Integrating segmentation and paging protection for safe, efficient and transparent software extensions

Authors:
Tzi-cker Chiueh;Ganesh Venkitachalam;Prashant Pradhan
Affiliations:
Computer Science Department, State University of New York at Stony Brook;Computer Science Department, State University of New York at Stony Brook;Computer Science Department, State University of New York at Stony Brook
Venue:
Proceedings of the seventeenth ACM symposium on Operating systems principles
Year:
1999

Citing 21
Cited 22

Lightweight remote procedure call

ACM Transactions on Computer Systems (TOCS)
The POSTGRES next generation database management system

Communications of the ACM
Efficient software-based fault isolation

SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Sharing and protection in a single-address-space operating system

ACM Transactions on Computer Systems (TOCS) - Special issue on computer architecture
Extensibility safety and performance in the SPIN operating system

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Dealing with disaster: surviving misbehaved kernel extensions

OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Safe kernel extensions without run-time checking

OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Application performance and flexibility on exokernel systems

Proceedings of the sixteenth ACM symposium on Operating systems principles
The Mungi single-address-space operating system

Software—Practice & Experience - Special issue on multiprocessor operating systems
The Multics virtual memory: concepts and design

Communications of the ACM
The Java Language Specification

The Java Language Specification
MiSFIT: Constructing Safe Extensible Systems

IEEE Concurrency
DataBlade Extensions for INFORMIX-Universal Server

COMPCON '97 Proceedings of the 42nd IEEE International Computer Conference
Achieved IPC Performance

HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Operating Systems for Component Software Environments

HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Operating Systems Support for Programmable Cluster-Based Internet Routers

HOTOS '99 Proceedings of the The Seventh Workshop on Hot Topics in Operating Systems
High Performance Common Gateway Interface Invocation

WIAPP '99 Proceedings of the 1999 IEEE Workshop on Internet Applications
A comparison of OS extension technologies

ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
Protected shared libraries: a new approach to modularity and sharing

ATEC '97 Proceedings of the annual conference on USENIX Annual Technical Conference
A survey of active network research

IEEE Communications Magazine
A secure active network environment architecture: realization in SwitchWare

IEEE Network: The Magazine of Global Internetworking

Safety checking of machine code

PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Implementation and evaluation of a QoS-capable cluster-based IP router

Proceedings of the 2002 ACM/IEEE conference on Supercomputing
A Secure Access Control Mechanism against Internet Crackers

ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
A high performance Kernel-Less Operating System architecture

ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
Nooks: an architecture for reliable device drivers

EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Heap protection for Java virtual machines

PPPJ '06 Proceedings of the 4th international symposium on Principles and practice of programming in Java
Recovering device drivers

ACM Transactions on Computer Systems (TOCS)
Operating system support for virtual machines

ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
VXA: a virtual architecture for durable compressed archives

FAST'05 Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies - Volume 4
Recovering device drivers

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Kernel plugins: when a VM is too much

VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
Java heap protection for debugging native methods

Science of Computer Programming
Using hypervisor to provide data secrecy for user applications on a per-page basis

Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Vx32: lightweight user-level sandboxing on the x86

ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Flexible and efficient sandboxing based on fine-grained protection domains

ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Fast bounds checking using debug register

HiPEAC'08 Proceedings of the 3rd international conference on High performance embedded architectures and compilers
Sentry: light-weight auxiliary memory access control

Proceedings of the 37th annual international symposium on Computer architecture
Leveraging legacy code to deploy desktop applications on the web

OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
SegSlice: towards a new class of secure programming primitives for trustworthy platforms

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Application-specific service technologies for commodity operating systems in real-time environments

ACM Transactions on Embedded Computing Systems (TECS)
Ribbons: a partially shared memory programming model

Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Understanding modern device drivers

ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The trend towards extensible software architectures and component-based software development demands safe, efficient, and easy-to-use extension mechanisms to enforce protection boundaries among software modules residing in the same address space. This paper describes the design, implementation, and evaluation of a novel intra-address space protection mechanism called Palladium, which exploits the segmentation and paging hardware in the Intel X86 architecture and efficiently supports safe kernel-level and user-level extensions in a way that is largely transparent to programmers and existing programming tools. Based on the considerations on ease of extension programming and systems implementation complexity, Palladium uses different approaches to support user-level and kernel-level extension mechanisms. To demonstrate the effectiveness of the Palladium architecture, we built a Web server that exploits the user-level extension mechanism to invoke CGI scripts as local function calls in a safe way, and we constructed a compiled network packet filter that exploits the kernel-level extension mechanism to run packet-filtering binaries safely inside the kernel at native speed. The current Palladium prototype implementation demonstrates that a protected procedure call and return costs 142 CPU cycles on a Pentium 200MHz machine running Linux.