Intra-Address-Space Protection

Intra-Address Space Protection Using Segmentation Hardware

Faculty: Tzi-cker Chiueh

Group Members:

Two major software applications trends call for operating systems support for establishing protection boundaries among modules that execute in the same address space. First, the notion of dynamic extensibility has prevailed in almost every major software systems area, ranging from extensible database systems to which third-party data blades can be added to perform type-specific data processing, extensible operating systems that support application-specific resource management policies, to programmable active network devices that allow protocol computation tailored to individual applications. A key feature of extensible systems is its support of live addition and removal of software modules into a running address space. Therefore, an effective and efficient mechanism to protect the running core system from dynamically inserted modules is crucial to the long-term viability of extensible systems. Second, component-based software development (CBSD) is emerging as the dominant development methodology because it significantly improves software productivity by encouraging modularity and re-usability. As complicated components manufactured by multiple vendors are used to construct complete software applications, a reasonable degree of protection among components is essential to alleviate the most challenging problem of CBSD: interference among separately developed components and the resulting system instability.

Although a number of approaches have been proposed to provide intra-address space protection, such as software fault isolation, extensions written in type-safe language or interpreter language and proof-carrying code, there is no clear winner that addresses all the following issues: flexibility in specifying extensions, run-time performance overhead, and practical usability. One commonality among all the above approaches is the use of software-only techniques to create protection domains within an address space, based on the assumption that hardware-based protection mechanisms are only applicable to inter-address space protection. In contrast, this work proposed an intra-address space protection mechanism using the segmentation check hardware in the Intel x86 architecture that is efficient in terms of its run-time overhead, allows maximum flexibility in programming extensions, and does not add any extra complexity to the deployment of extensions. Although the proposed mechanism is geared towards a particular processor architecture, the fact that the architecture in question dominates more than 90% of the world's desktop market computer market ensures that it have wide applicability and thus large impact.

Current Work:




This project is sponsored by a Student Research grant from USENIX.