Close

Presentation

This content is available for: Workshop Reg Pass. Upgrade Registration
CARAT KOP: Toward Protecting the Core HPC Kernel from Linux Kernel Modules
Session13th International Workshop on Runtime and Operating Systems for Supercomputers (ROSS)
DescriptionExtending Linux through kernel modules offers immense potential benefits and capabilities for HPC. Deployment is also more likely since Linux is typically the only supported vendor OS. However, because Linux is monolithic, kernel modules are free to access any address with maximum permissions. A poorly written---or untrustworthy---module can wreak havoc. This makes it hard to justify including custom kernel modules in production HPC systems. We address this limitation using the previously developed compiler- and runtime-based address translation (CARAT) model and toolchain, which injects guards around memory accesses. The accesses are then allowed/disallowed according to a policy. We share our results regarding the guard injection and address validation process. Our CARAT-based Kernel Object Protection (CARAT KOP) prototype is able to transform a substantial production kernel module from the kernel tree (a NIC driver comprising ~19,000 lines of code). The transformed module runs with minimal effect on its performance.
Author/Presenters
Thomas Filipiuk
Northwestern University
Nick Wanninger
Northwestern University
Nadharm Dhiantravan
Northwestern University
Carson Surmeier
Northwestern University
Alex Bernat
Harvard University
Peter Dinda
Northwestern University
Event Type
Workshop
TimeSunday, 12 November 202311:18am - 11:42am MST
Location704-706
ask a question
give feedback
Tags
Middleware and System Software
Programming Frameworks and System Software
Runtime Systems
Registration Categories
W
Next PresentationNext Presentation
Fine-Grained Accelerator Partitioning for Machine Learning and Scientific Computing in Function as a Service Platform