Connection Conditioning: Architecture-Independent Support for Simple, Robust Servers

For many network server applications, extracting the maximum performance or scalability from the hardware may no longer be much of a concern, given today's pricing - a $300 system can easily handle 100 Mbps of Web server traffic, which would cost nearly $30,000 per month in most areas. Freed from worrying about absolute performance, we re-examine the design space for simplicity and security, and show that a design approach inspired by Unix pipes, Connection Conditioning (CC), can provide architecture-neutral support for these goals. By moving security and connection management into separate filters outside the server program, CC supports multi-process, multi-threaded, and event-driven servers, with no changes to programming style. Moreover, these filters are customizable and reusable, making it easy to add security to any Web-based service. We show that CC-enhanced servers can easily support a range of security policies, and that offloading connection management allows even simple servers to perform comparably to much more complicated systems.

[1]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[2]  George C. Necula,et al.  Capriccio: scalable threads for internet services , 2003, SOSP '03.

[3]  Mor Harchol-Balter,et al.  Web servers under overload: How scheduling can help , 2006, TOIT.

[4]  T. Mitchem,et al.  Using kernel hypervisors to secure applications , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[5]  Andreas Haeberlen,et al.  NSDI '06: 3rd Symposium on Networked Systems Design & Implementation , 2006 .

[6]  Jeffrey C. Mogul,et al.  Scalable Kernel Performance for Internet Servers Under Realistic Loads , 1998, USENIX Annual Technical Conference.

[7]  David E. Culler,et al.  SEDA: an architecture for well-conditioned, scalable internet services , 2001, SOSP.

[8]  Anthony Lauck,et al.  Hashed and hierarchical timing wheels: data structures for the efficient implementation of a timer facility , 1987, SOSP '87.

[9]  Larry Peterson,et al.  Defensive programming: using an annotation toolkit to build DoS-resistant software , 2002, OSDI '02.

[10]  Mark Russinovich,et al.  High-Performance Memory-Based Web Servers: Kernel and User-Space Performance , 2001, USENIX ATC, General Track.

[11]  Mike Hibler,et al.  The Flask Security Architecture: System Support for Diverse Security Policies , 1999, USENIX Security Symposium.

[12]  Jonathan Lemon Kqueue - A Generic and Scalable Event Notification Facility , 2001, USENIX Annual Technical Conference, FREENIX Track.

[13]  Yi-Min Wang,et al.  ONE-IP: Techniques for Hosting a Service on a Cluster of Machines , 1997, Comput. Networks.

[14]  Peter Druschel,et al.  Resource containers: a new facility for resource management in server systems , 1999, OSDI '99.

[15]  Peter B. Danzig,et al.  A Hierarchical Internet Object Cache , 1996, USENIX ATC.

[16]  Vivek S. Pai,et al.  Proceedings of the General Track: 2004 Usenix Annual Technical Conference Making the " Box " Transparent: System Call Performance as a First-class Result , 2022 .

[17]  Willy Zwaenepoel,et al.  Flash: An efficient and portable Web server , 1999, USENIX Annual Technical Conference, General Track.

[18]  Douglas C. Schmidt,et al.  Measuring the impact of event dispatching and concurrency models on Web server performance over high-speed networks , 1997, GLOBECOM 97. IEEE Global Telecommunications Conference. Conference Record.

[19]  David R. Karger,et al.  Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the World Wide Web , 1997, STOC '97.

[20]  David E. Culler,et al.  USENIX Association Proceedings of USITS ’ 03 : 4 th USENIX Symposium on Internet Technologies and Systems , 2003 .

[21]  Hari Balakrishnan,et al.  TESLA: A Transparent, Extensible Session-Layer Architecture for End-to-end Network Services , 2003, USENIX Symposium on Internet Technologies and Systems.

[22]  Peter Druschel,et al.  A Scalable and Explicit Event Delivery Mechanism for UNIX , 1999, USENIX Annual Technical Conference, General Track.

[23]  Peter Druschel,et al.  Better operating system features for faster network servers , 1998, PERV.