Studying the Performance and Security Trade-offs in Modern Linux Systems
Restricted (Penn State Only)
- Author:
- Zhang, Wenhui
- Graduate Program:
- Information Sciences and Technology
- Degree:
- Doctor of Philosophy
- Document Type:
- Dissertation
- Date of Defense:
- October 05, 2023
- Committee Members:
- Trent Jaeger, Outside Unit & Field Member
Peng Liu, Chair & Dissertation Advisor
Aiping Xiong, Major Field Member
Prasenjit Mitra, Major Field Member
Jeffrey Bardzell, Program Head/Chair - Keywords:
- Linux
Container
Security - Abstract:
- Modern Linux systems can be categorized into four main types: container-based, unikernel/libraryOS-based, microVM-based, and VM-based. These different approaches offer varying levels of isolation and efficiency for running applications. Furthermore, the filesystem on these systems is often bolstered through Linux security modules. These modules enhance the filesystem's security by implementing access controls. However, both hypervisors and Linux security modules encounter a delicate balance between performance and security considerations. This thesis focuses on trade-offs between performance and security for modern systems. In the first part of this work, we study and analyze the overhead of file protection using Linux security modules. We delve into the Linux Security Module (LSM), uncovering a notable decline in Linux performance over a decade. This decline is linked to the enforcement of policies and the placement of hooks. We introduce a Policy Testing Module to assess their impact, which evaluates the effects of policy enforcement and hook placement. Employing quantitative analysis, we gauge the latency repercussions of policy enforcement on end-to-end file operations and record authorization frequencies for individual syscalls. We perform static analysis on syscall call graphs to further validate our findings. Moving forward, we introduce ArmorPLC, a tailored framework for virtual network functions that operates as a gateway for the Industry Internet of Things. This framework safeguards programs derived from ladder logic diagrams for Programming Logic Controllers (PLC). It detects zero-day exploits and employs a record-and-reply strategy to mitigate such attacks. In the third work, our primary emphasis is crafting a high-performance, secure runtime for microservices built upon MicroVM technology. Our key objective is to elevate runtime efficiency while maintaining a strong security posture in two common microservice deployment scenarios. This is accomplished by reducing VMExit invocation frequencies, enabling faster VMExit handling and faster memory management. We achieve less VMExit invocation by implementing targeted interruption routing. We achieve faster VMExit handling by implementing soft-VMCS and using Linux Syscall Table as a Function Table for guest processes (i.e., read-only userspace syscall tables). We achieve faster memory management by implementing per-instance soft-EPT management. These techniques collectively contribute to heightened performance without undermining the overall security of the microservice systems.