ORC: Increasing cloud memory density via object reuse with capabilities
File(s)osdi23-sartakov.pdf (833.02 KB)
Published version
Author(s)
Type
Conference Paper
Abstract
Cloud environments host many tenants, and typically there
is substantial overlap between the application binaries and
libraries executed by tenants. Thus, memory de-duplication
can increase memory density by allocating memory for shared binaries only once. Existing de-duplication approaches, however, either rely on a shared OS to de-deduplicate binary objects, which provides unacceptably weak isolation; or exploit hypervisor-based de-duplication at the level of memory pages, which is blind to the semantics of the objects to be shared.
We describe Object Reuse with Capabilities (ORC), which
supports the fine-grained sharing of binary objects between
tenants, while isolating tenants strongly through a small
trusted computing base (TCB). ORC uses hardware sup-
port for memory capabilities to isolate tenants, which permits shared objects to be accessible to multiple tenants safely. Since ORC shares binary objects within a single address space through capabilities, it uses a new relocation type to create per-tenant state when loading shared objects. ORC supports the loading of objects by an untrusted guest, outside of its TCB, only verifying the safety of the loaded data. Our experiments show that ORC achieves a higher memory density with a lower overhead than hypervisor-based de-deduplication.
is substantial overlap between the application binaries and
libraries executed by tenants. Thus, memory de-duplication
can increase memory density by allocating memory for shared binaries only once. Existing de-duplication approaches, however, either rely on a shared OS to de-deduplicate binary objects, which provides unacceptably weak isolation; or exploit hypervisor-based de-duplication at the level of memory pages, which is blind to the semantics of the objects to be shared.
We describe Object Reuse with Capabilities (ORC), which
supports the fine-grained sharing of binary objects between
tenants, while isolating tenants strongly through a small
trusted computing base (TCB). ORC uses hardware sup-
port for memory capabilities to isolate tenants, which permits shared objects to be accessible to multiple tenants safely. Since ORC shares binary objects within a single address space through capabilities, it uses a new relocation type to create per-tenant state when loading shared objects. ORC supports the loading of objects by an untrusted guest, outside of its TCB, only verifying the safety of the loaded data. Our experiments show that ORC achieves a higher memory density with a lower overhead than hypervisor-based de-deduplication.
Date Issued
2023-07-10
Date Acceptance
2023-07-01
Citation
Proceedings of the 17th USENIX symposium on operating systems design and implementation, OSDI 2023, 2023, pp.573-587
ISBN
978-1-939133-34-2
Publisher
USENIX Assoc
Start Page
573
End Page
587
Journal / Book Title
Proceedings of the 17th USENIX symposium on operating systems design and implementation, OSDI 2023
Copyright Statement
© USENIX Association 2023. Open access to the Proceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation is sponsored by King Abdullah University of Science and Technology.
Identifier
https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=PARTNER_APP&SrcAuth=LinksAMR&KeyUT=WOS:001066453900032&DestLinkType=FullRecord&DestApp=ALL_WOS&UsrCustomerID=a2bf6146997ec60c407a63945d4e92bb
Source
17th USENIX Symposium on Operating Systems Design and Implementation (OSDI)
Subjects
Computer Science
Computer Science, Hardware & Architecture
Computer Science, Software Engineering
Computer Science, Theory & Methods
DEDUPLICATION
Science & Technology
SUPPORT
Technology
Publication Status
Published
Start Date
2023-07-10
Finish Date
2023-07-12
Coverage Spatial
MA, Boston, USA