Stateful distributed interposition

Interposition-based system enhancements for multitiered servers are difficult to build because important system context is typically lost at application and machine boundaries. For example, resource quotas and user identities do not propagate easily between cooperating services that execute on different hosts or that communicate with each other via intermediary services. Application-transparent system enhancement is difficult to achieve when such context information is obscured by complex service interaction patterns. We propose a basic mechanism for sharing contextual information across the tiers of multitier computations to support system enhancement for multitier servers and applications.This article introduces generic, cluster-wide context as a new, configurable abstraction for the OS. System administrator- or application-specified context tracking rules determine how context is associated with system processes, sockets, messages, how it is relayed along the interapplication communication channels, and how it is to be interpreted by system interpositions, thus realizing Stateful Distributed Interposition.

[1]  Daniel F. Sterne,et al.  A Domain and Type Enforcement UNIX Prototype , 1995, Comput. Syst..

[2]  Michael B. Jones,et al.  Interposition agents: transparently interposing user code at the system interface , 1994, SOSP '93.

[3]  David Gelernter,et al.  Generative communication in Linda , 1985, TOPL.

[4]  Mike Williams,et al.  ERLANG for Concurrent Programming , 1993 .

[5]  Mike Hibler,et al.  The Flask Security Architecture: System Support for Diverse Security Policies , 1999, USENIX Security Symposium.

[6]  Donna N. Dillenberger,et al.  Adaptive Algorithms for Managing a Distributed Data Processing Workload , 1997, IBM Syst. J..

[7]  Carl M. Ellison,et al.  The nature of a useable PKI , 1999, Comput. Networks.

[8]  Brian N. Bershad,et al.  Dynamic binding for an extensible system , 1996, OSDI '96.

[9]  David R. Cheriton,et al.  Leases: an efficient fault-tolerant mechanism for distributed file cache consistency , 1989, SOSP '89.

[10]  Charles L. Seitz,et al.  Myrinet: A Gigabit-per-Second Local Area Network , 1995, IEEE Micro.

[11]  Marc Shapiro,et al.  A Survey of Distributed Garbage Collection Techniques , 1995, IWMM.

[12]  Peter Druschel,et al.  Resource containers: a new facility for resource management in server systems , 1999, OSDI '99.

[13]  Nicholas Carriero,et al.  The S/Net's Linda kernel , 1986, TOCS.

[14]  Jay Lepreau,et al.  The Flux OSKit: a substrate for kernel and language research , 1997, SOSP.

[15]  James A. Reeds,et al.  Multilevel security in the UNIX tradition , 1992, Softw. Pract. Exp..

[16]  R. H. Katz,et al.  Evaluating the performance of four snooping cache coherency protocols , 1989, ISCA '89.

[17]  Willy Zwaenepoel,et al.  Cluster reserves: a mechanism for resource management in cluster-based network servers , 2000, SIGMETRICS '00.

[18]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[19]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[20]  Anoop Gupta,et al.  The Stanford Dash multiprocessor , 1992, Computer.

[21]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[22]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[23]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[24]  Roger L. Haskin,et al.  Recovery management in QuickSilver , 1988, TOCS.

[25]  Cameron Hunt,et al.  Mastering Network Security , 1998 .

[26]  Brian N. Bershad,et al.  Using continuations to implement thread management and communication in operating systems , 1991, SOSP '91.

[27]  Spencer E. Minear,et al.  Providing Policy Control Over Object Operations in a Mach-Based System , 1995, USENIX Security Symposium.

[28]  Edward Wobber,et al.  Network objects , 1994, SOSP '93.

[29]  Joe Armstrong,et al.  Concurrent programming in ERLANG , 1993 .

[30]  Thomas E. Anderson,et al.  SLIC: An Extensibility System for Commodity Operating Systems , 1998, USENIX ATC.

[31]  Seth Copen Goldstein,et al.  Active messages: a mechanism for integrating communication and computation , 1998, ISCA '98.

[32]  Larry L. Peterson,et al.  Defending against denial of service attacks in Scout , 1999, OSDI '99.

[33]  Peter Druschel,et al.  Lazy receiver processing (LRP): a network subsystem architecture for server systems , 1996, OSDI '96.

[34]  Kang G. Shin,et al.  Virtual Services: A New Abstraction for Server Consolidation , 2000, USENIX Annual Technical Conference, General Track.

[35]  H. Jamjoom,et al.  QGuard: Protecting Internet Servers from Overload , 2000 .

[36]  Seth Copen Goldstein,et al.  Active messages: a mechanism for integrating communication and computation , 1998, ISCA '98.