Check out the new USENIX Web site. next up previous
Next: System Architecture Up: Discussion Previous: Discussion

Cryptography in the Kernel

As we saw in the previous section, the influence of multi-threading on performance is strong, which suggests that busy servers can make better use of hardware cryptography than clients. This supports the observations of Dean, et al. [6] that it may make sense to make cryptography a shared network service to achieve the best cost/performance in a secure system. Notice that, within the boundaries of one host (operating system instance), this is precisely what the OCF does. We should also mention that use of a threaded model for applications involves an obvious security vs. implementation complexity trade-off.

Although the performance of individual applications may not improve drastically when using an accelerator, it appears that the aggregate performance of a number of applications (as may be the case in a system with many remote login sessions, a busy web server, or a VPN gateway) does improve, as a result of increased utilization. Furthermore, hardware accelerators can give a performance boost to the rest of the system, as was seen in Figure 4. Very simply, they eliminate contention for the CPU, which is a resource shared by all applications and the operating system itself. Thus, while throughput is not drastically improved (and may in fact degrade in certain scenarios) with use of hardware acceleration, overall system utilization improves because the main CPU is left to perform other tasks.


next up previous
Next: System Architecture Up: Discussion Previous: Discussion
Angelos D. Keromytis
3/25/2003