Theses

Submitted: 09/2024

Supervisors: Prof. Dr.-Ing. Timo Hönig, Manuel Vögele, M.Sc.

Abstract:

This thesis investigates the viability of creating an abstraction layer for the commonly used system call fork(), motivated by its performance limitations and complexity in large-scale programs. The goal was to determine whether an abstraction could streamline fork() usage, improving performance, particularly in cases where fork() is followed by exec(). An algorithm was developed to detect the presence of the fork-exec pattern in binaries, which is a common use case for fork(). Manual analysis of selected programs uncovered additional patterns, including:
• Setting of standard input, output, and error files
• Managing signals for inter-process communication
• Daemonizing processes
The results showed that 90.51% of programs contain at least one fork-exec pattern, and 84.01% use exec() after every fork(). Although the other patterns were less frequent, they were often used alongside the fork-exec pattern. Given the high prevalence of the fork-exec pattern, an abstraction layer that swaps fork() with posix_spawn() a potentially more effective alternative could improve performance. This may work especially well with programs that have a short distance between fork() and exec(), since such programs often only have the standard IO, signals, and daemonizing patterns. These are exactly the patterns which can be substituted with posix_spawn(). In cases where the abstraction is insufficient, the system could revert to using the traditional fork(). However, the presence of other patterns, particularly the ”signals” and ”other” patterns, complicates the creation of a universal abstraction. These patterns, due to their complexity and unique implementations, present challenges that could hinder the widespread replacement of fork(). Furthermore replacing fork() as discussed in this thesis only works for the fork-exec pattern. This exempts 15.99% of programs since they implement at least one fork() without exec(), consequently hindering the replacement of fork() in such programs.

Submitted: 09/2024

Supervisors: Prof. Dr.-Ing. Timo Hönig, Manuel Vögele, M.Sc.

Abstract:

perf is a Linux library used to read and store the various perf events of a processor, either one at a time or multiple simultaneously. Possible perf events include a large variety of hardware events, like processor cycles, number of instructions or cache misses. They also include software events such as the number of page faults or context switches. perf stat reads the values of the corresponding perf counter, a hardware register, and makes them accessible for the end user. Since perf might be used on large server farms, even a slight energy overhead can unnecessarily increase the costs. Furthermore, performance counters are used for research and being aware of the overhead may increase the accuracy of research results.
The focus of this work is to determine potential impacts of using perf on the energy consumption of a processor. For that, the Powenetics-v2 device will be used. It is an external measurement device, which allows to measure voltage, current and energy consumption of the individual parts of a computer, i.e. the processor, mainboard, and graphics card. The Powenetics-v2 device also allows up to 1000 measurements per second, which is a uniquely high resolution. A computer will be measured performing the same workloads repeatedly, with and without using perf. Subsequently, the power consumption is compared for both. This process is repeated for different workloads and different sets of perf events.
This thesis will show that some sets of perf events cause a slight energy overhead of about 1%. Nevertheless, most of the examined sets of perf events did not produce any or negligible overhead.
Furthermore, the results also indicate an impact on the processors performance; a decrease of up to 0.4% could be shown. These results are important to take into account when using perf counters for research, since the overhead could slightly distort other results. In cases in which high precision is crucial, results gathered by perf of former research might have to be reevaluated. Moreover, energy in large server farms may be wasted, especially if one considers the additionally required cooling. Finally, this work may provide a foundation for further in depth research of the precise reasons for the found impact.

Submitted: 08/2024

Supervisors: Prof. Dr.-Ing. Timo Hönig, Henriette Herzog, M.Sc., Manuel Vögele, M.Sc.

Abstract:

Current desktop operating systems are dominated by the monolithic architecture. Criticisms of this architecture include reduced modularity and being less resilient against crashes. This is because a high number of components share the same address space within the kernel. The entire system can be affected by a fault in a single component, leading to a crash.
An alternative, the microkernel architecture, is an attempt at improving this. Components that were previously part of the kernel are moved into regular processes. This introduces a strong layer of isolation between these components. As a result, both modularity and the resilience against system
crashes is improved.
The goal of this thesis is to analyse the energy efficiency of microkernel-based operating systems and compare it with monolithic systems. For this, the monolithic and microkernel architectures are first compared. The resulting expectation is that microkernel-based systems use more energy than monolithic systems. This is mostly based on the fact that microkernel-based systems make more use of interprocess communication.
To test this expectation, multiple benchmarks were run on a small form factor desktop computer. The specific use case on which the benchmarks focused was general purpose desktop usage. To run the benchmarks on different kernel architectures, they were run on Fuchsia, Genode and a Linux-based system. For the measurement of energy usage, an external power monitor was used. The results show that in most cases, microkernel-based systems use more energy. In certain cases, microkernel-based systems were observed to have an energy usage similar to monolithic systems.

