Distributed control applications using local area networks: a LAN based power control system at Rhodes University

Sullivan, Anthony John

January 2002

This thesis describes the design and development of both the hardware and software of an embedded, distributed control system using a LAN infrastructure for communication between nodes. The primary application of this system is for power monitoring and control at Rhodes University. Both the hardware and software have been developed to provide a modular and scalable system capable of growing and adapting to meet the changing demands placed on it. The software includes a custom written Internet Protocol stack for use in the embedded environment, with a small code footprint and low processing overheads. There is also Linux-based control software, which includes a web-based device management interface and graphical output. Problems specific to the application are discussed as well as their solutions, with particular attention to the constraints of an embedded system.

Embedded computer systems

Local area networks (Computer networks)

Linux

Optimización del rendimiento de sockets UDP en aplicaciones multithreads

Rivera Villagra, Diego Arturo Guillermo Alejandro

January 2013

Ingeniero Civil en Computación / Los servidores DNS son máquinas que resuelven consultas sobre nombres de dominio y se caracterizan por atender grandes cantidades de pequeñas peticiones que usualmente caben en una única unidad de comunicación en Internet llamada paquete . Para aumentar la cantidad de respuestas, el software encargado de esto explota las máquinas con múltiples procesadores, paralelizando las atenciones, lo cual ha mostrado no generar las ganancias esperadas. Para estudiar este problema se replicó la operación usando núcleos de Sistemas Operativos modernos e intentando leer concurrentemente desde un socket, identificando así los posibles puntos de falla: la implementación de read en la libc, el mecanismo de atención de las llamadas al sistema, o alguna porción de código ejecutado al recibir un paquete desde Internet. Los primeros dos posibles orígenes fueron descartados con pruebas directas mediante la comparación del rendimiento de read al leer desde distintas fuentes y determinando cómo se comporta la atención de las llamadas a sistema, mediante la creación de una de estas con fines de prueba. Así, el estudio se concentra en la tercera posible fuente del problema: el núcleo de Linux. Para estudiar el comportamiento de cómo es recibido un paquete, se investigó cómo fluye la información a través del stack de red desde que ésta arriba al dispositivo. Se descubrió que la información era encolada en estructuras de datos compartidas, requiriendo sincronización, e identificando, por lo tanto, un posible punto de falla. Para corroborarlo, se modificó un núcleo con el fin de determinar cómo la sincronización afectaba en la serialización de los accesos a un socket. Los resultados de las pruebas anteriores ejecutadas sobre el núcleo modificado arrojaron que el esquema de sincronización utilizado no permitía las lecturas concurrentes, por lo que se propuso cambiar el esquema de encolamiento de los paquetes en el socket, introduciendo estructuras que sí permitan la paralelización de read. Para simplificar la situación, el esquema de encolamiento de paquetes fue modelado en una implementación en C en espacio usuario, replicando estructuras y sincronización presentes en el núcleo. Sobre este modelo fue implementada una solución con múltiples colas de recepción de paquetes, creando colas por cada lector concurrente desde el lado de la aplicación. Finalmente, el modelo arrojó que esta solución permite efectivamente paralelizar los accesos, llegando a duplicar el throughput alcanzado actualmente por los sockets en determinadas configuraciones de threads.

Servidores Web

DNS

Sockets

An implementation and analysis of the configurable security architecture

Hardy, Alexandre

10 September 2012

M.Sc. / The Configurable Security Architecture (ConSA) describes an architecture that may be used to implement a wide variety of security policies. The architecture supports application and system security, unlike traditional security systems. ConSA allows for various degrees of security and efficiency determined by the implementation of the system. Arbitrary security policies may be implemented and possibly changed even if the system is running. If such an architecture were adopted by the industry, a wide variety of security policies could be assembled with off the shelf components. Such a situation is clearly desirable. This text describes the implementation of a ConSA prototype system. The prototype demonstrates that a configurable security system is possible and that the goals specified above can be met. The prototype is implemented in the Linux operating system due to the large number of UNIX based machines used by corporations. To begin a discussion of a security architecture, classic security models must be revisited. Chapter 2 introduces these models. Chapter 4 describes Linux security features, and how classical security models may be implemented in Linux. As well as an introduction to the environment of the prototype, these chapters will also serve to highlight the abilities of the ConSA model. Various obstacles are encountered in the implementation of a new security architecture. An implementation must strive to support existing applications (with little or no modification to the application) while supporting new features that increase the value of the system. The obstacles that are encountered in the implementation of a ConSA system are investigated and solutions for these obstacles are presented. The ConSA architecture is revised to provide a specification that supports the implementation of the architecture, and specifies the operation of each of the ConSA components sufficiently for an implementation on various platforms. The prototype supports three different implementations of ConSA that demonstrate the ease with which the system can be moved to different architectures, operating environments or security requirements. There have been several extensions to the UNIX security model. Many of these are implemented in the Linux operating system. The ConSA system must improve on these extensions to be a viable security alternative for Linux. Chapter 15 introduces a few of these extensions, many of which provide innovative approaches to security not present in classical models. The implementation of these extensions in the ConSA architecture is provided theoretically to illustrate that ConSA can indeed fulfil the role of these extensions. A prototype must be evaluated to determine if the system is of value. The final chapter investigates the shortcomings of the prototype and together with chapter 4 illustrates the benefits of the ConSA architecture.

