About
90
Publications
24,524
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
596
Citations
Introduction
Additional affiliations
December 2019 - present
September 2015 - November 2019
October 2014 - August 2015
Publications
Publications (90)
System call filtering is widely used to secure programs in multi-tenant environments, and to sandbox applications in modern desktop software deployment and package management systems. Filtering rules are hard to write and maintain manually, hence generating them automatically is essential. To that aim, analysis tools able to identify every system c...
Decomposing large systems into smaller components with limited privileges has long been recognized as an effective means to minimize the impact of exploits. Despite historical roots, demonstrated benefits, and a plethora of research efforts in academia and industry, the compartmentalization of software is still not a mainstream practice. This paper...
OS-capable embedded systems exhibiting a very low power consumption are available at an extremely low price point. It makes them highly compelling in a datacenter context. We show that sharing long-running, compute-intensive datacenter workloads between a server machine and one or a few connected embedded boards of negligible cost and power consump...
Buffer overflow is a widespread memory safety violation in C/C++, reported as the top vulnerability in 2022. Secure memory allocators are generally used to protect systems against attacks that may exploit buffer overflows. Existing allocators mainly rely on two types of countermeasures to prevent or detect overflows: canaries and guard pages, each...
Contrary to CPU, memory, and network, disk virtualization is peculiar, for which virtualization through direct access is impossible. We study virtual disk utilization in a large-scale public cloud and observe the presence of long snapshot chains, sometimes composed of up to 1,000 files. We then demonstrate, through experimental measurements, that s...
Write buffer overflow is a widespread and prevalent memory safety violation in C/C++, reported as the top vulnerability in 2022 and 2023. Secure memory allocators are generally used to protect systems against attacks that may exploit buffer overflows. Existing allocators mainly rely on two types of countermeasures to prevent or detect write overflo...
Supporting mainstream applications is fundamental for a new OS to have impact. It is generally achieved by developing a layer of compatibility allowing applications developed for a mainstream OS like Linux to run unmodified on the new OS. Building such a layer, as we show, results in large engineering inefficiencies due to the lack of efficient met...
Unikernels are single-application operating systems designed to run as virtual machines. They are popular in the cloud domain and are considered as a good alternative to containers due to the benefits they provide in terms of performance, low resource consumption, and security. This paper investigates the use of unikernels as a platform for HPC app...
Least-privilege separation decomposes applications into compartments limited to accessing only what they need. When compartmentalizing existing software, many approaches neglect securing the new inter-compartment interfaces, although what used to be a function call from/to a trusted component is now potentially a targeted attack from a malicious co...
Contrary to the other resources such as CPU, memory, and network, for which virtualization is efficiently achieved through direct access, disk virtualization is peculiar. In this paper, we make four contributions. Our first contribution is the characterization of disk utilization in a public large-scale cloud infrastructure. It reveals the presence...
Edge computing is a recent computing paradigm that brings cloud services closer to the client. Among other features, edge computing offers extremely low client/server latencies. To consistently provide such low latencies, services should run on edge nodes that are physically as close as possible to their clients. Thus, when the physical location of...
At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern application...
Unikernels are minimal single-purpose virtual machines. They are highly popular in the research domain due to the benefits they provide. A barrier to their widespread adoption is the difficulty/impossibility to port existing applications to current unikernels.
HermiTux
is the first unikernel providing system call-level binary compatibility with L...
Datacenter servers are increasingly heterogeneous: from x86 host CPUs, to ARM or RISC-V CPUs in NICs/SSDs, to FPGAs. Previous works have demonstrated that migrating application execution at run-time across heterogeneous-ISA CPUs can yield significant performance and energy gains, with relatively little programmer effort. However, FPGAs have often b...
Memory corruption bugs continue to plague low-level systems software generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerab...
Au moment de leur conception, les systèmes d'exploitation modernes implémentent une stratégie de sécurité et d'isolation bien précise reposant sur un ou plusieurs mécanismes logiciels ou matériels. Pour des raisons de coût, ce choix est rarement revisité après déploiement. Cette approche classique est limitée lorsque les protections matérielles vie...
Article shepherded by: Rik Farrow Thanks to their excellent performance, unikernels have always had a great deal of potential for revolutionizing the efficiency of virtualization and cloud deployments. However, after many years and several projects, unikernels, for the most part, have not seen significant, real-world deployment. In this article we...
Memory corruption bugs continue to plague low-level systems software generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerab...
Memory corruption bugs continue to plague low-level systems software generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerab...
Tracing is a popular method for evaluating, investigating, and modeling the performance of today's storage systems. Tracing has become crucial with the increase in complexity of modern storage applications/systems, that are manipulating an ever-increasing amount of data and are subject to extreme performance requirements. There exists many tracing...
OS design is traditionally heavily intertwined with protection mechanisms. OSes statically commit to one or a combination of (1) hardware isolation, (2) runtime checking, and (3) software verification early at design time. Changes after deployment require major refactoring; as such, they are rare and costly. In this paper, we argue that this strate...