Submitted: 08/2024

Supervisors: Prof. Dr.-Ing. Timo Hönig, Benedict Herzog, M.Sc.

Submitted: 08/2024

Supervisors: Prof. Dr.-Ing. Timo Hönig, Henriette Herzog, M.Sc., Manuel Vögele, M.Sc.

Abstract:

Current desktop operating systems are dominated by the monolithic architecture. Criticisms of this architecture include reduced modularity and being less resilient against crashes. This is because a high number of components share the same address space within the kernel. The entire system can be affected by a fault in a single component, leading to a crash.
An alternative, the microkernel architecture, is an attempt at improving this. Components that were previously part of the kernel are moved into regular processes. This introduces a strong layer of isolation between these components. As a result, both modularity and the resilience against system crashes is improved.
The goal of this thesis is to analyse the energy efficiency of microkernel-based operating systems and compare it with monolithic systems. For this, the monolithic and microkernel architectures are first compared. The resulting expectation is that microkernel-based systems use more energy than monolithic systems. This is mostly based on the fact that microkernel-based systems make more use of interprocess communication.
To test this expectation, multiple benchmarks were run on a small form factor desktop computer. The specific use case on which the benchmarks focused was general purpose desktop usage. To run the benchmarks on different kernel architectures, they were run on Fuchsia, Genode and a Linux-based system. For the measurement of energy usage, an external power monitor was used. The results show that in most cases, microkernel-based systems use more energy. In certain cases, microkernel-based systems were observed to have an energy usage similar to monolithic systems.

Submitted: 07/2024

Supervisors: Prof. Dr.-Ing. Timo Hönig, Henriette Herzog, M.Sc.

Abstract:

Resilient systems require guaranteed functionality even with an unreliable power supply. To ensure a consistent system state, systems need to detect supply outages in time and handle them accordingly. This requirement is essential when systems are equipped with non-volatile random-access memory (NVRAM). Using NVRAM, the main memory retains its contents across power loss. This allows systems with NVRAM to continue computations across system shutdowns without having to repeat them. Therefore, to ensure that the system can resume its execution after a power outage, the data has to be kept consistent. Part of a consistent system state are CPU registers and caches. For that purpose, it is important to prevent volatility of the remaining system state to reduce the overhead of maintaining a consistent system state across restarts. Previous approaches to ensuring data consistency utilized transactional systems or continuous checkpointing, which usually have a negative impact on the system’s efficiency.
Eichler et al. introduced the concept of the Powerfail Interrupt (PFI) [Eic+21a][Eic+21b], which gets called by the uninterruptible power supply (UPS) on power loss and initiates the checkpointing routine to save the value of all general purpose registers and the stack pointer. This also removes the need for power-state polling, saving additional resources. The PFI can be used in dynamic, resilient datacenters, powered mainly by regenerative resources to quickly adapt systems, by powering up or down, according to the energy mix to be energy efficient and minimize their carbon footprint. Additionally, heterogeneous datacenters can use the PFI to quickly start and stop nodes on demand.
This thesis discusses an implementation of a powerfail interrupt (PFI) on x86-64 to make the Neverlast operating system nearly persistent with minimal overhead and energy consumption. Therefore, a software to manage state preservation is no longer required. The only remaining volatile part of Neverlast would be the hardware configuration. The PFI is part of a Linux kernel module. The kernel module registers the interrupt service routine (ISR) for the PFI, which will be called once the power supply stops. The ISR initiates the backup routine to ensure a consistent system state by saving all general purpose registers, the stack pointer and a valid flag to a specific segment in the NVRAM. Once the power is restored, the kernel module checks the NVRAM for a valid backup and restore it to resume the program execution where it stopped. This approach failed due to multiple issues. In this thesis, the challenges of implementing a PFI will be discussed and alternative approaches will be presented to solve these challenges.
The implementation was evaluated based on power consumption, power outage detection latency and performance, showing a reduced energy demand by 2.5% and reduced hibernation latency by 4.2% compared to suspend-to-disk. Additional approaches are proposed to improve the PFI.

Submitted: 05/2024

Supervisors: Prof. Dr.-Ing. Timo Hönig, Manuel Vögele, M.Sc.

Submitted: 03/2024

Supervisors: Prof. Dr.-Ing. Timo Hönig, Manuel Vögele, M.Sc.

