Princeton University
Publication Info
|
Network Systems Group Princeton University Publication Info |
Connection Conditioning: Architecture-Independent Support for Simple, Robust Servers
For many network server applications, extracting the maximum performance or scalability from the hardware may no longer be much of a concern, given today's pricing -- a $300 system can easily handle 100 Mbps of Web server traffic, which would cost nearly $30,000 per month in most areas. Freed from worrying about absolute performance, we re-examine the design space for simplicity and security, and show that a design approach inspired by Unix pipes, Connection Conditioning (CC), can provide architecture-neutral support for these goals.
By moving security and connection management into separate filters outside the server program, CC supports multi-process, multi-threaded, and event-driven servers, with no changes to programming style. These filters are customizable and reusable, making it easy to add security to any Web-based service. We show that CC-aided servers can support a range of security policies, and that offloading connection management allows even simple servers to perform comparably to much more complicated systems.
In Proceedings of the Third Symposium on Networked Systems Design and
Implementation (NSDI '06)
San Jose, CA, May 2006
paper gzip'd PostScript, 74 kB
paper PDF, 176 kB
talk slides PowerPoint, 258 kB
BibTeX