CS533 Concepts of Operating Systems Jonathan Walpole.

Slides:



Advertisements
Similar presentations
Memory Protection: Kernel and User Address Spaces  Background  Address binding  How memory protection is achieved.
Advertisements

Computer Architecture CSCE 350
The University of Adelaide, School of Computer Science
Assembler/Linker/Loader Mooly Sagiv html:// Chapter 4.3 J. Levine: Linkers & Loaders
Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec
Procedures and Stacks. Outline Stack organization PUSH and POP instructions Defining and Calling procedures.
Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.
“Efficient Software-Based Fault Isolation” (1993) by: Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham PRESENTED BY DAVID KENNEDY.
CS533 Concepts of Operating Systems Class 12 Extensibility via Software Based Protection.
G Robert Grimm New York University Lightweight RPC.
CS533 Concepts of Operating Systems Class 13 Micro-kernels (cont.) Extensibility via Software Based Protection.
1 Storage Registers vs. memory Access to registers is much faster than access to memory Goal: store as much data as possible in registers Limitations/considerations:
Tutorials 2 A programmer can use two approaches when designing a distributed application. Describe what are they? Communication-Oriented Design Begin with.
PC hardware and x86 3/3/08 Frans Kaashoek MIT
Dawson R. Engler, M. Frans Kaashoek, and James O'Tool Jr.
CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.
Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, Henry M. Levy ACM Transactions Vol. 8, No. 1, February 1990,
CS533 Concepts of Operating Systems Class 6 Micro-kernels Extensibility via Hardware or Software Based Protection.
User-Level Interprocess Communication for Shared Memory Multiprocessors Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented.
CS510 Concurrent Systems Jonathan Walpole. Lightweight Remote Procedure Call (LRPC)
Efficient Software-Based Fault Isolation—sandboxing Presented by Carl Yao.
Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?
CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
IMPROVING THE RELIABILITY OF COMMODITY OPERATING SYSTEMS Michael M. Swift Brian N. Bershad Henry M. Levy University of Washington.
6.828: PC hardware and x86 Frans Kaashoek
CS533 Concepts of Operating Systems Jonathan Walpole.
A genda for Today What is memory management Source code to execution Address binding Logical and physical address spaces Dynamic loading, dynamic linking,
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Architecture Support for OS CSCI 444/544 Operating Systems Fall 2008.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
CS533 Concepts of Operating Systems Jonathan Walpole.
Chapter 4 Memory Management Virtual Memory.
Efficient Software-Based Fault Isolation Robert Wahbe, Steven Lucco Thomas E. Anderson, Susan L. Graham J. Garrett Morris, presenter.
Operating Systems Lecture 14 Segments Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing Liu School of Software Engineering.
Lecture 5 Page 1 CS 111 Online Processes CS 111 On-Line MS Program Operating Systems Peter Reiher.
Networking Implementations (part 1) CPS210 Spring 2006.
Operating Systems CSE 411 CPU Management Sept Lecture 10 Instructor: Bhuvan Urgaonkar.
Efficient Software-Based Fault Isolation By Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham Presented by Pehr Collins.
Processes and Virtual Memory
Efficient Software Based Fault Isolation Author: Robert Wahobe,Steven Lucco,Thomas E Anderson, Susan L Graham Presenter: Maitree kanungo Date:02/17/2010.
Efficient Software-based Fault Isolation Robert Wahbe, Steven Lucco, Thomas E. Anderson & Susan L. Graham Presented By Tony Bock.
1 "Efficient Software-based Fault Isolation" by R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Presenter: Tom Burkleaux.
Efficient Software-Based Fault Isolation Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham.
Efficient software-based fault isolation Robert Wahbe, Steven Lucco, Thomas Anderson & Susan Graham Presented by: Stelian Coros.
Efficient Software-Based Fault Isolation Authors: Robert Wahbe Steven Lucco Thomas E. Anderson Susan L. Graham Presenter: Gregory Netland.
CS533 Concepts of Operating Systems Jonathan Walpole.
Interrupts and Exception Handling. Execution We are quite aware of the Fetch, Execute process of the control unit of the CPU –Fetch and instruction as.
Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.
Memory Protection: Kernel and User Address Spaces Andy Wang Operating Systems COP 4610 / CGS 5765.
Efficient Software-Based Fault Isolation
Introduction to Operating Systems
Segmentation COMP 755.
Memory Protection: Kernel and User Address Spaces
CS533 Concepts of Operating Systems
© Craig Zilles (adapted from slides by Howard Huang)
Memory Protection: Kernel and User Address Spaces
Introduction to Operating Systems
Memory Protection: Kernel and User Address Spaces
Memory Protection: Kernel and User Address Spaces
Security in Java Real or Decaf? cs205: engineering software
IMPROVING THE RELIABILITY OF COMMODITY OPERATING SYSTEMS
CSE 451: Operating Systems Spring 2012 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
Hardware Works, Software Doesn’t: Enforcing Modularity with Mondriaan Memory Protection Emmett Witchel Krste Asanović MIT Lab for Computer Science.
CS533 Concepts of Operating Systems Class 14
CS533 Concepts of Operating Systems Class 6
CS533 Concepts of Operating Systems Class 13
CS533 Concepts of Operating Systems Class 13
© Craig Zilles (adapted from slides by Howard Huang)
Memory Protection: Kernel and User Address Spaces
Dynamic Binary Translators and Instrumenters
Presentation transcript:

