Efficient Software-Based Fault Isolation Robert Wahbe, Steven Lucco Thomas E. Anderson, Susan L. Graham J. Garrett Morris, presenter.

Slides:



Advertisements
Similar presentations
Memory Protection: Kernel and User Address Spaces  Background  Address binding  How memory protection is achieved.
Advertisements

Remote Procedure Call Design issues Implementation RPC programming
Lightweight Remote Procedure Call BRIAN N. BERSHAD THOMAS E. ANDERSON EDWARD D. LAZOWSKA HENRY M. LEVY Presented by Wen Sun.
Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.
“Efficient Software-Based Fault Isolation” (1993) by: Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham PRESENTED BY DAVID KENNEDY.
Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,
CS533 Concepts of Operating Systems Class 12 Extensibility via Software Based Protection.
CS533 Concepts of Operating Systems Class 13 Micro-kernels (cont.) Extensibility via Software Based Protection.
CS 333 Introduction to Operating Systems Class 12 - Virtual Memory (2) Jonathan Walpole Computer Science Portland State University.
OmniVM Efficient and Language- Independent Mobile Programs Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco and Robert Wahbe from Carnegie Mellon University.
G Robert Grimm New York University Disco.
Copyright © 2005 EEM202A/CSM213A - Fall 2005 Ram Kumar & Roy Shea UCLA - NESL Lecture #12: Reliable Embedded.
Introduction to Kernel
Advanced OS Chapter 3p2 Sections 3.4 / 3.5. Interrupts These enable software to respond to signals from hardware. The set of instructions to be executed.
Memory Management April 28, 2000 Instructor: Gary Kimura.
CS533 Concepts of Operating Systems Class 6 Micro-kernels Extensibility via Hardware or Software Based Protection.
OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.
Efficient Software-Based Fault Isolation—sandboxing Presented by Carl Yao.
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.
Disco : Running commodity operating system on scalable multiprocessor Edouard et al. Presented by Jonathan Walpole (based on a slide set from Vidhya Sivasankaran)
CS533 Concepts of Operating Systems Jonathan Walpole.
Secure Execution of Untrusted Code
1 Micro-kernel. 2 Key points Microkernel provides minimal abstractions –Address space, threads, IPC Abstractions –… are machine independent –But implementation.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Architecture Support for OS CSCI 444/544 Operating Systems Fall 2008.
Cosc 4010 Sandboxing. Last lecture Last time, we covered chroot, which is a method to "sandbox" a problem. –Not full proof by any means. Many simple mistakes.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS-Related Hardware.
CS533 Concepts of Operating Systems Jonathan Walpole.
Operating Systems ECE344 Ding Yuan Paging Lecture 8: Paging.
Operating Systems Lecture 7 OS Potpourri Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing Liu School of Software.
Chapter 4 Memory Management Virtual Memory.
Disco: Running Commodity Operating Systems on Scalable Multiprocessors Edouard et al. Madhura S Rama.
G53SEC 1 Reference Monitors Enforcement of Access Control.
CS399 New Beginnings Jonathan Walpole. Virtual Memory (1)
Disco : Running commodity operating system on scalable multiprocessor Edouard et al. Presented by Vidhya Sivasankaran.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM
Operating System Organization Chapter 3 Michelle Grieco.
Operating System Structure A key concept of operating systems is multiprogramming. –Goal of multiprogramming is to efficiently utilize all of the computing.
We will focus on operating system concepts What does it do? How is it implemented? Apply to Windows, Linux, Unix, Solaris, Mac OS X. Will discuss differences.
Efficient Software-Based Fault Isolation By Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham Presented by Pehr Collins.
Processes, Threads, and Process States. Programs and Processes  Program: an executable file (before/after compilation)  Process: an instance of a program.
Processes and Virtual Memory
Efficient Software Based Fault Isolation Author: Robert Wahobe,Steven Lucco,Thomas E Anderson, Susan L Graham Presenter: Maitree kanungo Date:02/17/2010.
Efficient Software-based Fault Isolation Robert Wahbe, Steven Lucco, Thomas E. Anderson & Susan L. Graham Presented By Tony Bock.
Full and Para Virtualization
1 "Efficient Software-based Fault Isolation" by R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Presenter: Tom Burkleaux.
Efficient Software-Based Fault Isolation Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham.
Efficient software-based fault isolation Robert Wahbe, Steven Lucco, Thomas Anderson & Susan Graham Presented by: Stelian Coros.
Efficient Software-Based Fault Isolation Authors: Robert Wahbe Steven Lucco Thomas E. Anderson Susan L. Graham Presenter: Gregory Netland.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
CS5204 Fall 20051Oct. 26, 2005 Mondrix: Memory Isolation for Linux using Mondriaan Memory Protection Emmett Witchel Junghwan Rhee Krste Asanovic Sreeram.
Interrupts and Exception Handling. Execution We are quite aware of the Fetch, Execute process of the control unit of the CPU –Fetch and instruction as.
Kernel Modules – Introduction CSC/ECE 573, Sections 001 Fall, 2012.
Translation Lookaside Buffer
Introduction to Operating Systems
Efficient Software-Based Fault Isolation
Memory Protection: Kernel and User Address Spaces
Memory Protection: Kernel and User Address Spaces
Memory Protection: Kernel and User Address Spaces
Memory Protection: Kernel and User Address Spaces
CS-3013 Operating Systems Hugh C. Lauer
CSE 451: Operating Systems Autumn 2003 Lecture 10 Paging & TLBs
Operating Systems: A Modern Perspective, Chapter 3
CSE 451: Operating Systems Autumn 2003 Lecture 10 Paging & TLBs
CS533 Concepts of Operating Systems Class 6
System Calls System calls are the user API to the OS
Memory Protection: Kernel and User Address Spaces
Advanced Operating Systems (CS 202) Operating System Structure
Presentation transcript:

