NSDI '06 — Abstract
Pp. 183–196 of the Proceedings
Connection Conditioning: Architecture-Independent Support for Simple, Robust Servers
KyoungSoo Park and Vivek S. Pai, Princeton University
Abstract
For many network server applications, extracting the maximum
performance or scalability from the hardware may no longer be much of
a concern, given today's pricing - a $300 system can easily handle
100 Mbps of Web server traffic, which would cost nearly $30,000 per
month in most areas. Freed from worrying about absolute performance,
we re-examine the design space for simplicity and security, and show
that a design approach inspired by Unix pipes, Connection Conditioning
(CC), can provide architecture-neutral support for these goals.
By moving security and connection management into separate filters
outside the server program, CC supports multi-process, multi-threaded,
and event-driven servers, with no changes to programming style.
Moreover, these filters are customizable and reusable, making it easy
to add security to any Web-based service. We show that CC-enhanced
servers can easily support a range of security policies, and that
offloading connection management allows even simple servers to perform
comparably to much more complicated systems.
- View the full text of this paper in HTML and PDF. Listen to the presentation in MP3 format.
Until May 2007, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
|