Abstract:

In recent years, multiple central processing unit (CPU) side-channel vulnerabilities, like Spectre and Meltdown, have been discovered. They affect, among others, the latest CPUs from Intel and AMD, but also older ones, some of which even date back to 1995. Attackers can exploit
these vulnerabilities by running malicious code on a victim’s machine and stealing sensitive information. Fixing these vulnerabilities is only possible for new hardware generations, and the only way to mitigate these vulnerabilities on existing hardware is by modifying the CPU microcode or by modifying operating systems (OSs) and applications. These mitigations often come with a significant performance overhead, thus increasing the costs of running computing systems. To minimize this overhead, a solution is proposed that allows automatic enabling and disabling of the mitigations based on the current security requirements. The solution consists of a service that is responsible for monitoring the security requirements and controlling the mitigations accordingly and a Rust library that allows applications to signal their security requirements to the service. That allows the time window where the mitigations are active to be minimized while providing a secure computing environment for all applications running on the system. The results show that the proposed solution can significantly reduce the performance overhead of the mitigations, depending on the mitigation overhead and the workloads executed on a system.

Submitted: 08/2023

Supervisors: Prof. Dr.-Ing. Timo Hönig, Henriette Hofmeier, M.Sc.

Abstract

Speculative side-channel attacks like Spectre affect a wide range of modern processors. The various introduced mitigations against them are often associated with overheads. These are usually solely measured in performance metrics. But given the climate crisis on our planet and the ongoing shift to ever more cloud based services, the impact on energy consumption caused by such mitigations is becoming increasingly important. For this reason, this thesis aims to address the following research questions for all currently available Spectre variant 1 & 2 mitigations:

1. Where are differences in overheads between widely used processors from Intel and AMD?
2. Which part of the mitigations introduce the majority of observable overheads?
3. How do performance and energy overheads relate to each other?

In order to answer these questions, two test systems based on an Intel and AMD processor are tested for both energy and performance overheads. The test procedure consists of microbenchmarks and simultaneous energy measurements of as much as possible separated mitigation parts.
The results reveal that the tested AMD processor is less affected by Spectre-V1, though similarly affected by Spectre-V2 as the Intel processor. Depending on the benchmark, the individual mitigations show varying degrees of overhead. The illustrations of chapter four provide orientation to decide which mitigations are appropriate for a specific application, weighing overheads against security needs. Moreover, performance and energy overheads mostly correlate, but are not always completely congruent. Which implies that additional testing of mitigations in regards to potential energy overheads can help to identify further optimization potential and to make competent application related decisions on the mitigations to be enabled.

Submitted: 07/2023

Supervisors: Prof. Dr.-Ing. Timo Hönig, Henriette Hofmeier, M.Sc.

Abstract

Modern CPUs utilize simultaneous multithreading (SMT) to increase computational performance. This feature reduces the idle time of physical CPU cores by following two threads, also called logical cores, to share a physical core. Implementations of SMT rely on microarchitectural buffers, which logical cores share. Various nuanced ways were discovered to exploit this shared circuitry in order to break the confidentiality of processed data, namely the vulnerabilities coined microarchitectual data sampling (MDS). A perfect mitigation to these exploits includes disabling SMT, which would in most cases decrease a system’s performance significantly and in turn increase energy consumption, thus proving unfeasible most of the time. There exists a tradeoff between a system’s security and efficiency in respect to distinguished scenarios, which differ in applied mitigations, workload and overall system configuration. Choosing a feasible tradeoff blindly among this variety is not trivial and therefore not advisable.
This choice should be based on a comprehensible investigation adapted to the specific scenario a systems administrator is facing. Therefore this thesis presents a framework to enable execution of these sets of scenarios, take measurements and allow for easy comparison thereof in regard to the impact they have on the energy efficiency of a system or application. The framework should provide guidance to a systems administrator.

The framework is used for an examination of micro- and macro-benchmarks to give insight
into the energy efficiency of different scheduling methods. This includes the utilization of the core scheduling (CS) feature, a partial mitigation for the MDS vulnerability, and the abdication of simultaneous multithreading (SMT). Furthermore the analysis of the data generated with the framework raises questions about the sanity of the method of data collection, which are discussed and ultimately contribute to a revision of the framework’s method of data collection.
The findings show that the utilization of the core scheduling (CS) feature, while not fully mitigating the vulnerability, is generally a significantly more energy efficient method to reduce the attack surface for MDS vulnerabilities than disabling SMT for non-idle systems. While the analysis of this thesis does not cover the whole spectrum of mitigation variations, the implemented framework is capable of being extended to respect them.