Efficient Software-Based Fault Isolation Robert Wahbe, Steven Lucco Thomas E. Anderson, Susan L. Graham J. Garrett Morris, presenter

Software Extensibility Operating Systems Kernel modules Device drivers Unix vNodes Application Software PostreSQL OLE Quark Xpress, Office But: Flaws in extension modules could cause flaws in the entire system Crashes Data corruption

Hardware Isolation Traps, address space switches, TLB flushes… Performance doesn’t necessarily improve with integer performance is slow

Software Isolation Load each untrusted module into its own fault domain Provide write protection so that untrusted code can’t corrupt data Limit execution so that untrusted code can’t hijack operating system resources or crash containing program

Implementation Fault domains are segments Untrusted code gets code and data segments Write protection – Segment matching – Address sandboxing Segment ID Target Address = Upper Address Bits Graphic stolen from Tony Bock

Segment Matching dedicated-reg <= target-address scratch-reg > shift-reg) compare scratch-reg segment-reg trap if not equal store using dedicated-reg store using target-address Becomes:

Address Sandboxing dedicated-reg <= target-address & mask-reg dedicated-reg <= dedicated-reg | segment-reg store using dedicated-reg store using target-address Becomes:

Process Resources Need to protect file handles, other process resources. – Make operating system aware of fault domains – Require fault domains to access process resources through RPC

Implementation Segment Matching Four dedicated registers Five extra instructions Trap indicates exact instruction that caused failure Address Sandboxing Five dedicated registers Two extra instructions No indication of failure Optimization Compiler customization or object patching

Data Sharing All data is readable from fault domains Pages mapped into multiple fault domains allow cross-fault-domain communication

Cross-Domain RPC Generate stubs for interfaces in trusted code. Stubs responsible for: – Copying arguments – Preserving machine state – Trapping failures and time-outs But no traps or address space switching

Performance Encapsulation overhead Cross-fault-domain RPC cost Effect on user programs

Performance Sequoia 2000 Query Untrusted Function Manager Overhead Software- Enforced Fault Isolation Overhead Number of Cross-Domain Calls DEC-MIPS-PIPE overhead (Predicted) Query 61.4%1.7% % Query 75.0%1.8% % Query 89.0%2.7% % Query 109.6%5.7% %

Finis

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.