Re: Benchmarks (was Re: Hooking into Linux using the LTT)

• Previous message: Crispin Cowan: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• In reply to: Crispin Cowan: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Next in thread: Crispin Cowan: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Next in thread: Karim Yaghmour: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Next in thread: Karim Yaghmour: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Reply: Crispin Cowan: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Has anyone began rudimentary documentation on the whole project? I'd
love to have a single place to review options and or existing
architecture bits (like benchmarks). If all we have is the mailing
list, then perhaps it would be a good idea to start documenting out
the good stuff for a weekly summary.





Crispin Cowan writes:
 > "Anil B. Somayaji" wrote:
 > 
 > > Karim Yaghmour <karymat_private> writes:
 > > > But you'd be interested to know that adding the hooks within
 > > > the kernel yields at most 1% overhead over very heavy load.
 > > > With the case of a kernel compile, for example, the overhead
 > > > is around 0.25%.
 > > These results are quite good; however, I was wondering - was this for
 > > micro-benchmarks, or only macro ones?  In my own work, I've noticed
 > > that doubling the time a fork and exec takes only results in a few
 > > percent slowdown for kernel builds.
 > 
 > Acutally, I think 1% overhead at the macro level is very poor.  That's
 > the overhead for SubDomain with the security checks running in the worst
 > possible case.  If the basic LSM infrastructure costs 1%, then that's way
 > too much.
 > 
 > 
 > > But if we are to get anything incorporated into
 > > the main kernel tree, we have to show that our modifications have
 > > minimal impact on system call and interrupt latency.
 > 
 > Exactly.
 > 
 > 
 > > My hunch is that the LTT represents a rough lower-bound for the
 > > performance of a flexible security module interface.
 > 
 > I was thinking of LTT as an upper bound :-)
 > 
 > 
 > > I hope we can have a general interface (that would be very good for
 > > me, definitely), but I bring this up because I'm not that optimistic.
 > 
 > Instead of saying "lets do everything", why don't you specify what you
 > need?  And while you're at it, try to think about how to achieve what you
 > want with less intrusion into the kernel, and see how many of your
 > requirements can be lifted.
 > 
 > Crispin
 > 
 > --
 > Crispin Cowan, Ph.D.
 > Chief Scientist, WireX Communications, Inc. http://wirex.com
 > Security Hardened Linux Distribution:       http://immunix.org
 > 
 > 
 > _______________________________________________
 > linux-security-module mailing list
 > linux-security-moduleat_private
 > http://mail.wirex.com/mailman/listinfo/linux-security-module


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Kurt P. Hundeck: "Re: linux-security-module digest, Vol 1 #12 - 7 msgs"
• Previous message: Crispin Cowan: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• In reply to: Crispin Cowan: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Next in thread: Crispin Cowan: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Next in thread: Karim Yaghmour: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Next in thread: Karim Yaghmour: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Reply: Crispin Cowan: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Apr 15 2001 - 12:59:03 PDT