The Linux kernel has been applied in various security-sensitive fields, so ensuring its security is crucial. Vulnerabilities in the Linux kernel are usually caused by undefined behaviors of the C programming language, the most threatening of which are memory safety vulnerabilities. Both the software-based and hardware approaches to memory safety have disadvantages of poor performance, false positives, and poor compatibility. This paper explores the feasibility of using the safe programming language Rust to reconstruct a Linux kernel component and open-source the component's code. We leverage the Rust FFI mechanism to design a safe foreign interface layer to enable the reconstructed component to invoke other Linux functionalities, and then use Rust to reconstruct the component, during which we leverage Rust's type-safety and ownership mechanisms to improve its security, and finally export the C interface of the component to enable the invocation by the Linux kernel. The performance and memory overhead of the reconstructed component, referred to as “rOOM”, were evaluated, revealing a performance overhead of 8.9% in kernel mode, 5% in user mode, 3% in real time, and a memory overhead of 0.06%. These results suggest that it is possible to develop key components of the Linux kernel using Rust in terms of functionality, performance, and memory overhead.

Recently, Linux Container has been the de-facto standard for a cloud system, enabling cloud providers to create a virtual environment in a much more scaled manner. However, configuring container networks remains immature and requires automatic verification for efficient cloud management. We propose Verikube, which utilizes a novel graph structure representing policies to reduce memory consumption and accelerate verification. Moreover, unlike existing works, Verikube is compatible with the complex semantics of Cilium Policy which a cloud adopts from its advantage of performance. Our evaluation results show that Verikube performs at least seven times better for memory efficiency, at least 1.5 times faster for data structure management, and 20K times better for verification.

We propose a system time synchronization method between ARM-based embedded Linux systems. The master Linux with reference clock sends its own system time to the slave Linux via Transmission Control Protocol communication along with a general-purpose input/output (GPIO) signal, and then the slave Linux corrects its own system time by the difference between its own system time at receiving the GPIO signal and the received reference time. The synchronization performance is significantly improved by compensating for the GPIO signal detection latency and the system time acquisition and setting latencies in Linux. These latencies are precisely measured by exploiting the function of Cycle Counter register in ARM coprocessor. Extensive experiments are performed with two ARM-based embedded Linux systems, and the results demonstrate the validity and performance of the proposed synchronization method.

We improve the cycle time performance of EtherCAT networks with embedded Linux-based master by developing a Linux Ethernet driver optimized for EtherCAT operation. The Ethernet driver is developed to establish a direct interface between the master module and Ethernet controllers of embedded systems by removing the involvement of Linux network stack and the New API (NAPI) of standard Ethernet drivers. Consequently, it is achieved that the time-consuming memory copy operations are reduced and the process of EtherCAT frames is accelerated. In order to demonstrate the effect of the developed Ethernet driver, we set up EtherCAT networks composed of an embedded Linux-based master and commercial off-the-shelf slaves, and the experimental results confirm that the cycle time performance is significantly improved.

The authors have been researching on reducing the power consumption of microprocessors, and developed a low-power processor called “Geyser” by applying power gating (PG) function to the individual functional units of the processor. PG function on Geyser reduces the power consumption of functional units by shutting off the power voltage of idle units. However, the energy overhead of switching the supply voltage for units on and off causes power increases. The amount of the energy overhead varies with the behavior of each functional unit which is influenced by running application, and also with the core temperature. It is therefore necessary to switch the PG function itself on or off according to the state of the processor at runtime to reduce power consumption more effectively. In this paper, the authors propose a PG control method to take the power overhead into account by the operating system (OS). In the proposed method, for achieving much power reduction, the OS calculates the power consumption of each functional unit periodically and inhibits the PG function of the unit whose energy overhead is judged too high. The method was implemented in the Linux process scheduler and evaluated. The results show that the average power consumption of the functional units is reduced by up to 17.2%.

To support mobility, multihoming, routing scalability, and security, there are a lot of proposals based on ID/Locator split approach not only for the current Internet but also for the future Internet. However, none of them meet the requirements for practical operation such as (1) support heterogeneous network layer protocols, (2) scalability of ID/Locator mapping system, (3) independence of mapping information management, and (4) avoidance of locator leakage beyond the administrative boundary. This paper proposes a network layer protocol called Z Network Protocol (ZNP) for the future Internet based on the clean slate approach. ZNP supports heterogeneity of network layer protocols by “Internetworking with a Common ID Space”. Its mapping systems meet the requirements (1)–(4) described above. For manipulating the mapping systems, Z Control Message Protocol (ZCMP) is designed. For resolving the link layer (L2) address from the ZNP Locator, Z Neighbor Discovery Protocol (ZNDP) is designed. We implement ZNP and ZNDP in the Linux kernel, ZCMP in the user space and measure the times needed for transmission, reception, forwarding, and locator conversion. The results show the practicability of ZNP as a network layer protocol for the future Internet.