CS533 Concepts of Operating Systems Jonathan Walpole

Efficient Software-Based Fault Isolation

The Cost of Protection-Domains Micro-kernel performance -L4-Linux is not as fast as monolithic Linux -but is it acceptable given the benefits? What were the benefits? -Did we get fine-grain protection domains? -L4 had the Linux server in a single domain -What performance would L4 achieve with fine-grain protection?

Alternate Approaches Protection using address space boundaries is inherently expensive -even with hardware support - execution within a domain is fast, but across domain boundaries is slow Language-level protection might help -binary rewriting (this paper) -type-safe languages (SPIN)

Software Fault Isolation Basic idea: create multiple protection domains within a single address space -catch attempts to access memory outside a domain -but don’t do this using hardware faults -instead, insert code that checks accesses - we could do this dynamically or statically - how can we communicate across domain boundaries?

Enforcing Protection Domains Protection domains are aligned and sized as a power of two bytes -all memory addresses in the same domain share the same high-order bits -those bits are checked for all memory references (loads, stores, jump targets) -if the bits don’t match, the access is invalid

But That’s Too Expensive Reads can’t hurt anything, so only check stores and jump targets? -is that ok? If that is still too expensive, maybe just set the high order bits without checking -force the access to fall within the domain -this is called sandboxing -it may be hard to detect bugs

How Is It Implemented? Modify GCC to generate sandboxed binaries -done at RTL level -RTL is an architecture independent assembly language -involves reserving up to 5 registers -adding sandboxing instructions Its done at compile-time but still needs runtime checks!

Segment Matching

Sandboxing

Costs Segment matching -4x instruction overhead -4 dedicated registers Sandboxing: -3x instruction overhead -5 dedicated registers How can this possibly be a win?

Performance Implications Impact of dedicated registers depends on architecture -with 32 registers its not noticeable -with 8 registers it is The extra instructions make normal execution much slower! Can we win back this performance through lower IPC costs?

Cross Domain RPC Single thread runs in caller and callee No address space switch Control flow uses a jump table to cross domain boundaries -readable, but not be writeable!

Call stub: 1.save trusted registers 2.set up dedicated registers 3.switch to untrusted stack 4.copy arguments to stack 5.Jump to called procedure Return stub: 1.restore trusted registers 2.switch to trusted stack 3.copy return values back to trusted stack Cross Domain RPC

Null Procedure Call Cost

Execution Overhead

50% of time in untrusted code 100% of time in untrusted code r: y-axis tc: x-axis h:overhead when in untrusted td: percent of time in untrusted When Does It Win?

Closing Thoughts Is it really language independent? How portable is it across CPU architectures?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.