Real-Time Systems
Towards security and QoS optimization in real-time embedded systems
ACM SIGBED Review - Special issue: The work-in-progress (WIP) session of the RTSS 2005
A mechanism for achieving a bound on execution performance of process group to limit CPU abuse
The Journal of Supercomputing
| Hi-index | 0.00 |
Abstract: Resource management has become an important issue for computer systems as QoS-sensitive multimedia appli cations and hostile acts such as denial of service (DoS) attacks become widespread. Since applications access the processor, network and other subsystems, attacks on any of these subsystems can lead to undesirable behavior. To maintain system integrity even under such attacks, an un privileged application must not be allowed to intentionally or unintentionally affect the progress of others. In this paper, we present a first-class abstraction called Resource Control Lists (RCLs) to specify and enforce protection policies on time multiplexed resources, similar to access control on files. RCLs put access control on time multiplexed resources such as CPU time and network and disk band-width. RCLs are practical, flexible and provide several benefits. Protection policies specified by RCLs can be under administrator control, customized to a site, and can be dynamically adapted. We have built support for RCLs into Linux/RK, a real- time version of Linux that provides resource reservations where applications receive a promised amount of resources by making reservations. Quantitative measurements with limited forms of DoS attacks show that our new features provide flexible functionality while imposing accept- able overhead without modifying the applications. We also demonstrate that resources are protected even in the face of malicious activities. Finally, we show how RCLs can be used to deliver resource protection on multiple web server configurations including the hosting of multiple logical sites by an ISP and preferential treatment of buyers on e-commerce sites.