Protecting resources with resource control lists

Resource management has become an important issue for computer systems as QoS-sensitive multimedia applications and hostile acts such as denial of service (DoS) attacks become widespread. Since applications access the processor, network and other subsystems, attacks on any of these subsystems can lead to undesirable behavior. To maintain system integrity even under such attacks, an unprivileged application must not be allowed to intentionally or unintentionally affect the progress of others. The authors present a first-class abstraction called Resource Control Lists (RCLs) to specify and enforce protection policies on time multiplexed resources, similar to access control on files. RCLs put access control on time multiplexed resources such as CPU time and network and disk bandwidth. RCLs are practical, flexible and provide several benefits. Protection policies specified by RCLs can be under administrator control, customized to a site, and can be dynamically adapted. We have built support for RCLs into Linux/RK, a real-time version of Linux that provides resource reservations where applications receive a promised amount of resources by making reservations. Quantitative measurements with limited forms of DoS attacks show that our new features provide flexible functionality while imposing acceptable overhead without modifying the applications. We also demonstrate that resources are protected even in the face of malicious activities. Finally, we show how RCLs can be used to deliver resource protection on multiple Web server configurations including the hosting of multiple logical sites by an ISP and preferential treatment of buyers on e-commerce sites