S. McCanne. The Berkeley Packet Filter man page. BPF distribution available at ftp://ftp.ee.lbl.gov, May 1991.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....the Emulation Server machine as the node s default router, so any IP packets A or B attempt to send go to the Emulation Server, and not directly between themselves. When a packet sent by A arrives at the Emulation Server at marker 2 , the Emulation Server uses the Berkeley Packet Filter (BPF) [74] to capture the packet and wrap it into a simulation event. The simulation event representing the packet is then executed by the network layer of A s doppelganger, shown at marker 3 . The event then passes through the simulation models of the network, link, and physical 76 simulated nodes 2 3 ....

S. McCanne. The Berkeley Packet Filter man page. BPF distribution available at ftp://ftp.ee.lbl.gov, May 1991.

....In particular, we do not know at this point the most practical way to generate the certificates. We have thus set out to gain some preliminary experience, both to measure the benefits and to identify the practical problems. In our main experiment, we implemented several network packet filters [10, 13] in DEC Alpha assembly language [16] and then used a special prototype assembler to create SCC binaries for them. We were motivated to use an unsafe assembly language in order to place equal emphasis on both performance and safety, as well as to demonstrate the generality of the SCC approach. In ....

....has the potential to surpass traditional approaches from a safety point of view while maintaining or improving performance. In particular, we show that SCC leads to faster and safer packet filters than previous approaches to code safety in systems software, including Berkeley Packet Filters [10], Software Fault Isolation [20] and programming in the safe subset of Modula 3 [1, 15] Finally, we conclude with a discussion of the remaining difficulties and speculate on what might be necessary to make the approach work on a practical scale. CERTIFICATION COMPILATION UNTRUSTED SOURCE ....

McCanne, S. The Berkeley Packet Filter man page. BPF distribution available at ftp://ftp.ee.lbl.gov.

....footprint and the access to resources. Given the high cost of crossing protection boundaries, researchers have devised other techniques to achieve the same level of safety with more flexibility. One such method is to restrict the execution environment of the untrusted code by interpreting it [24, 44]. The trusted interpreter performs extensive run time checking as it goes along and detects any potentially harmful operation. The major disadvantage of the interpreter approach is that it is an order of magnitude slower than equivalent programs executed directly by the physical machine. This ....

McCanne, S. The Berkeley Packet Filter man page. BPF distribution available at ftp://ftp.ee.lbl.gov, May 1991.

....processes while avoiding context switches. Such an approach has also been investigated by others [5, 18] To investigate the feasibility of this idea, we implemented the BSD packet filter language [29] using Fabius and compared its performance to BPF, a kernel resident interpreter implemented in C [28]. The interpreter shown in Figure 3 is a simple ML function, called eval, that is parameterized by the filter program, a network packet, and variables that encode the machine state. Note that eval is curried: when applied to a filter program and a program counter, the result is a function that is ....

McCanne, S. The Berkeley Packet Filter man page. BPF distribution available at ftp://ftp.ee.lbl.gov.

....and the proof are modified such that validation still succeeds, the new code is also safe. Another feature of the PCC method is that the proof checking algorithm is very simple, allowing fast and easy to trust implementations. In our main experiment, we implemented several network packet filters [12, 16] in DEC Alpha assembly language [21] and then used a special prototype assembler to create PCC binaries for them. We were motivated to use an unsafe assembly language in order to place equal emphasis on both performance and safety, as well as to demonstrate the generality of the PCC approach. In ....

....checks. Predictably, they are much faster than safe packet filters produced by any other means with which we are familiar. In particular, we show that PCC leads to faster and safer packet filters than previous approaches to code safety in systems software, including Berkeley Packet Filters [12], Software Fault Isolation [24] and programming in the safe subset of Modula 3 [1, 9, 17] Although we have worked out many of the theoretical underpinnings for PCC (and indeed, most of the theory is based on old and well known principles from logic, type theory [4, 11] and formal verification ....

McCanne, S. The Berkeley Packet Filter man page. BPF distribution available at ftp://ftp.ee.lbl.gov, May 1991.

....serious difficulty of proving the resulting safety predicates. Proof Carrying Code compares favorably with other techniques used to prevent untrusted code to step outside a safety policy. When compared with runtime techniques such as hardware or software memory protection [18] and interpretation [11, 16] the advantage is the run time performance and the simplicity of the safety critical infrastructure. Another advantage over run time checking is that PCC avoids the possibility that the untrusted code must be terminated abruptly because of a run time error before it has a chance of cleaning up the ....

McCanne, S. The Berkeley Packet Filter man page. BPF distribution available at ftp://ftp.ee.lbl.gov, May 1991.

....In the next section, we show the performance of the code generated by Fabius using a more complicated packet filter. 4 Results Figure 2 compares the overall execution times of the Fabius packet filter implementation (including time spent generating code) to the BPF implementation in C [16], using a packet filter that selects non fragmentary TCP IP packets destined for a Telnet port. To reliably compare execution times, we obtained five sample packet traces by eavesdropping on a busy CMU network, and we averaged execution times over these traces as a precaution against abnormal ....

Steven McCanne. The Berkeley Packet Filter man page. BPF distribution available at ftp://ftp.ee.lbl.gov.

....we have not yet had any need or desire to insert extra run time checks in any of our PCC examples. Still, automation of proof generation remains as one of the most serious obstacles to widespread practical application of PCC. In our main experiment, we implemented several network packet filters [12, 15] in DEC Alpha assembly language [19] and then used a special prototype assembler to create PCC binaries for them. We were motivated to use an unsafe assembly language in order to place equal emphasis on both performance and safety, as well as to demonstrate the generality of the PCC approach. In ....

....has the potential to surpass traditional approaches from a safety point of view while maintaining or improving performance. In particular, we show that PCC leads to faster and safer packet filters than previous approaches to code safety in systems software, including Berkeley Packet Filters [12], Software Fault Isolation [23] and programming in the safe subset of Modula 3 [1, 9, 17] Finally, we conclude with a discussion of the remaining difficulties and speculate on what might be necessary to make the approach work on a practical scale. CPU CODE PRODUCER USER PROCESS UNTRUSTED CLIENT ....

McCanne, S. The Berkeley Packet Filter man page. BPF distribution available at ftp://ftp.ee.lbl.gov, May 1991.

....x, mem, pkt) end . Jump if accumulator equals immediate. else if opcode = JEQ K then if a = filter sub (pc 1) then eval (filter, pc ( instr 8) andb 255) a, x, mem, pkt) else eval (filter, pc (instr andb 255) a, x, mem, pkt) end end Figure 2: Packet filter interpreter in C [19]. The interpreter shown in Figure 2 is a simple ML function, called eval, that is parameterized by the filter program, a network packet, and variables that encode the machine state. Note that eval is curried: when applied to a filter program and a program counter, the result is a function that is ....

Steven McCanne. The Berkeley Packet Filter man page. BPF distribution available at ftp://ftp.ee.lbl.gov.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC