Security Benchmarks

From: Crispin Cowan (crispin@private)
Date: Wed Mar 09 2005 - 15:18:50 PST

Stephen Smalley wrote:

>In the past, we haven't found kernel compile benchmark to be very
>revealing for SELinux performance analysis.  dbench results would be of
>interest.  More generally, you might want to repeat the tests done for
>the AVC RCU work, see 
Hmm. What do you mean that kernel compile is "not very revealing" for 
SELinux performance analysis?

To be sure, kernel compile (khernelstone :) is a macrobenchmark, and 
will not give you high-resolution data on the cost imposed on individual 
operations. For microbenchmarks, I prefer lmbench.

For macrobenchmarks, you want something that does lots of stuff, so that 
the run times are long enough to measure, and does the right mix of 
stuff, so that the workload is representative for "typical" workloads. 
Of course, "typical" is in the eye of the beholder.

At Immunix, we tend to use 2 macrobenchmarks: khernelstone, and 
Webstone. Kernel compile does lots of everything (CPU, disk, and memory) 
presenting a heavy workload, and thus *should* make a good benchmark, 
unless the workload mix is somehow wrong.

Stephen, what do you find wrong about the workload mix in kernel 
compiles? What would you suggest instead?


Crispin Cowan, Ph.D.
CTO, Immunix

This archive was generated by hypermail 2.1.3 : Wed Mar 09 2005 - 15:19:21 PST