System call tracing overhead
合集下载
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Background: server load balancing
S re 1 evr
VP[u l ] I p bi c S ih wt c S re 2 evr
. . .
It r e n en t
G tw y ae a/ Ds a c e ip t h r
S re n evr
→ trace socket system calls of processes on backend servers to
by arguments
Jörg Zinke (Potsdam University)
System call tracing overhead
Frame 4 of 31
Introduction
Overview
Overhead
intercepting system calls involves additional overhead additional overhead can be ignored for the purpose of debugging but should be considered for security enforcing applications and other kind of applications
Jörg Zinke (Potsdam University)
System call tracing overhead
Frame 3 of 31
Introduction
Overview
Overview
system call interception requires at least a kernel based implementation and an user space process to trace usually, there is another process which triggers the tracing and does some actions before and maybe after the system call in addition the triggering requires some kind of registration at the kernel implementation, at least the PID of the application to trace is required commonly, kernel implementations provide mechanisms for reading processor registers → gives the possibility to modify arguments or even modify the data pointed to
interface between operating system kernel and user space programs is defined by a set of system calls [Tan01] system calls vary from OS to OS but concepts tend to be similar system calls transfers the control to the OS similar to a function call which enters the kernel
→ system calls are a universal and fundamental mechanism
Jörg Zinke (Potsdam University)
System call tracing overhead
Frame 7 of 31
System call
System call
determine useful metrics and values for load balancing
Jörg Zinke (Potsdam University) System call tracing overhead Frame 6 of 31
Introduction
Background
→ determine the additional overhead through measurements
Jörg Zinke (Potsdam University)
System call tracing overhead
Frame 5 of 31
Introduction
Overview
Overhead
Background: server load balancing
S re 1 evr
VP[u l ] I p bi c S ih wt c S re 2 evr
. . .
It r e n en t
G tw y ae a/ Ds a c e ip t h r
S re n evr
→ trace socket system calls of processes on backend servers to
determine useful metrics and values for load balancing
Jörg Zinke (Potsdam University) System call tracing overhead Frame 6 of 31
System call
System call
Frame 2 of 31
Introduction
Introduction
system call tracing is a common used technique for debuggers or applications which enforce security policies for debugging purposes the tracing is often done step-by-step or in conjunction with breakpoints for enforcing security policies usually the interception of system calls is required → modify, forbid or allow system calls
intercepting system calls involves additional overhead additional overhead can be ignored for the purpose of debugging but should be considered for security enforcing applications and other kind of applications
System call tracing overhead
Jörg Zinke
Potsdam University Institute for Computer Science Operating Systems and Distributed Systems
Dresden, 2009/10/29
Outline
→ system calls are a universal and fundamental mechanism
Jörg Zinke (Potsdam University)
System call tracing overhead
Frame 7 of 31
Sysementation
→ determine the additional overhead through measurements
Jörg Zinke (Potsdam University)
System call tracing overhead
Frame 5 of 31
Introduction
Background
Jörg Zinke (Potsdam University)
System call tracing overhead
Frame 3 of 31
Introduction
Introduction
system call tracing is a common used technique for debuggers or applications which enforce security policies for debugging purposes the tracing is often done step-by-step or in conjunction with breakpoints for enforcing security policies usually the interception of system calls is required → modify, forbid or allow system calls
System call implementation
system call tracing implementations are usually use system calls too, for registering of PIDs from user space implementing a system call requires control transfer, often done through interrupts or traps modern architectures provide SYSCALL/SYSRET or SYSENTER/SYSEXIT instructions for fast control transfer [BC05] system call implementations have to take care about restricted rights and access control → e.g. open() has to check whether the file permissions and the owner
interface between operating system kernel and user space programs is defined by a set of system calls [Tan01] system calls vary from OS to OS but concepts tend to be similar system calls transfers the control to the OS similar to a function call which enters the kernel
by arguments
Jörg Zinke (Potsdam University)
System call tracing overhead
Frame 4 of 31
Introduction
Overview
Overview
system call interception requires at least a kernel based implementation and an user space process to trace usually, there is another process which triggers the tracing and does some actions before and maybe after the system call in addition the triggering requires some kind of registration at the kernel implementation, at least the PID of the application to trace is required commonly, kernel implementations provide mechanisms for reading processor registers → gives the possibility to modify arguments or even modify the data pointed to
1 2 3 4 5 6 7
Introduction System call Related work Ptrace Systrace Performance test Conclusion and future work
Jörg Zinke (Potsdam University)
System call tracing overhead