Mondrian memory protection

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Mondrian memory protection

Full text

Pdf (1.53 MB)

Source

Architectural Support for Programming Languages and Operating Systems archive
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems table of contents

San Jose, California

SESSION: Coordinating memory table of contents

Pages: 304 - 316

Year of Publication: 2002

ISBN:1-58113-574-2

Also published in ...

Authors

Emmett Witchel	MIT Laboratory for Computer Science, Cambridge, MA
Josh Cates	MIT Laboratory for Computer Science, Cambridge, MA
Krste Asanović	MIT Laboratory for Computer Science, Cambridge, MA

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages
SIGOPS: ACM Special Interest Group on Operating Systems
SIGARCH: ACM Special Interest Group on Computer Architecture

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 6, Downloads (12 Months): 90, Citation Count: 46

Additional Information:

abstract references cited by collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/605397.605429 What is a DOI?

ABSTRACT

Mondrian memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier page-based systems, MMP allows arbitrary permissions control at the granularity of individual words. We use a compressed permissions table to reduce space overheads and employ two levels of permissions caching to reduce run-time overheads. The protection tables in our implementation add less than 9% overhead to the memory space used by the application. Accessing the protection tables adds than 8% additional memory references to the accesses made by the application. Although it can be layered on top of demand-paged virtual memory, MMP is also well-suited to embedded systems with a single physical address space. We extend MMP to support segment translation which allows a memory segment to appear at another location in the address space. We use this translation to implement zero-copy networking underneath the standard read system call interface, where packet payload fragments are connected together by the translation system to avoid data copying. This saves 52% of the memory references used by a traditional copying network stack.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Adobe Systems Incorporated. Adobe PDF Plugin, 2002. http://www.adobe.com/.
	2	Apache Software Foundation. mod_perl, 2002. http://perl.apache.org/.
	3	Andrew W. Appel , Kai Li, Virtual memory primitives for user programs, Proceedings of the fourth international conference on Architectural support for programming languages and operating systems, p.96-107, April 08-11, 1991, Santa Clara, California, United States
	4	ARM Ltd. ARM940T Technical Reference Manual (Rev 2), ARM DDI 0144B 2000.
	5	Burroughs Corporation. The Descriptor--a Definition of the B5000 Information Processing System., 1961. http://www.cs.virginia.edu/brochure/images/manuals/b5000/descrip/descrip.html.
	6	Martin Christopher Carlisle, Olden: parallelizing programs with dynamic data structures on distributed-memory machines, Princeton University, Princeton, NJ, 1996
	7	Nicholas P. Carter , Stephen W. Keckler , William J. Dally, Hardware support for fast capability-based addressing, Proceedings of the sixth international conference on Architectural support for programming languages and operating systems, p.319-327, October 05-07, 1994, San Jose, California, United States
	8	Jeffrey Scott Chase, An operating system structure for wide-address architectures, University of Washington, Seattle, WA, 1996
	9	H. K. J. Chu. Zero-copy TCP in Solaris. In USENIX Annual Technical Conference, pages 253-264, 1996.
	10	Jack B. Dennis , Earl C. Van Horn, Programming semantics for multiprogrammed computations, Communications of the ACM, v.9 n.3, p.143-155, March 1966 [doi>10.1145/365230.365252]
	11	Dirk Grunwald , Richard Neves, Whole-program optimization for time and space efficient threads, Proceedings of the seventh international conference on Architectural support for programming languages and operating systems, p.50-59, October 01-04, 1996, Cambridge, Massachusetts, United States
	12	Germont Heiser , Kevin Elphinstone , Jerry Vochteloo , Stephen Russell , Jochen Liedtke, The Mungi single-address-space operating system, Software—Practice & Experience, v.28 n.9, p.901-928, July 25, 1998 [doi>10.1002/(SICI)1097-024X(19980725)28:9<901::AID-SPE181>3.0.CO;2-7]
	13	Merle E. Houdek , Frank G. Soltis , Roy L. Hoffman, IBM System/38 support for capability-based addressing, Proceedings of the 8th annual symposium on Computer Architecture, p.341-348, May 12-14, 1981, Minneapolis, Minnesota, United States