A Linux operating system release is composed of a large number of software packages, with complex dependencies. The management of dependency relationship is the foundation of building and maintaining a Linux operating system release, and checking the integrity of the dependencies is the key of the dependency management. The widespread adoption of Linux operating systems in many areas of the information technology society has drawn the attention on the issues regarding how to check the integrity of complexity dependencies of Linux packages and how to manage a huge number of packages in a consistent and effective way. Linux distributions have already provided the tools for managing the tasks of installing, removing and upgrading the packages they were made of. A number of tools have been provided to handle these tasks on the client side. However, there is a lack of tools that could help the distribution editors to maintain the integrity of Linux package dependencies on the server side. In this paper we present a method based on conflict to check the integrity of Linux package dependencies. From the perspective of conflict, this method achieves the goal to check the integrity of package dependencies on the server side by removing the conflict associating with the packages. Our contribution provides an effective and automatic way to support distribution editors in handling those issues. Experiments using this method are very successful in checking the integrity of package dependencies in Linux software distributions.

Secure operating systems (secure OSes) are widely used to limit the damage caused by unauthorized access to Internet servers. However, writing a security policy based on the principle of least privilege for a secure OS is a challenge for an administrator. Considering that remote attackers can never attack a server before they establish connections to it, we propose a novel scheme that exploits phases to simplify security policy descriptions for Internet servers. In our scheme, the entire system has two execution phases: an initialization phase and a protocol processing phase. The initialization phase is defined as the phase before the server establishes connections to its clients, and the protocol processing phase is defined as the phase after it establishes connections. The key observation is that access control should be enforced by the secure OS only in the protocol processing phase to defend against remote attacks. Since remote attacks cannot be launched in the initialization phase, a secure OS is not required to enforce access control in this phase. Thus, we can omit the access-control policy in the initialization phase, which effectively reduces the number of policy rules. To prove the effectiveness of our scheme, we wrote security policies for three kinds of Internet servers (HTTP, SMTP, and POP servers). Our experimental results demonstrate that our scheme effectively reduces the number of descriptions; it eliminates 47.2%, 27.5%, and 24.0% of policy rules for HTTP, SMTP, and POP servers, respectively, compared with an existing SELinux policy that includes the initialization of the server.

Recently, real-time media delivery services such as video streaming and VoIP have rapidly become popular. For these applications requiring high-level QoS guarantee, our research group has proposed a transport-layer approach to provide predictable throughput for upper-layer applications. In the present paper, we propose a congestion control mechanism of TCP for achieving predictable throughput. It does not mean we can guarantee the throughput, while we can provide the throughput required by an upper-layer application at high probability when network congestion level is not so high by using the inline network measurement technique for available bandwidth of the network path. We present the evaluation results for the proposed mechanism obtained in simulation and implementation experiments, and confirm that the proposed mechanism can assure a TCP throughput if the required bandwidth is not so high compared to the physical bandwidth, even when other ordinary TCP (e.g., TCP Reno) connections occupy the link.

We have developed an open-architecture router (OAR) prototype using industrial standard hardware, software components, and interfaces. The prototype is built with Advanced Telecom Computing Architecture (ATCA)-compliant hardware. Carrier-grade Linux (CGL) is used as the operating system. A new OAR configuration method is described where industrial standard hardware and software interfaces are used. Basic forwarding functions with routing protocol processing are demonstrated for the first time.

This paper presents an optimal load balancing algorithm based on both of the ANFIS (Adaptive Neuro-Fuzzy Inference System) modeling and the FIS (Fuzzy Inference System) for the local status of real servers. It also shows the substantial benefits such as the removal of load-scheduling overhead, QoS (Quality of Service) provisioning and providing highly available servers, provided by the suggested method.

IPv6 is realized as the next generation internet platform, succeeding the current IPv4 internet environment. Linux, one of the major operating systems, has supported IPv6 since 1996, however, the quality of the protocol stack has not been good enough for professional operation. In this paper, we show our IPv6 stack implementation design regarding the neighbor management in Neighbor Discovery Protocol (NDP), the routing table management and the packet processing using XFRM architecture. The implementation is designed based on the Serialized Data State Processing, which aims at simpler object management so as to achieve stable, flexible and extensible IPv6 stack. According to the TAHI IPv6 Protocol Conformance Test Suite, we can show our implementation achieves enough implementation quality.

Buffer caching is an integral part of the operating system. In this paper, we propose a scheme that integrates buffer cache management and prefetching via cache partitioning. The scheme, which we call SA-W2R, is simple to implement, making it a feasible solution in real systems. In its basic form, for buffer replacement, it uses the LRU policy. However, its modular design allows for any replacement policy to be incorporated into the scheme. For prefetching, it uses the LRU-One Block Lookahead (LRU-OBL) approach, eliminating any extra burden that is generally necessary in other prefetching approaches. Implementation studies based on the GNU/Linux kernel version 2.2.14 show that the SA-W2R performs better than the scheme currently used, with a maximum increases of 23% for the workloads considered.