We present FoxDec: an approach to C code decompilation that aims at producing sound and recompilable code. Formal methods are used during three phases of the decompilation process: control flow recovery, symbolic execution, and variable analysis. The use of formal methods minimizes the trusted code base and ensures soundness: the extracted C code b...
Attacks on the heap are an increasingly severe threat. State-of-the-art secure dynamic memory allocators can offer protection, however their memory footprint is high, making them suboptimal in many situations. We introduce Slim-Guard, a secure allocator whose design is driven by memory efficiency. Among other features, SlimGuard uses an efficient f...
Future computer platforms will likely be built with a multitude of on-chip and off-chip processing units being potentially of different ISAs, OS-capable, and sharing memory with a form of consistency. Multiple-kernel OSes, from multikernels to single-system image OSes, have been demonstrated to mange such platforms efficiently, but they assume no s...
OS-capable embedded systems exhibiting a very low power consumption are available at an extremely low price point. It makes them highly compelling in a datacenter context. In this paper we show that sharing long-running, compute-intensive datacenter HPC workloads between a server machine and one or a few connected embedded boards of negligible cost...
Unikernels are minimal single-purpose virtual machines. They are highly popular in the research domain due to the benefits they provide. A barrier to their widespread adoption is the difficulty/impossibility to port existing applications to current unikernels. HermiTux is the first unikernel providing binary-compatibility with Linux applications. I...
Kernel information leak vulnerabilities are a major security threat to production systems. Attackers can exploit them to leak confidential information such as cryptographic keys or kernel pointers. Despite efforts by kernel developers and researchers, existing defenses for kernels such as Linux are limited in scope or incur a prohibitive performanc...
In this paper, we investigate the effectiveness of multiprocessor architectures with ISA-different cores for executing HPC workloads. Our envisioned design point in the heterogeneous architecture space is one with multiple cache-coherency domains, with each domain hosting cores of a different ISA and no coherency between domains. We prototype such...
4 zettaoctets de données générées en 2013, 44 à l’horizon 2020 et 185 en 2025. Ces chiffres donnent le vertige. Ils illustrent parfaitement cette nouvelle ère du déluge de données, devenues un enjeu économique et sociétal majeur et dont le traitement se fait à la vitesse du maillon le plus faible dans un système informatique : le système de stockag...
The datacenter is becoming fully heterogeneous, integrating multiple OS-capable CPUs of different Instruction Set Architectures in separate machines. These machines present diverse performance and power consumption profiles and we show that significant potential benefits for both metrics can be expected, should these machines be able to cooperate i...
The ability to quickly set up and tear down a virtual machine is critical for today's cloud elasticity, as well as in numerous other scenarios: guest migration/consolidation, event-driven invocation of micro-services, dynamically adaptive unikernel-based applications, micro-reboots for security or stability, etc.
In this paper, we focus on the proc...
The ability to quickly set up and tear down a virtual machine is critical for today's cloud elasticity, as well as in numerous other scenarios: guest migration/consolidation, event-driven invocation of micro-services, dynamically adaptive unikernel-based applications, micro-reboots for security or stability, etc.
In this paper, we focus on the proc...
In the embedded systems domain, obtaining performance and power consumption estimations is extremely valuable in numerous cases. This is particularly true during the design stage, as designers of complex embedded systems face an increasingly large design space. Secondary storage is a well-known performance bottleneck and has also been reported as a...
Flash memories based storage systems have some specific constraints leading designers to encapsulate some management services into a hardware/software layer called the Flash Translation Layer (FTL). The performance of flash based storage systems such as Solid State Drives (SSDs) are strongly driven by the FTL intricacies and also by a cache system...
The Linux Read-Ahead mechanism has been designed to bridge
the gap between the secondary storage low performance and I/O
read-intensive applications for personal computers and servers.
This paper revisits the efficiency of this mechanism for embedded
Linux using flash memory as secondary storage, which is the case
for most embedded systems. Indeed,...
Integration of NAND flash memory in the traditional I/O
software stack of Unix-like op erating systems (OS) was achieved
without mo difying most of the OS layers. In fact, one can
disso ciate two categories of flash memory devices: (1) those
which intricacies are abstracted to the OS (e.g. SSDs, USB
sticks), and (2) raw flash memory chips driven by...
Controlling and optimizing embedded system performance and power consumption is critical. In this context, estimation techniques are used when performing measurement campaigns is difficult due to time or financial constraints. This work targets the performance and power consumption evaluation of the secondary storage service in an embedded operatin...
Databases are more and more used in embedded system applications and especially in consumer electronics. This comes from the need to structure user and/or system data to be more efficiently managed and accessed. The transactional database management systems widely used in embedded systems have been designed considering hard disk drives as the stora...
