Deconstructing process isolation
Mark Aiken,Manuel Fähndrich,Chris Hawblitzel,Galen C. Hunt,James R. Larus +4 more
- 22 Oct 2006
- pp 1-10
TL;DR: To compare the performance of Singularity's SIPs against traditional isolation techniques, an optional hardware isolation mechanism was implemented and found that hardware-based isolation incurs non-trivial performance costs and complicates system implementation.
read more
Abstract: Most operating systems enforce process isolation through hardware protection mechanisms such as memory segmentation, page mapping, and differentiated user and kernel instructions Singularity is a new operating system that uses software mechanisms to enforce process isolation A software isolated process (SIP) is a process whose boundaries are established by language safety rules and enforced by static type checking SIPs provide a low cost isolation mechanism that provides failure isolation and fast inter-process communicationTo compare the performance of Singularity's SIPs against traditional isolation techniques, we implemented an optional hardware isolation mechanism Protection domains are hardware-enforced address spaces, which can contain one or more SIPs Domains can either run at the kernel's privilege level or be fully isolated from the kernel and run at the normal application privilege level With protection domains, we can construct Singularity configurations that are similar to micro-kernel and monolithic kernel systems We found that hardware-based isolation incurs non-trivial performance costs (up to 25--33%) and complicates system implementation Software isolation has less than 5% overhead on these benchmarksThe lower run-time cost of SIPs makes their use feasible at a finer granularity than conventional processes However, hardware isolation remains valuable as a defense-in-depth against potential failures in software isolation mechanisms Singularity's ability to employ hardware isolation selectively enables careful balancing of the costs and benefits of each isolation technique
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation
Nathan Dautenhahn,Theodoros Kasampalis,Will Dietz,John Criswell,Vikram Adve +4 more
- 14 Mar 2015
TL;DR: This work incorporated the nested kernel architecture into FreeBSD on x86-64 hardware while allowing the entire operating system to operate at the highest hardware privilege level by write-protecting MMU translations and de-privileging the untrusted part of the kernel.
Building safe PaaS clouds: A survey on security in multitenant software platforms
TL;DR: This paper surveys the risks brought by multitenancy in software platforms, along with the most prominent solutions proposed to address them, and describes the security mechanisms they provide, study their limitations as multitenant platforms and analyze the research works that try to solve those limitations.
115
Demystifying magic: high-level low-level programming
Daniel Frampton,Stephen M. Blackburn,Perry Cheng,Robin Garner,David Grove,J. Eliot B. Moss,Sergey I. Salishev +6 more
- 11 Mar 2009
TL;DR: This paper identifies a framework for extending high-level languages for low-level programming and shows that they provide the power necessary to implement substantial artifacts such as a high-performance virtual machine, while preserving the software engineering benefits of the host language.
Patent
Master and subordinate operating system kernels for heterogeneous multiprocessor systems
Orion Hodson,Haryadi S. Gunawi,Galen C. Hunt +2 more
- 29 Mar 2008
TL;DR: In this paper, application binary interface (ABI) shim is loaded with application binary images to direct kernel ABI calls to a local subordinate kernel or to the main OS kernel depending on which kernel is controlling requested resources.
60
Retaining sandbox containment despite bugs in privileged memory-safe code
Justin Cappos,Armon Dadgar,Jeff Rasley,Justin Samuel,Ivan Beschastnikh,Cosmin Barsan,Arvind Krishnamurthy,Thomas Anderson +7 more
- 04 Oct 2010
TL;DR: This work constructs a Python-based sandbox that has a small, security-isolated kernel and migrates privileged functionality into memory-safe code on top of the sandbox kernel while retaining isolation, preventing attackers from leveraging bugs in these routines to evade sandbox containment.
References
Efficient software-based fault isolation
Robert Wahbe,Steven Lucco,Thomas Anderson,Susan L. Graham +3 more
- 01 Dec 1993
TL;DR: It is demonstrated that for frequently communicating modules, implementing fault isolation in software rather than hardware can substantially improve end-to-end application performance.
Exokernel: an operating system architecture for application-level resource management
Dawson Engler,M. F. Kaashoek,James O'Toole +2 more
- 03 Dec 1995
TL;DR: The prototype exokernel system implemented here is at least five times faster on operations such as exception dispatching and interprocess communication, and allows applications to control machine resources in ways not possible in traditional operating systems.
Extensibility safety and performance in the SPIN operating system
Brian N. Bershad,Stefan Savage,Przemysław Pardyak,Emin Gün Sirer,Marc E. Fiuczynski,David Becker,Craig Chambers,Susan J. Eggers +7 more
- 03 Dec 1995
TL;DR: This paper describes the motivation, architecture and performance of SPIN, an extensible operating system that provides an extension infrastructure together with a core set of extensible services that allow applications to safely change the operating system's interface and implementation.
Mondrian memory protection
Emmett Witchel,Josh Cates,Krste Asanovic +2 more
- 01 Oct 2002
TL;DR: This work extends MMP to support segment translation which allows a memory segment to appear at another location in the address space, and uses this translation to implement zero-copy networking underneath the standard read system call interface.
A structural view of the Cedar programming environment
TL;DR: The extent to which the Cedar language, with run-time support, has influenced the organization, flexibility, usefulness, and stability of the Cedar environment is emphasized.
274
Related Papers (5)
Robert Wahbe,Steven Lucco,Thomas Anderson,Susan L. Graham +3 more
- 01 Dec 1993
Henry M. Levy
- 01 Jan 1984