1

JanosJanos

Patrick Tullmann

Flux Research Group

University of Utah

2

Janos JVMJanos JVMExtend Java virtual machine– Support OS-like processes– Fine-grained resource controls

Flexible system– Run on OSKit == Active Node– Run as Unix process == Java OS

3

Ex: Network AdministrationEx: Network Administration

AT&T

MCI

Victim

Attacker

4

A Current ApproachA Current ApproachMCI’s Denial of Service Tracker

(DoSTrack)– DoSTrack walks “upstream” following

the trail to the attackerShortcomings of DoSTrack– Only works in the MCI administrative

domain– Requires a Cisco router and Perl5

5

Packet Forwarding

MCI Other

AT & T

An Active Network ApproachAn Active Network Approach1. Install extensible system on each router

Safe language system

2. Add infrastructure to separate tasksWho & what is executing

3. Add support for hierarchical resource controls

6

MotivationMotivationJava Virtual Machine provides:– Safety– Platform independence

Active Node OS needs:–Multiple “user” management– Resource management– Flexible & extensible control

7

ApproachApproachTraditional OS a good model– Hardware provides safety mechanism– OS provides management

Fluke OS nested process model

8

Nested Process ModelNested Process ModelAlta Virtual Machine

Root TaskUntrusted Container Trusted Container

Admin ComponentAdmin Component

Hierarchical– Environment of process controlled by

parents– Parent can manage all, few, or no resources

of child– Any process can create sub-processes

9

Mapping an OS into JavaMapping an OS into JavaType safety replaces hardware page

protectionsBytecodes replace simple

instructionsNative methods replace privileged

instructionsAll higher-level abstractions are

equivalent

10

JavaOS Prototype: AltaJavaOS Prototype: AltaSupports Fluke features for process

management–Mimics Fluke structure– Provides parent process with control– No CPU controls

Maintains backwards compatibility– Existing Java apps work (JDK 1.0)

11

JavaOS Prototype: AltaJavaOS Prototype: AltaMaintains “whole JVM” illusionPer-process, flexible typespacesInter-process sharingSharing & resource control

12

User-level SharingUser-level Sharing

Child allocates -> Parent references– Harmless. If parent dies then child dies

– Useful. Child can pass IPC arguments

Sibling allocates -> Sibling references– Allowable. Parent trades communication

costs for separation

Parent allocates -> Child references– Standard server behavior

– Cannot deallocate without child’s cooperation

13

Alta vs. FlukeAlta vs. FlukeUse similar internal organization– Both implement a “red line” [Back 1999]– Fully preemptible kernel

Alta allows kernel / user data sharing

Performance is weak– Improve Java– Improve structure of Alta

14

ContributionsContributionsPrototype demonstrates applicability

of OS abstractions to JavaThe Fluke NPM with a different

protection mechanism Multiple application support in a JVMType-safe sharing between

inconsistent typespaces

15

Building an Active NodeBuilding an Active NodeExpand resource management– CPU Inheritance Scheduling– Network access–Memory management

• Shared objects

• Garbage collection

Flask security architectureJava optimizations and improvements

16

Memory: GC & Sharing Memory: GC & Sharing CPU time for GCCharging for shared objects

17

Java OptimizationJava OptimizationMemory management– Stack allocation– Non-GC processes

Optimized/restricted environments– Java code on the fast-path

18

Extend to EEExtend to EEProvide resource controls in ANTS– CPU– Network–Memory

Challenges in applying to ANTS– Per-protocol– Subdivision of resources

the endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe endthe end