Hybrid Resource Control for Fast-Path Active Extensions
Parveen K Patel
School of Computing
University of Utah, Salt Lake City, UT 84112
ppatel@cs.utah.edu
Master's Thesis
December, 2003
Abstract
The ability of active networks technology to allow customized router
computation critically depends on having resource control techniques
that prevent buggy, malicious, or greedy code from affecting the
integrity or availability of the router's resources. It is hard to
choose between static and dynamic checking for resource
control. Dynamic checking has the advantage of basing its decisions on
precise real-time information about what the extension is doing but
causes runtime overhead and asynchronous termination. Static
checking, on the other hand, has the advantage of avoiding
asynchronous termination and runtime overhead, but is overly
conservative. This thesis presents a hybrid solution: static checking
is used to reject extremely resource-greedy code from the kernel fast
path, while dynamic checking is used to enforce overall resource
control. The hybrid solution uses a restricted programming model that
guarantees termination. It leverages the termination guarantee to
reduce the overhead of runtime checks and to avoid asynchronous
termination.
This thesis also presents a design and initial implementation of the
key parts of the hybrid resource control technique in a router toolkit
called RBClick. RBClick is an extension of the Click modular router
toolkit, customized for active networking in Janos, an active network
operating system. Untrusted extension code is written in a
resource-bounded version of Cyclone, a type-safe version of C.
RBClick would allow users to download new router extensions directly
into the Janos kernel. The thesis shows, by presenting an analysis of
existing and new extensions, that hybrid resource control can be
successfully applied to many classes of extensions. Further, as
compared to the dynamic resource control in Janos, the hybrid
solution can improve the performance of router extensions by up to a
factor of two.
The full thesis is available in
gzip'ed Postscript
and PDF formats.