Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient Software-Based Fault Isolation Robert Wahbe, Steven Lucco Thomas E. Anderson, Susan L. Graham J. Garrett Morris, presenter.

Published byBriana Goodman Modified over 9 years ago

Similar presentations

Presentation on theme: "Efficient Software-Based Fault Isolation Robert Wahbe, Steven Lucco Thomas E. Anderson, Susan L. Graham J. Garrett Morris, presenter."— Presentation transcript:

1 Efficient Software-Based Fault Isolation Robert Wahbe, Steven Lucco Thomas E. Anderson, Susan L. Graham J. Garrett Morris, presenter

2 Software Extensibility Operating Systems Kernel modules Device drivers Unix vNodes Application Software PostreSQL OLE Quark Xpress, Office But: Flaws in extension modules could cause flaws in the entire system Crashes Data corruption

3 Hardware Isolation Traps, address space switches, TLB flushes… Performance doesn’t necessarily improve with integer performance is slow

4 Software Isolation Load each untrusted module into its own fault domain Provide write protection so that untrusted code can’t corrupt data Limit execution so that untrusted code can’t hijack operating system resources or crash containing program

5 Implementation Fault domains are segments Untrusted code gets code and data segments Write protection – Segment matching – Address sandboxing Segment ID Target Address = Upper Address Bits Graphic stolen from Tony Bock

6 Segment Matching dedicated-reg <= target-address scratch-reg > shift-reg) compare scratch-reg segment-reg trap if not equal store using dedicated-reg store using target-address Becomes:

7 Address Sandboxing dedicated-reg <= target-address & mask-reg dedicated-reg <= dedicated-reg | segment-reg store using dedicated-reg store using target-address Becomes:

8 Process Resources Need to protect file handles, other process resources. – Make operating system aware of fault domains – Require fault domains to access process resources through RPC

9 Implementation Segment Matching Four dedicated registers Five extra instructions Trap indicates exact instruction that caused failure Address Sandboxing Five dedicated registers Two extra instructions No indication of failure Optimization Compiler customization or object patching

10 Data Sharing All data is readable from fault domains Pages mapped into multiple fault domains allow cross-fault-domain communication

11 Cross-Domain RPC Generate stubs for interfaces in trusted code. Stubs responsible for: – Copying arguments – Preserving machine state – Trapping failures and time-outs But no traps or address space switching

12 Performance Encapsulation overhead Cross-fault-domain RPC cost Effect on user programs

13 Performance Sequoia 2000 Query Untrusted Function Manager Overhead Software- Enforced Fault Isolation Overhead Number of Cross-Domain Calls DEC-MIPS-PIPE overhead (Predicted) Query 61.4%1.7%6098918.6% Query 75.0%1.8%12198638.6% Query 89.0%2.7%12197831.2% Query 109.6%5.7%142702431.9%

14 Finis

Download ppt "Efficient Software-Based Fault Isolation Robert Wahbe, Steven Lucco Thomas E. Anderson, Susan L. Graham J. Garrett Morris, presenter."

Similar presentations

Memory Protection: Kernel and User Address Spaces  Background  Address binding  How memory protection is achieved.

Memory Protection: Kernel and User Address Spaces  Background  Address binding  How memory protection is achieved.
Remote Procedure Call Design issues Implementation RPC programming

Remote Procedure Call Design issues Implementation RPC programming
Lightweight Remote Procedure Call BRIAN N. BERSHAD THOMAS E. ANDERSON EDWARD D. LAZOWSKA HENRY M. LEVY Presented by Wen Sun.

Lightweight Remote Procedure Call BRIAN N. BERSHAD THOMAS E. ANDERSON EDWARD D. LAZOWSKA HENRY M. LEVY Presented by Wen Sun.
Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.

Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.
“Efficient Software-Based Fault Isolation” (1993) by: Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham PRESENTED BY DAVID KENNEDY.

“Efficient Software-Based Fault Isolation” (1993) by: Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham PRESENTED BY DAVID KENNEDY.
Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,

Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,
CS533 Concepts of Operating Systems Class 12 Extensibility via Software Based Protection.

CS533 Concepts of Operating Systems Class 12 Extensibility via Software Based Protection.
CS533 Concepts of Operating Systems Class 13 Micro-kernels (cont.) Extensibility via Software Based Protection.

CS533 Concepts of Operating Systems Class 13 Micro-kernels (cont.) Extensibility via Software Based Protection.
CS 333 Introduction to Operating Systems Class 12 - Virtual Memory (2) Jonathan Walpole Computer Science Portland State University.

CS 333 Introduction to Operating Systems Class 12 - Virtual Memory (2) Jonathan Walpole Computer Science Portland State University.
OmniVM Efficient and Language- Independent Mobile Programs Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco and Robert Wahbe from Carnegie Mellon University.

OmniVM Efficient and Language- Independent Mobile Programs Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco and Robert Wahbe from Carnegie Mellon University.
G22.3250-001 Robert Grimm New York University Disco.

G Robert Grimm New York University Disco.
Copyright © 2005 EEM202A/CSM213A - Fall 2005 Ram Kumar & Roy Shea UCLA - NESL Lecture #12: Reliable Embedded.

Copyright © 2005 EEM202A/CSM213A - Fall 2005 Ram Kumar & Roy Shea UCLA - NESL Lecture #12: Reliable Embedded.
Introduction to Kernel

Introduction to Kernel
Advanced OS Chapter 3p2 Sections 3.4 / 3.5. Interrupts These enable software to respond to signals from hardware. The set of instructions to be executed.

Advanced OS Chapter 3p2 Sections 3.4 / 3.5. Interrupts These enable software to respond to signals from hardware. The set of instructions to be executed.
Memory Management April 28, 2000 Instructor: Gary Kimura.

Memory Management April 28, 2000 Instructor: Gary Kimura.
CS533 Concepts of Operating Systems Class 6 Micro-kernels Extensibility via Hardware or Software Based Protection.

CS533 Concepts of Operating Systems Class 6 Micro-kernels Extensibility via Hardware or Software Based Protection.
OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.

OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.

Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.
Efficient Software-Based Fault Isolation—sandboxing Presented by Carl Yao.

Efficient Software-Based Fault Isolation—sandboxing Presented by Carl Yao.

Similar presentations

Ads by Google