	14	Intel Corporation. Volume 1: Basic architecture, Intel Architecture Software Developer's Manual, Volume 1: Basic Architecture, 1997.
	15	Gerry Kane , Joe Heinrich, MIPS RISC architectures, Prentice-Hall, Inc., Upper Saddle River, NJ, 1992
	16	Eric J. Koldinger , Jeffrey S. Chase , Susan J. Eggers, Architecture support for single address space operating systems, Proceedings of the fifth international conference on Architectural support for programming languages and operating systems, p.175-186, October 12-15, 1992, Boston, Massachusetts, United States
	17	B. Lampson. Protection. In Proc. 5th Princeton Conf. on Information Sciences and Systems, 1971.
	18	Henry M. Levy, Capability-Based Computer Systems, Butterworth-Heinemann, Newton, MA, 1984
	19	Henry Lieberman , Carl Hewitt, A real-time garbage collector based on the lifetimes of objects, Communications of the ACM, v.26 n.6, p.419-429, June 1983 [doi>10.1145/358141.358147]
	20	K. Mackenzie , J. Kubiatowicz , M. Frank , W Lee , V Lee , A. Agarwal , M. Kaashoek, Exploiting Two-Case Delivery for Fast Protected Messaging, Proceedings of the 4th International Symposium on High-Performance Computer Architecture, p.231, January 31-February 04, 1998
	21	George C. Necula, Proof-carrying code, Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.106-119, January 15-17, 1997, Paris, France [doi>10.1145/263699.263712]
	22	NS Notes and Documentation. http://www.isi.edu/vint/nsnam/, 2000.
	23	Vivek S. Pai , Peter Druschel , Willy Zwaenepoel, IO-Lite: a unified I/O buffering and caching system, ACM Transactions on Computer Systems (TOCS), v.18 n.1, p.37-66, Feb. 2000 [doi>10.1145/332799.332895]
	24	Rational Software Corporation. Purify, 2002. http://www.rational.com/media/products/pqc/D610_PurifyPlus_unix.pdf.
	25	M. Rinard and et al. The FLEX compiler infrastructure. 1999-2001. http://www.flex-compiler.lcs.mit.edu.
	26	Jerome H. Saltzer, Protection and the control of information sharing in multics, Communications of the ACM, v.17 n.7, p.388-402, July 1974 [doi>10.1145/361011.361067]
	27	Daniel J. Scales , Kourosh Gharachorloo , Chandramohan A. Thekkath, Shasta: a low overhead, software-only approach for supporting fine-grain shared memory, Proceedings of the seventh international conference on Architectural support for programming languages and operating systems, p.174-185, October 01-04, 1996, Cambridge, Massachusetts, United States
	28	Ioannis Schoinas , Babak Falsafi , Alvin R. Lebeck , Steven K. Reinhardt , James R. Larus , David A. Wood, Fine-grain access control for distributed shared memory, Proceedings of the sixth international conference on Architectural support for programming languages and operating systems, p.297-306, October 05-07, 1994, San Jose, California, United States
	29	Jonathan S. Shapiro , Jonathan M. Smith , David J. Farber, EROS: a fast capability system, Proceedings of the seventeenth ACM symposium on Operating systems principles, p.170-185, December 12-15, 1999, Charleston, South Carolina, United States
	30	T. von Eicken , A. Basu , V. Buch , W. Vogels, U-Net: a user-level network interface for parallel and distributed computing (includes URL), Proceedings of the fifteenth ACM symposium on Operating systems principles, p.40-53, December 03-06, 1995, Copper Mountain, Colorado, United States
	31	Thorsten von Eicken , Chi-Chao Chang , Grzegorz Czajkowski , Chris Hawblitzel , Deyu Hu , Dan Spoonhower, J-Kernel: a capability-based operating system for Java, Secure Internet programming: security issues for mobile and distributed objects, Springer-Verlag, London, 2001
	32	D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, pages 3-17, San Diego, CA, February 2000.
	33	Robert Wahbe, Efficient data breakpoints, Proceedings of the fifth international conference on Architectural support for programming languages and operating systems, p.200-212, October 12-15, 1992, Boston, Massachusetts, United States
	34	Robert Wahbe , Steven Lucco , Thomas E. Anderson , Susan L. Graham, Efficient software-based fault isolation, ACM SIGOPS Operating Systems Review, v.27 n.5, p.203-216, Dec. 1993
	35	C. Yarvin, R. Bukowski, and T. Anderson. Anonymous RPC: Low-latency protection in a 64-bit address space. In USENIX Summer, pages 175-186, 1993.
	36	Craig B. Zilles, Benchmark health considered harmful, ACM SIGARCH Computer Architecture News, v.29 n.3, p.4-5, June 2001 [doi>10.1145/503205.503206]