This paper presents a cache-aware configurable hybrid flash translation layer (FTL), named CACH-FTL. It was designed based on the observation that most state-of-the-art flash-specific cache systems above FTLs flush groups of pages belonging to the same data block. CACH-FTL relies on this characteristic to optimize flash write operations placement...
Databases are more and more used in embedded system applications and especially in consumer electronics. This comes from the need to structure user and/or system data to be more efficiently managed and accessed. SQLite is one of the most used database applications. This paper presents a micro benchmarking methodology and results for SQLite database...
This paper presents Flashmon version 2, a tool for monitoring embedded Linux
NAND flash memory I/O requests. It is designed for embedded boards based
devices containing raw flash chips. Flashmon is a kernel module and stands for
"flash monitor". It traces flash I/O by placing kernel probes at the NAND
driver level. It allows tracing at runtime the...
This paper presents Flashmon version 2, a tool for monitoring embedded Linux NAND flash memory I/O requests. It is designed for embedded boards based devices containing raw flash chips.
Flashmon is a kernel module and stands for "flash monitor". It traces flash I/O by placing kernel probes at the NAND driver level. It allows tracing at runtime the...
This paper presents a set of models dedicated to describe a flash storage
subsystem structure, functions, performance and power consumption behaviors.
These models cover a large range of today's NAND flash memory applications.
They are designed to be implemented in simulation tools allowing to estimate
and compare performance and power consumption...
This paper presents a set of models dedicated to describe a flash storage subsystem structure, functions, performance and power consumption behaviors. These models cover a large range of today's NAND flash memory applications. They are designed to be implemented in simulation tools allowing to estimate and compare performance and power consumption...
This paper presents a methodology for modeling performance and power consumption of NAND flash memory I/O operations. This study focuses on embedded systems executing the Linux Operating System (OS), equipped with bare flash chips (e.g. smartphones, tablets, routers, etc). Bare flash chips are fully managed by the Linux OS through some specific fla...
Les mémoires flash deviennent aujourd’hui le principal média de stockage dans l’informatique mobile, et tendent à être moins confinées à ce domaine. Les faibles performances en écriture font que cette technologie n’est pas assez mature pour une utilisation à grande échelle en entreprise. La contrainte majeure est le nombre limité d’effacements, pro...
NAND Flash memories gained a solid foothold in the embedded systems domain due to its attractive characteristics in terms of size, weight, shock resistance, power consumption, and data throughput. Moreover, flash memories tend to be less confined to the embedded domain, as it can be observed through the market explosion of flash-based storage syste...
Many hybrid Flash Translation Layer (FTL) schemes have been proposed to leverage the erase-before-write and limited lifetime constraints of flash memories. Those schemes try to approach page mapping performance and flexibility while seeking block mapping memory usage. Furthermore, flash-specific cache systems were designed (1) to maximize lifetime...
NAND flash memories are currently the de facto secondary storage technology in the embedded system domain thanks to their benefits mainly in terms of energy consumption, I/O performance, and data storage density. This Non-Volatile Memory (NVM) technology has even made substantial strides into enterprise storage systems. However, flash memories have...
Prices of NAND flash memories are falling drastically due to market growth and fabrication process mastering while research efforts from a technological point of view in terms of endurance and density are very active. NAND flash memories are becoming the most important storage media in mobile computing and tend to be less confined to this area. The...
Today, flash memory are strongly used in the embedded system domain. NAND
flash memories are the building block of main secondary storage systems. Such
memories present many benefits in terms of data density, I/O performance, shock
resistance and power consumption. Nevertheless, flash does not come without
constraints: the write / erase granularity...
Due to its attractive characteristics in terms of performance, weight and power consumption, NAND flash memory became the main non volatile memory (NVM) in embedded systems. Those NVMs also present some specific characteristics/constraints: good but asymmetric I/O performance, limited lifetime, write/erase granularity asymmetry, etc.
Those peculiar...
Nowadays, the use of embedded operating systems in different embedded
projects is subject to a tremendous growth. Embedded Linux is becoming one of
those most popular EOSs due to its modularity, efficiency, reliability, and
cost. One way to make it hard real-time is to include a real-time kernel like
Xenomai. One of the key characteristics of a Rea...
NAND flash memories are the most important storage media in mobile computing and tend to be less confined to this area. Nevertheless, it is not mature enough to allow a widespread use. This is due to poor write operations' performance caused by its internal intricacies. The major constraint of such a technology is the reduced number of erases opera...
More and more enterprise servers storage systems are migrating toward flash based drives (Solid State Drives) thanks to their attractive characteristics. They are lightweight, power efficient and supposed to outperform traditional disks. The two main constraints of flash memories are: 1) the limited number of achievable write operations beyond whic...
Résumé — Ce papier s'inscrit dans un projet d'implémentation sur plateforme reconfigurable d'un système d'exploitation temps-réel à base de composants. Ces composants peuvent être à l'état logiciel ou matériel. Ils peuvent être configurés en phases de conception, et reconfigurés de manière dynamique en phase d'exécution. Sous certains scénarios, un...