Submitted: 06/2023

Supervisors: Benedict Herzog, M.Sc., Prof. Dr.-Ing. Timo Hönig

Abstract

In the wake of climate change and other issues affecting the energy sector, the production and consumption of energy has become a prominent topic of discussion. Solutions for both conserving energy and preserving the stability of energy supply, while restructuring the energy production, are sought after. These changes also impact the area of computing, with the range of energy consuming hardware in this area spanning from small low-power devices like smartphones to large infrastructure like data centres. The demand for inspecting and optimising the energy efficiency of the employed computer systems and the software running on them steadily increases.
Due to the increasing demand for energy-efficient computing there is a need to not only optimise for energy efficiency on the hardware level, but also on the software side. To be able to analyse and then optimise a software in terms of energy efficiency detailed measurements of its energy usage are required. This relies on the availability of hardware that provides the energy-demand data for the parts of the system used when the software is executed. To efficiently optimise software it is key to be able to quickly identify the parts of the software that lead to high resource usage, according to the used metric. An approach to this is to measure the used resources per function of the software.
The problem this thesis tries to address is enabling such optimisations in regard to the energy
usage of software, by creating visualisations that display the energy usage of each function of the software. The aim is to have new options for energy demand measurement and visualisation similar to those that were already available for other metrics, like the runtime CPU usage of software.

The scope of this thesis is to provide these measurements and visualisations for software on Linux systems. To accomplish this, methods to collect energy measurements on Linux are investigated. With the chosen method, tools are created to collect the required energy data and information about the software that is analysed. In addition, tools are created to process this data and to create visualisations from it. The chosen method for the energy measurements is querying event counters provided by the Running Average Power Limit (RAPL) CPU feature using the perf_events Linux kernel subsystem.
The created tools gather the current stack-frames of the profiled program at user-specified energy usage thresholds. The visualisation type chosen to create are Flame Graphs, as these are suited for the task of displaying resource usage of functions. Therefore, part of this thesis was the development of scripts to transform the gathered stack-frames into the input format for Flame Graphs. With the transformed data Flame Graphs displaying energy-demand per function can be created with an unmodified Flame Graph implementation.
With the results of this work it is possible to profile Linux software in terms of energy demand and create Flame Graphs displaying the energy demand per function. This allows quickly identifying which functions are good targets for optimising to reduce their energy usage.

Student: Henriette Hofmeier (handed in on 24.06.2022)

Supervisors: Prof. Dr.-Ing. Timo Hönig, Prof. Dr.-Ing. habil. Wolfgang Schröder-Preikschat, Stefan Reif, M.Sc., Luis Gerhorst, M.Sc., Christian Eichler, M.Sc.

Abstract:

Providing secure systems, for example, in computing centers, is an essential task of service providers. Vulnerabilities threatening secure execution are not only located in defective software but can also be found in the hardware itself. Hardware vulnerabilities, such as Spectre, Meltdown, and Microarchitectural Data Sampling, pose significant security concerns and can leave systems vulnerable to attacks extracting privileged information. As these vulnerabilities are often unfixable for already deployed hardware, software developers in general and operating system developers, in particular, go to great lengths to mitigate these attacks. These mitigations typically come with significant performance overheads, especially if speculative execution has to be restricted. Due to differences in the data they handle and security concerns, in general, processes may require varying degrees of
protection. Thus, mitigations may only be required for short time spans or individual processes – if at all. The mainline Linux kernel does not offer run-time control for all mitigations. For some exploits, multiple mitigations may be available that differ in the underlying protection mechanism and in their overhead on performance and efficiency.

This thesis presents dynamic reconfiguration of hardware-vulnerability mitigations in the Linux kernel. By adapting the mitigation configurations to the current workload, the system’s performance and energy efficiency can be optimized as the overhead of unnecessarily enabled mitigations is removed. Also, if multiple protection mechanisms are available for a specific vulnerability, a reconfiguration service determines the optimal configuration depending on workload characteristics, hardware, and system state. Dynamic control of mitigations that are only configurable at boot time in the mainline kernel is provided by a kernel module and kernel extensions. By utilizing code patching at run time, mitigations are omitted from the control flow if the respective mitigation is disabled. Combined, the service, kernel module, and kernel extensions provide the dynamic reconfiguration of hardware-vulnerability mitigations. The evaluation shows that using dynamic reconfigurations and adapting mitigation configurations to the system state has the potential to improve the system’s efficiency significantly. The evaluation also shows that the design and implementation of dynamic reconfiguration of hardware-vulnerability mitigations, as presented in this thesis, can be integrated into the Linux kernel with only minimal run-time overhead. Thus, this thesis provides the means for future research into the optimization of hardware-vulnerability mitigation reconfigurations.

Supervisors: Benedict Herzog, M.Sc., Tim Rheinfels, M.Sc.,  Prof. Dr.-Ing. habil. Wolfgang Schröder-Preikschat

Supervisors: Christian Eichler, M.Sc., Prof. Dr.-Ing. Timo Hönig

Supervisors: Christian Eichler, M.Sc., Prof. Dr.-Ing. Timo Hönig