Sikker : A High-Performance Distributed System Architecture for Secure Service-Oriented Computing
@inproceedings{McDonald2016SikkerA, title={Sikker : A High-Performance Distributed System Architecture for Secure Service-Oriented Computing}, author={Nic McDonald and William J. Dally}, year={2016} }
In this paper, we present Sikker1, a high-performance distributed system architecture for secure service-oriented computing. Sikker includes a novel service-oriented application model upon which security and isolation policies are derived and enforced. The workhorse of Sikker is a custom network interface controller, called the Network Management Unit (NMU), that enforces Sikker’s security and isolation policies while providing high-performance network access. Sikker’s application model…
Figures and Tables from this paper
References
SHOWING 1-10 OF 50 REFERENCES
Maximizing Throughput of Overprovisioned HPC Data Centers Under a Strict Power Budget
- Computer ScienceSC14: International Conference for High Performance Computing, Networking, Storage and Analysis
- 2014
A software-based online resource management system that leverages hardware facilitated capability to constrain the power consumption of each node in order to optimally allocate power and nodes to a job and a performance modeling scheme that estimates the essential power characteristics of a job at any scale is proposed.
Towards predictable datacenter networks
- Computer Science
- 2011
The case for extending the tenant-provider interface to explicitly account for the network is made, and the design of virtual network abstractions that capture the trade-off between the performance guarantees offered to tenants, their costs and the provider revenue are proposed.
Managing Performance Overhead of Virtual Machines in Cloud Computing: A Survey, State of the Art, and Future Directions
- Computer ScienceProceedings of the IEEE
- 2014
The causes of VM performance overhead are unveiled by illustrating representative scenarios, the performance modeling methods with a particular focus on their accuracy and cost are discussed, and the overhead mitigation techniques are compared by identifying their effectiveness and implementation complexity.
SecondNet: a data center network virtualization architecture with bandwidth guarantees
- Computer ScienceCoNEXT
- 2010
This paper proposes virtual data center (VDC) as the unit of resource allocation for multiple tenants in the cloud and introduces a centralized VDC allocation algorithm for bandwidth guaranteed virtual to physical mapping.
The PERCS High-Performance Interconnect
- Computer Science2010 18th IEEE Symposium on High Performance Interconnects
- 2010
The Blue Waters System, which is being constructed at NCSA, is an exemplar large-scale PERCS installation that is expected to deliver sustained Pet scale performance over a wide range of applications.
Sharing the Data Center Network
- Computer ScienceNSDI
- 2011
This work presents Seawall, a network bandwidth allocation scheme that divides network capacity based on an administrator-specified policy that adds little overhead and achieves strong performance isolation.
Extending Networking into the Virtualization Layer
- Computer ScienceHotNets
- 2009
This work describes how Open vSwitch can be used to tackle problems such as isolation in joint-tenant environments, mobility across subnets, and distributing configuration and visibility across hosts.
Enabling fair pricing on HPC systems with node sharing
- Computer Science2013 SC - International Conference for High Performance Computing, Networking, Storage and Analysis (SC)
- 2013
POPPA is a runtime system that enables fair pricing by delivering precise online interference detection and facilitates the adoption of supercomputers with co-locations and is able to quantify inter-application interference within 4% mean absolute error on a variety of co-located benchmark and real scientific workloads.
FairCloud: sharing the network in cloud computing
- Computer ScienceCCRV
- 2011
This paper starts from the above requirements--payment proportionality and minimum guarantees--and shows that the network-specific challenges lead to fundamental tradeoffs when sharing cloud networks, and proposes a set of properties to explicitly express these tradeoffs.