Computer security.

Computer architecture.

Computer software - Development.

Linux

Open source nástroje hromadné správy linuxových serverů / Open source tools for mass administration of linux servers

Dočekal, Michal

January 2012

The goal of this thesis is to describe a compare selected open source tools for mass linux server administration. In the first part, the tools are described, including their principles and internal architecture. The next part follows with the comparison of these selected tools using several groups of comparison criteria. The main contribution of this thesis is the actual comparison of software tools of this type. The method chosen to fulfill the goal of this thesis is literature search and custom practical testing of these tools.

Jails vs Docker : A performance comparison of different container technologies

Ryding, Christian, Johansson, Rickard

January 2020

Virtualization is used extensively by Enterprise IT architecture and cloud computing, it is used to provide customers a part of their hardware resources as a service. Container technology is the new generation of virtualization and provides performance benefits due to less overhead. Earlier research has compared different container technologies regarding their performance, including Docker which is the most popular container technology. Most of this research has been focusing on Linux based container technologies. Even though there is interest in knowing how other container technologies under different operating systems perform. In this study we explore the performance of Docker in contrast to the performance of a contending container technology named Jails. We present how well each container technology performs running one or multiple containers, in the areas of CPU, memory, read from disk, write to disk, network and startup time efficiency. The comparison was done using collected statistics from different benchmarking tools. Results from this study have shown that Docker is utilizing shared resources and has better stability compared to Jails. We also discuss what unexplored benefits Docker and Jails can have by implementing each other’s unique features. Future work could consist of writing to disk or reading from disk performance tests under one common filesystem, e.g., ZFS file system. / Virtualisering används i stor utsträckning av Enterprise IT-arkitektur och molntjänster, den används för att kunna erbjuda sina kunder en del av sina hårdvaruresurser som en tjänst. Containerteknologi är den nya generationen virtualisering och ger prestandafördelar på grund av mindre omkostnader. Tidigare forskning har jämfört olika containerteknologier angående deras prestanda, inklusive Docker, som är den mest populära containertekniken. Merparten av tidigare forskning har fokuserat på Linuxbaserade containerteknologier, även om det finns intresse för att veta hur andra containerteknologier under olika operativsystem fungerar. I denna studie undersöker vi Dockers prestanda jämfört med prestandan till containerteknologin med namnet Jails. Vi presenterar hur bra varje containerteknologi fungerar med att köra en eller flera containrar inom områdena CPU, minne, läsa från disk, skriva till disk, nätverkshastighet och starttid. Jämförelsen gjordes med insamlad statistik från olika referensverktyg. Resultat från denna studie har visat att Docker använder delade resurser på ett effektivare sätt och har bättre stabilitet jämfört med Jails. Vi diskuterar också vilka outforskade fördelar Docker och Jails kan ha genom att implementera varandras unika funktioner. Framtida arbete kan bestå av att skriva till disk eller läsa från diskprestanda under ett gemensamt filsystem, t.ex. ZFS-filsystem.

Docker

Jails

Container

Linux

FreeBSD

Software Engineering

Programvaruteknik

Energy Efficient Smartphones: Minimizing the Energy Consumption of Smartphone GPUs using DVFS Governors

Ahmad, Enas M.

