ATLAS: Adaptable Thread-Level Address Spaces (DFG: LO 1719/7-1 and DI 2840/1-1)

ATLAS is a joint project with TUHH (Co-PI: Christian Dietrich).

Traditionally, an OS process contains a single address space with code and data segments that are shared among all of its threads. The fork() system call creates a new address space (and process) that, even though it starts as an exact clone of its ancestor, provides strong isolation between the respective threads by means of copy-on-write.

The core idea of ATLAS is to provide processes with additional address spaces that are, however, kept in sync with their ancestor: Changes to one of them – we call them address-space views – become immediately visible in the others. Views diverge only in explicitly specified areas. As they still belong to the same process, the threads of this process can be migrated individually between views.

Address-space views provide an efficient mean to implement temporary or permanent thread-level variations in the "view of the world", while threads can still interact with each other regarding the shared parts. In the figure, the code segment diverges and provides a thread-specific variation (e.g., an client-specific optimization or restriction of functionality), while the data segment is shared, so that th1 can still transparently interact with th2 and th3. Such variations can be arbitrary small or complex. They can be prepared in the background in a new view and atomically applied to individual threads by migrating them to the new address space.

Implementation

Address-space views are currently implemented as an extension for the Linux Kernel. The source code is available on Github (luhsra/linux-mmview).

Applications

In our OSDI '20 paper, we present a first application of these technique to implement WfPatch, a wait-free dynamic code-patching approch for large multi-threaded server applications.

People

Dominik Töllner (M.Sc.)

Florian Rommel (M.Sc.)

Prof. Dr.Ing. Christian Dietrich

Prof. Dr.-Ing. habil. Daniel Lohmann

Latest News

2023-07-10 MELF: Multivariant Executables for a Heterogeneous World at USENIX ATC '23

Dominik Töllner presents our paper MELF: Multivariant Executables for a Heterogeneous World at the 2023 USENIX Annual Technical Conference (ATC '23) in Boston, MA, USA. In the paper we present the Multivariant ELF (MELF) approach, which makes it possible to provide multiple per-function compile-time variants within the same binary and flexibly switch between them at run-time, optionally on a per-thread granularity. As MELFs are implemented on binary level (linker, loader), they do not depend on specific language features or compilers and can be easily applied to existing projects. In case studies with SQLite, memcached, MariaDB and a benchmark for heterogeneous architectures with overlapping ISAs, we show how MELFs can be employed to provide per-client performance isolation of expensive compile-time security or debugging features and adapt to extended instruction sets, when they are actually available. The support for MELFs is an important buliding block for our ATLAS project and also related to the ParPerOS project.

2023-06-18 Thread-Level Attack-Surface Reduction at LCTES '23

Florian Rommel presents our paper Thread-Level Attack-Surface Reduction at the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES '23) in Orlando, FL, USA. In the paper we present a new debloating technique to reduce the attack surface in running multi-threaded server processes. Unlike existing approaches, which can eliminate code only in shared libraries and for the whole process, thread-level attack-surface reduction (TLASR) eliminates unused code on a per-thread level. Technically, this works by deriving thread-specific text segment views, which in Linux are implemented by mmview concept we introduced in our OSDI '20 paper. In MariaDB, Memcached, OpenSSH and Bash we thereby reduce the number of ROP gadgets by 78–97 percent, rendering an auto-ROP utilitiy ineffective and eliminating all CVE-related functions ever reported for glibc in 97 percent of the case. TLASR is related to the ATLAS project.

Publications

USENIX Conference A Distinguished Artifact Award LLFree: Scalable and Optionally-Persistent Page-Frame Allocation

Lars Wrenger, Florian Rommel, Alexander Halbuer, Christian Dietrich, Daniel Lohmann2023 USENIX Annual Technical Conference (USENIX '23)USENIX Association2023Distinguished Artifact Award.
PDF Details Slides [BibTex]

USENIX Conference A MELF: Multivariant Executables for a Heterogeneous World

Dominik Töllner, Christian Dietrich, Illia Ostapyshyn, Florian Rommel, Daniel Lohmann2023 USENIX Annual Technical Conference (USENIX '23)USENIX Association2023.
PDF Details [BibTex]

LCTES Conference B Thread-Level Attack-Surface Reduction

Florian Rommel, Christian Dietrich, Andreas Ziegler, Illia Ostapyshyn, Daniel LohmannProceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded SystemsACM Press2023.
PDF Details Slides 10.1145/3589610.3596281 [BibTex]

SIGMOD Conference A* Virtual-Memory Assisted Buffer Management

Viktor Leis, Adnan Alhomssi, Tobias Ziegler, Yannick Loeck, Christian DietrichProceedings of the ACM SIGMOD/PODS International Conference on Management of Data (SIGMOD'23)ACM2023.
PDF 10.1145/3588687 [BibTex]

LCTES Conference B reUpNix: Reconfigurable and Updateable Embedded Systems

Niklas Gollenstede, Ulf Kulau, Christian DietrichProceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded SystemsACM Press2023.
PDF Slides Raw Data 10.1145/3589610.3596273 [BibTex]

OSDI Conference A* From Global to Local Quiescence: Wait-Free Code Patching of Multi-Threaded Processes

Florian Rommel, Christian Dietrich, Daniel Friesel, Marcel Köppen, Christoph Borchert, Michael Müller, Olaf Spinczyk, Daniel Lohmann14th Symposium on Operating System Design and Implementation (OSDI '20)2020.
PDF Details Video [BibTex]