Support for multimedia applications by general purpose computing platforms has been the subject of considerable research. Much of this work is based on an evolutionary strategy in which small changes to existing systems are made. The approach adopted here is to start ab initio with no backward compatibility constraints. This leads to a novel structure for an operating system. The structure aims to decouple applications from one another and to provide multiplexing of all resources, not just the CPU, at a low level. The motivation for this structure, a design based on the structure, and its implementation on a number of hardware platforms is described. I. Introduction G ENERAL purpose multimedia computing platforms should endow text, images, audio and video with equal status: interpreting an audio or video stream should not be a privileged task of special functions provided by the operating system, but one of ordinary user programs. Support for such processing on a platform on which ot...

We describe a two-dimensional architecture for defending against denial of service attacks. In one dimension, the architecture accounts for all resources consumed by each I/O path in the system; this accounting mechanism is implemented as an extension to the path object in the Scout operating system. In the second dimension, the various modules that define each path can be configured in separate protection domains; we implement hardware enforced protection domains, although other implementations are possible. The resulting system---which we call Escort---is the first example of a system that simultaneously does end-to-end resource accounting (thereby protecting against resource based denial of service attacks where principals can be identified) and supports multiple protection domains (thereby allowing untrusted modules to be isolated from each other). The paper describes the Escort architecture and its implementation in Scout, and reports a collection of experiments that measure the c...

In contemporary operating systems, continuous media (CM) applications are sensitive to the behaviour of other tasks in the system. This is due to contention in the kernel (or in servers) between these applications. To properly support CM tasks, we require “Quality of Service Firewalling” between different applications. This paper presents a memory management system supporting Quality of Service (QoS) within the Nemesis operating system. It combines application-level paging techniques with isolation, exposure and responsibility in a manner we call self-paging. This enables rich virtual memory usage alongside (or even within) continuous media applications. 1

In this paper, we argue that conventional operating systems need to be enhanced with predictable resource management mechanisms to meet the diverse performance requirements of emerging multimedia and web applications. We present QLinux---a multimedia operating system based on the Linux kernel that meets this requirement. QLinux employs hierarchical schedulers for fair, predictable allocation of processor, disk and network bandwidth, and accounting mechanisms for appropriate charging of resource usage. We experimentally evaluate the efficacy of these mechanisms using benchmarks and real-world applications. Our experimental results show that (i) emerging applications can indeed benefit from predictable allocation of resources, and (ii) the overheads imposed by the resource allocation mechanisms in QLinux are small. For instance, we show that the QLinux CPU scheduler can provide predictable performance guarantees to applications such as web servers and MPEG players, albeit at the expense of increasing the scheduling overhead from 1 s to 4 s. We conclude from our experiments that the benefits due to the resource management mechanisms in QLinux outweigh their increased overheads, making them a practical choice for conventional operating systems.

Many networked applications could benefit from executing closer to the data or services with which they interact. By doing this they may be able to circumvent long communication latencies or avoid transferring data over congested or expensive network links. However, no public infrastructure currently exists that enables this. We propose a system that can execute code supplied by an untrusted user, yet can charge this user for all resources consumed by the computation. Such servers could be deployed at strategic locations throughout the Internet, enabling network users such as content providers to distribute components of their applications in a manner that is both efficient and economical. We call such a server a Xenoserver 1 . This paper discusses the construction of such a system, examining how accounting, billing, and quality of service provision can be achieved. 1. Introduction It is increasingly recognised that the prevailing model of computation for networked applications is ...

Abstract not found

. Existing research into active networking has addressed the design and evaluation of programming environments. Testbeds have been implemented on traditional operating systems, deferring issues regarding resource control. This paper describes the architecture, resource models and prototype implementation of the Resource Controlled Active Network Environment (Rcane). Rcane supports an active network programming model over the Nemesis Operating System, providing robust control and accounting of system resources, including CPU and I/O scheduling, and garbage collection overhead. It is thus resistant to many classes of denial of service (DoS) attack. 1 Introduction Adding programmability to a network greatly increases its flexibility. However, with this flexibility comes greater complexity in the ways that network resources, including CPU, memory and bandwidth, may be consumed by end-users. In a traditional network, the resources consumed by an end-user at a network node are rou...

This paper describes a file system structure for supporting Quality of Service (QoS) guarantees. The device driver model clearly separates control- and datapath operations and presents a low-level of abstraction. The data-path module provides translation and protection of I/O requests enabling the file system layers to be executed as unprivileged code within shared libraries. Scheduling of low-level operations within the device driver is used to provide isolation between clients and Quality of Service guarantees. 1 Introduction A large proportion of the code executed on behalf of an application in a traditional operating system requires no additional privilege and does not, therefore, need to execute in a separate protection domain. Typically, code which must atomically and securely update important datastructures is rarely executed and usually associated with out-of-band operations such as opening or closing a file. It is only this code which must necessarily execute in a separate p...

The deployment of high speed, multiservice networks within the local area has meant that it has become possible to deliver continuous media data to a general purpose workstation. This, in conjunction with the increasing speed of modern microprocessors, means that it is now possible to write application programs which manipulate continuous media in real-time. Unfortunately, current operating systems do not provide the resource management facilities which are required to ensure the timely execution of such applications. This

The recent interest in single address space operating systems has resulted in a number of papers, most of which gloss over the issues of linking programs to run in multiple protection domains. Some of the confusion about 64-bit address spaces is due to the almost pervasive use of UNIX and UNIXlike operating systems (such as Mach, Chorus and Amoeba) and languages with poor enforcement of abstraction like C and C++. This paper describes some of the linkage structure of Nemesis, a multi-service operating system being developed as part of the Pegasus project. Nemesis provides a simple and efficient mechanism for program linkage which provides rich sharing of text at a level of individual object classes.