Home

News

People

Projects

Publications

Workshops

Seminar

Software

Conferences

Funding

Collaborations

Resources

Directions

 

Webmaster

Goals

Description

Publications

Posters

People

Links

Goals

As computer systems become more complex, tolerance to failures and recoverability without compromising performance have emerged as guiding principles for system design. The need for such features is exacerbated by the increasing demand for performance critical, highly available services. Self-healing is becoming increasingly interesting because systems that support it present these features. From a system viewpoint, healing requires at least two functions: (i) Monitoring, for detecting exceptional events like failure, intrusion, policy violations, etc., and (ii) Action in response to these events by recovery, repair, fault containment, etc.

 Backdoor is an architectural approach to building remote healing systems (RHS). An RHS allows a remote machine to nonintrusively monitor a target machine and detect failures, then perform recovery and repair operations. An RHS must not interfere with the normal operation of the target system and must work even if the target system is "dead" (due to a hardware fault, OS crash or freeze) or cannot be accessed by conventional means (due to overload, DoS attack, etc.). Backdoor aims to enable remote access to resources of a machine (memory, I/O devices) for remote healing operations without involving its processor(s).

[Top]

Description

Backdoor (BD) is a system architecture that allows healing operations to be performed on a remote operating system or application image without using remote CPU cycles. 

We identify seven key principles of a BD-based design:

1. Bidirectional access. BD  must support input (read) and output (write) operations on a remote target system.
2. Remote memory access. BD must support at least remote memory access operations. Atomic remote memory access and remote I/O are desirable for more complex healing actions.
3. Availability. BD must be available even after a failure of the target system. Failure of the OS or of a hardware component not used in implementing the BD should not impair its operation.
4. Nonintrusiveness. BD must enable remote access to resources of a computer (memory, I/O controllers, etc.)  without involving processors of the target system.
5. Transparency. BD must not be visible/detectable on the target system by direct means, e.g., by accessing an I/O port.
6. Access control. BD must provide a mechanism to allow the monitor and target operating systems to agree on access permissions when monitoring begins. The target should not be able to close the BD or change access permissions afterwards.
7. Tamper resistance. The target must not be able to change the result of a remote access (to memory, I/O devices, etc.) performed through the BD.

 

Implementation Solutions

One of the key ingredients of the Backdoor architecture is the remote memory communication (RMC) technology provided by standards like VIA or InfiniBand, specifically its support for remote DMA (RDMA) read and write operations. Existing RMC hardware implementations have features that make them attractive for a BD design. In particular, they comply with almost all of the requirements expressed by the above BD design principles.

RMC  provides interesting research opportunities for nonintrusive remote monitoring and intervention on a running system. In contrast with previous research that has used RMC mostly for its performance benefits, we propose a novel approach by using it as a building block in RHS design. 

• Monitoring

  Backdoor uses remote access channels provided by RMC to perform remote monitoring. Monitoring accesses are performed without the intervention of the CPU/OS of the monitored node. They do not impose extra burden on the target node, to the extent that it may even be unaware that it is being monitored.  

  Monitoring over RMC:

  • Does not affect the performance of the monitored system under normal operation as it does not compete for CPU or memory resources.
  • Allows retrieval of state still present in system memory after a failure, if the RMC interface and the memory are available.
  • The entire physical memory of the system is potentially accessible, even after some other critical components of the system have failed.

• Action

Backdoor exploits RMC to implement actions of fine-grained control on a target system at the OS or application level. The action component is semantically rich (depending on the trigger event) and may affect the target system at the OS or application level.  

Through special remote access hooks provided by the BD, a remote system can:

• Inject data or code in a target system to repair, patch the OS or applications running on it
• Extract data from a dead system, to be recovered on another healthy system
• Perform these actions even after other conventional access paths have failed due to hardware or software faults

[Top]

Publications

• Recovering Internet Service Sessions from Operating System Failures.
  F. Sultan, A. Bohra, P. Gallard, I. Neamtiu, S. Smaldone, Y. Pan, and L. Iftode. To appear in IEEE Internet Computing,ICSI-0116-0804 Special Issue - Recovery-Oriented Approaches to Dependability. An extended version has been published as Rutgers University Technical Report, DCS-TR-524.
• Citadel: Defensive Architectures for Computer Systems and Networks.
  F. Sultan, A. Bohra, P. Gallard, S. Smaldone, Y. Pan, B. Nath, L. Iftode. Rutgers University Technical Report DCS-TR-554, March 2004. Submitted for publication.
• Remote Repair of Operating System State Using Backdoors.
  A. Bohra, I. Neamtiu, P. Gallard, F. Sultan, and L. Iftode. Proceedings of The International Conference on Autonomic Computing (ICAC-04), May 2004. An initial version was published as Rutgers University Technical Report, DCS-TR-543, January 2004.
• System Support for Nonintrusive Failure Detection and Recovery using Backdoors.
  F. Sultan, A. Bohra, P. Gallard, I. Neamtiu, S. Smaldone, Y. Pan, and L. Iftode. Rutgers University Technical Report, DCS-TR-524, December 2003.
• Nonintrusive Remote Healing Using Backdoors
  F. Sultan, A. Bohra, I. Neamtiu, L. Iftode. Proceedings of First Workshop on Algorithms and Architectures for Self-Managing Systems, in conjunction with ISCA '03, June 2003. An initial version was published as Rutgers University Technical Report DCS-TR-522, April 2003.

[Top]

Posters

• Poster presented at SOSP 19
  
  

People

 

Faculty

Liviu Iftode

Graduate Students

Florin Sultan , Aniruddha Bohra , Iulian Neamtiu , Pascal Gallard , Yufei Pan , Steve Smaldone

[Top]

Links

• The Stanford/Berkeley Recovery Oriented Computing Project
• IBM Research, Autonomic Computing
• Vivo : A Systematic Approach to Improving the Availability of Cluster-Based Internet Services
• Service Continuations - Disco Lab
• Migratory TCP - Disco Lab

[Top]