15 May 2013

Modern smartphones are being designed with increasing processing power, memory capacity, network communication, and graphics performance. Although all of these features are enriching and expanding the experience of a smartphone user, they are significantly adding an overhead on the limited energy of the battery. This thesis aims at enhancing the energy efficiency of modern smartphones and increasing their battery life by minimizing the energy consumption of smartphones Graphical Processing Unit (GPU). Smartphone operating systems are becoming fully hardware-accelerated, which implies relying on the GPU power for rendering all application graphics. In addition, the GPUs installed in smartphones are becoming more and more powerful by the day. This raises an energy consumption concern. We present a novel implementation of GPU Scaling Governors, a Dynamic Voltage and Frequency Scaling (DVFS) scheme implemented in the Android kernel to dynamically scale the GPU. The scheme includes four main governors: Performance, Powersave, Ondmand, and Conservative. Unlike previous studies which looked into the power efficiency of mobile GPUs only through simulation and power estimations, we have implemented our approach on a real modern smartphone GPU, and acquired actual energy measurements using an external power monitor. Our results show that the energy consumption of smartphones can be reduced up to 15% using the Conservative governor in 2D rendering mode, and up to 9% in 3D rendering mode, with minimal effect on the performance.

smart phone

energy

GPU

DVFS

Linux CPUFRQ

scaling

A Secure and Formally Verified Commodity Multiprocessor Hypervisor

Li, Shih-Wei

January 2021

Commodity hypervisors are widely deployed to support virtual machines on multiprocessor server hardware. Modern hypervisors are complex and often integrated with an operating system kernel, posing a significant security risk as writing large, multiprocessor systems software is error-prone. Attackers that successfully exploit hypervisor vulnerabilities may gain unfettered access to virtual machine data and compromise the confidentiality and integrity of virtual machine data. Theoretically, formal verification offers a solution to this problem, by proving that the hypervisor implementation contains no vulnerabilities and protects virtual machine data under all circumstances. However, it remains unknown how one might feasibly verify the entire codebase of a complex, multiprocessor commodity system. My thesis is that modest changes to a commodity system can reduce the required proof effort such that it becomes possible to verify the security properties of the entire system. This dissertation introduces microverification, a new approach for formally verifying the security properties of commodity systems. Microverification reduces the proof effort for a commodity system by retrofitting the system into a small core and a set of untrusted services, thus making it possible to reason about properties of the entire system by verifying the core alone. To verify the multiprocessor hypervisor core, we introduce security-preserving layers to modularize the proof without hiding information leakage so we can prove each layer of the implementation refines its specification, and the top layer specification is refined by all layers of the core implementation. To verify commodity hypervisor features that require dynamically changing information flow, we incorporate data oracles to mask intentional information flow. We can then prove noninterference at the top layer specification and guarantee the resulting security properties hold for the entire hypervisor implementation. Using microverification, we retrofitted the Linux KVM hypervisor with only modest modifications to its codebase. Using Coq, we proved that the hypervisor protects the confidentiality and integrity of VM data, including correctly managing tagged TLBs, shared multi-level page tables, and caches. Our work is the first machine-checked security proof for a commodity multiprocessor hypervisor. Experimental results with real application workloads demonstrate that verified KVM retains KVM’s functionality and performance.

Computer science

Multiprocessors--Programming

Computer security

Virtual computer systems

Linux

Využití systému Raspberry PI pro řízení. / Control system with Raspbery PI

Zgrebňák, Michal

January 2018

The goal of this diploma thesis is to verify the practical applicability of the Raspberry Pi platform in control applications. The work consists of choosing a suitable operating system and implementing a discrete PID algorithm. An important part of the work was the Linux OS modification and compilation. Measurement has demonstrated the usability of the platform in control applications. The result of this work is a discreet PID controller implemented as a Linux kernel module. The solution also includes a web interface as a human-machine interface.

Správa serverů s operačním systémem Fedora / Management of servers with Fedora operating system

Šuba, Filip

January 2020

The diploma thesis deals with a tool for managing research projects in the global experimental network PlanetLab. It is possible to use the Planetlab server manager application for administration. As part of this work, the application was extended with new functions, which are mainly: obtaining information about the status of operation of individual servers, advanced server search according to the size of the server's operating memory, Linux kernel version. Furthermore, the feature of managing servers outside the Planetlab experimental network and the feature of copying files to selected servers were added. The application is available in the PyPI repository and the source code is published on the GitLab platform under the MIT license. The application is available for Linux and Mac OS. A manual in English was prepared for the application.

Optimalizace operačního systému s jádrem Linux pro zařízení napájené z akumulátoru / Linux kernel operating system optimization for battery-powered devices

Lefler, Přemysl

January 2021

his thesis focuses on optimization of Linux-based operating system for a accumulator-powered device Raspberry Pi 4. Compared to other devices commonly used in Internet of Things projects, the Raspberry Pi 4 offers many functions within one device. However, the disadvantage is the high consumption of electricity. The aim of this thesis is to achieve greatest possible savings in electricity consumption of the Raspberry Pi 4 device, with regard to functionality of the device as a server for data collection from sensors.