread. . . . . . . . . . . . . .

    4.1 Object type hierarchy. . . . . . . . . . . . . . . . . . . . . . 4.2 Hierarchical structure of the global NT namespace. . . . . . 4.3 Overview of handle table structure. . . . . . . . . . . . . . . 4.4 Lookup of objects in the NT namespace. . . . . . . . . . . .

    5.1 Casuar's memory monitor architecture. . . . . . . . . . . . . 5.2 Hello world Native application run in Windows at boot-time. 11 S Y S T E M C A L L B E N C H M A R K S CO N C L U D I N G R E M A R K S F U T U R E W O R K [19] KVM. http://www.linux-kvm.org/. [Online].

    [27] Kubernetes by Google. http://kubernetes.io/. [Online].

  • Related Research Results (1)
    Inferred by OpenAIRE
    software
    rkt software on GitHub
    72%
  • Metrics
Share - Bookmark