BEGIN:VCALENDAR
VERSION:2.0
PRODID:Linklings LLC
BEGIN:VTIMEZONE
TZID:America/Denver
X-LIC-LOCATION:America/Denver
BEGIN:DAYLIGHT
TZOFFSETFROM:-0700
TZOFFSETTO:-0600
TZNAME:MDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0600
TZOFFSETTO:-0700
TZNAME:MST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20260422T000712Z
LOCATION:704-706
DTSTART;TZID=America/Denver:20231112T111800
DTEND;TZID=America/Denver:20231112T114200
UID:submissions.supercomputing.org_SC23_sess424_ws_ross104@linklings.com
SUMMARY:CARAT KOP:  Toward Protecting the Core HPC Kernel from Linux Kerne
 l Modules
DESCRIPTION:Thomas Filipiuk, Nick Wanninger, Nadharm Dhiantravan, and Cars
 on Surmeier (Northwestern University); Alex Bernat (Harvard University); a
 nd Peter Dinda (Northwestern University)\n\nExtending Linux through kernel
  modules offers immense potential benefits and capabilities for HPC.  Depl
 oyment is also more likely since Linux is typically the only supported ven
 dor OS. However, because Linux is monolithic, kernel modules are free to a
 ccess any address with maximum permissions. A poorly written---or untrustw
 orthy---module can wreak havoc.   This makes it hard to justify including 
 custom kernel modules in production HPC systems.  We address this limitati
 on using the previously developed compiler- and runtime-based address tran
 slation (CARAT) model and toolchain, which injects guards around memory ac
 cesses.  The accesses are then allowed/disallowed according to a policy.  
 We share our results regarding the guard injection and address validation 
 process.  Our CARAT-based Kernel Object Protection (CARAT KOP) prototype i
 s able to transform a substantial production kernel module from the kernel
  tree (a NIC driver comprising ~19,000 lines of code). The transformed mod
 ule runs with minimal effect on its performance.\n\nTag: Middleware and Sy
 stem Software, Programming Frameworks and System Software, Runtime Systems
 \n\nRegistration Category: Workshop Reg Pass\n\nSession Chairs: Balazs Ger
 ofi (Intel Corporation, RIKEN Center for Computational Science (R-CCS)); T
 orsten Hoefler (ETH Zürich, Microsoft Corporation); and Kamil Iskra (Argon
 ne National Laboratory (ANL))\n\n
END:VEVENT
END:VCALENDAR