5 research outputs found
Implementing Legba: Fine-Grained Memory Protection
Get PDFFine-grained hardware protection could provide a powerful and effective means for isolating untrusted code. However, previous techniques for providing fine-grained protection in hardware have lead to poor performance. Legba has been proposed as a new caching architecture, designed to reduce the granularity of protection, without slowing down the processor. Unfortunately, the designers of Legba have not attempted an implementation. Instead, all of their analysis is based purely on simulations. We present an implementation of the Legba design on a MIPS Core Processor, along with an analysis of our observations and results
Protection is a Software Issue BrianN.BershadStefanSavagePrzemys lawPardyak
No full textThere is a misconception in much of the operating systems community that hardware mechanisms are the only way to ensure system integrity in the presence of malfunctioning or malicious code [Cheriton & Duda 94, Golub et al. 90, Cheriton & Zwaenepoel 83]. For example, for almost 10 years we've heard tales of how microkernels are more reliable than monolithic systems because they rely on hardware implemented address space boundaries to enforce protection between independent subsystems. Despite this, our microkernel-based systems seem to crash about as often as our conventional systems. A lot of our friends say the same thing. Before microkernel systems, layered protection hierarchies were asserted to have greater reliability. Intel x86 processors provid
Protection is a Software Issue BrianN.BershadStefanSavagePrzemys lawPardyak
No full textThere is a misconception in much of the operating systems community that hardware mechanisms are the only way to ensure system integrity in the presence of malfunctioning or malicious code [Cheriton & Duda 94, Golub et al. 90, Cheriton & Zwaenepoel 83]. For example, for almost 10 years we've heard tales of how microkernels are more reliable than monolithic systems because they rely on hardware implemented address space boundaries to enforce protection between independent subsystems. Despite this, our microkernel-based systems seem to crash about as often as our conventional systems. A lot of our friends say the same thing. Before microkernel systems, layered protection hierarchies were asserted to have greater reliability. Intel x86 processors provid
Drawing the Red Line in Java
No full textSoftware-based protection has become a viable alternative to hardware-based protection in systems based on languages such as Java, but the absence of hardware mechanisms for protection has been coupled with an absence of a user/kernel boundary. We show why such a "red line" must be present in order for a Java virtual machine to be as effective and as reliable as an operating system. We discuss how the red line can be implemented using software mechanisms, and explain the ones we use in the Java system that we are building. 1. Introduction A paper that appeared at a previous HotOS [4] stated that "protection is a software issue." This statement is incomplete; we would reword it as "Protection is a software issue, but it is not the only software issue." In particular, issues such as resource control, communication, and termination need to be dealt with in software if hardware protection mechanisms are not present. To date, systems that replace hardware mechanisms with software mechanism..
