Sunday, January 10, 2016

We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We were describing Haven and the limitations of the original Intel SGX.
It needed new instructions for dynamic memory allocation and protection. SGX doesn't report page faults or GPFs to the enclave and it permitted RDTSC and RDTSCP instructions for practicality and performance. The thread local storage can't reliably switch FS and GS. These were fixed in SGX v2. Haven was tested using SGX emulator. There was no direct SGX implementation at that time.
To overcome this for performance evaluation, a model was used. This model consisted of a TLB flush on Enclave crossings and a variable spin-delay for critical SGX instructions such as enclave crossings, dynamic memory allocation, protection, penalty for access to encrypted memory and slow overall system DRAM clock. The results showed that there was slowdown but it depended on model parameters. Apache had 35% slowdown, SQL Server had 65% slowdown as compared to VMs
10K plus cycles  for SGX instructions and 30% slower RAM was assumed for the study.
The application workloads were chosen as database and webserver to give two different perspectives.
The database server was Microsoft SQL Server 2014, Enterprise-edition and TPC-E, a standard online transaction processing benchmark. They use a default configuration for SQL Server when running naively or in a VM but for Drawbridge and Haven some parameters were varied. Drawbridge does not support large pages or locked physical allocations so they were disabled. The buffer cache was limited to 6.5 GB because LibOS does not report physical memory usage and the server's default behaviour led to excessive paging. The TPC-E clients ran on a single machine connected to a test system by a local gigabit network.For each run, 30 minutes of warm up time were allowed and then the transaction performance was measured for an hour. The web server was Apache 2.4.7. and PHP 5.5.11. The Drawbridge was configured to run Apache's worker processes in the same address space and enclave and modified Apache's configuration to avoid using AcceptEx, which exposed a compatibility bug in LibOS socket code. Mediawiki was backed by a SQLLite database and enabled the alternative PHP Cache for intermediate code and MediaWiki page data. The server was benchmarked using 50 worker threads on the client that repeatedly fetched 14kB main page over persistent SSL connections for a period of 5 minutes.
#codingquestion
Given a set of M unix paths that already exist and N paths that need to be created, find out how many mkdir commands without options need to be given
int GetNumMkdirs(SortedList<string> created, SortedList<string>todo)
{
int count = 0;
foreach (var item in todo)
{
var parts = item.split('/');
string sep ="/";
for (int I = parts.count; I > 0; I--)
{
    result = "/" + String.Join(sep, val, 0, i);
    if (created.contains(result)){
        break;
    }
    count += 1;
}
for (int I = 0; I < parts.count+1; I++)
{
   result = "/" + String.Join(sep, val, 0, i);
   if (created.contains(result) == false)
       created.Add(result);
}
return count;
}

No comments:

Post a Comment