# Protected Data Plane OS Using Memory Protection Keys and Lightweight   Activation

**Authors:** Yihan Yang, Zhuobin Huang, Antoine Kaufmann, Jialin Li

arXiv: 2302.14417 · 2023-03-02

## TL;DR

Tardis is a novel network stack architecture that combines kernel-bypass performance with in-kernel security using memory protection keys and lightweight scheduling, enabling efficient and secure high-speed data center networking.

## Contribution

Tardis introduces a user-level network stack that uses x86 MPK for security and lightweight scheduler activations for performance isolation, bridging the gap between kernel-bypass and in-kernel stacks.

## Key findings

- Reduces kernel context switches significantly.
- Provides fine-grained performance isolation.
- Achieves high throughput with security guarantees.

## Abstract

Increasing data center network speed coupled with application requirements for high throughput and low latencies have raised the efficiency bar for network stacks. To reduce substantial kernel overhead in network processing, recent proposals bypass the kernel or implement the stack as user space OS service -- both with performance isolation, security, and resource efficiency trade-offs. We present Tardis, a new network stack architecture that combines the performance and resource efficiency benefits of kernel-bypass and the security and performance enforcement of in-kernel stacks. Tardis runs the OS I/O stack in user-level threads that share both address spaces and kernel threads with applications, avoiding almost all kernel context switch and cross-core communication overheads. To provide sufficient protection, Tardis leverages x86 protection keys (MPK) extension to isolate the I/O stack from application code. And to enforce timely scheduling of network processing and fine-grained performance isolation, Tardis implements lightweight scheduler activations with preemption timers.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/2302.14417/full.md

## Figures

44 figures with captions in the complete paper: https://tomesphere.com/paper/2302.14417/full.md

## References

47 references — full list in the complete paper: https://tomesphere.com/paper/2302.14417/full.md

---
Source: https://tomesphere.com/paper/2302.14417