CITED BY 46

	Michael M. Swift , Brian N. Bershad , Henry M. Levy, Improving the reliability of commodity operating systems, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	Doug Burger , James R. Goodman, Billion-Transistor Architectures: There and Back Again, Computer, v.37 n.3, p.22-28, March 2004
	Yuanyuan Zhou , Pin Zhou , Feng Qin , Wei Liu , Josep Torrellas, Efficient and flexible architectural support for dynamic monitoring, ACM Transactions on Architecture and Code Optimization (TACO), v.2 n.1, p.3-33, March 2005
	Michael M. Swift , Brian N. Bershad , Henry M. Levy, Improving the reliability of commodity operating systems, ACM Transactions on Computer Systems (TOCS), v.23 n.1, p.77-110, February 2005
	G. Edward Suh , Jae W. Lee , David Zhang , Srinivas Devadas, Secure program execution via dynamic information flow tracking, ACM SIGPLAN Notices, v.39 n.11, November 2004
	Bhuvan Middha , Matthew Simpson , Rajeev Barua, MTSS: multi task stack sharing for embedded systems, Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems, September 24-27, 2005, San Francisco, California, USA
	Ajeet Shankar , S. Subramanya Sastry , Rastislav Bodík , James E. Smith, Runtime specialization with optimistic heap analysis, ACM SIGPLAN Notices, v.40 n.10, October 2005
	Emmett Witchel , Junghwan Rhee , Krste Asanović, Mondrix: memory isolation for linux using mondriaan memory protection, ACM SIGOPS Operating Systems Review, v.39 n.5, December 2005
	Matthew Simpson , Bhuvan Middha , Rajeev Barua, Segment protection for embedded systems using run-time checks, Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems, September 24-27, 2005, San Francisco, California, USA
	Joel Coburn , Srivaths Ravi , Anand Raghunathan , Srimat Chakradhar, SECA: security-enhanced communication architecture, Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems, September 24-27, 2005, San Francisco, California, USA
	R. Shetty , M. Kharbutli , Y. Solihin , M. Prvulovic, HeapMon: a helper-thread approach to programmable, automatic, and low-overhead memory bug detection, IBM Journal of Research and Development, v.50 n.2/3, p.261-275, March 2006
	Neil Vachharajani , Matthew J. Bridges , Jonathan Chang , Ram Rangan , Guilherme Ottoni , Jason A. Blome , George A. Reis , Manish Vachharajani , David I. August, RIFLE: An Architectural Framework for User-Centric Information-Flow Security, Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, p.243-254, December 04-08, 2004, Portland, Oregon
	Pin Zhou , Wei Liu , Long Fei , Shan Lu , Feng Qin , Yuanyuan Zhou , Samuel Midkiff , Josep Torrellas, AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-Based Invariants, Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, p.269-280, December 04-08, 2004, Portland, Oregon
	Jedidiah R. Crandall , Frederic T. Chong, Minos: Control Data Attack Prevention Orthogonal to Memory Model, Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, p.221-232, December 04-08, 2004, Portland, Oregon
	Jedidiah R. Crandall , S. Felix Wu , Frederic T. Chong, Minos: Architectural support for protecting control data, ACM Transactions on Architecture and Code Optimization (TACO), v.3 n.4, p.359-389, December 2006
	Mark Aiken , Manuel Fähndrich , Chris Hawblitzel , Galen Hunt , James Larus, Deconstructing process isolation, Proceedings of the 2006 workshop on Memory system performance and correctness, October 22-22, 2006, San Jose, California
	Yuji Chiba, Heap protection for Java virtual machines, Proceedings of the 4th international symposium on Principles and practice of programming in Java, August 30-September 01, 2006, Mannheim, Germany
	Shashidhar Mysore , Banit Agrawal , Navin Srivastava , Sheng-Chih Lin , Kaustav Banerjee , Tim Sherwood, Introspective 3D chips, ACM SIGOPS Operating Systems Review, v.40 n.5, December 2006
	Greg Wright , Matthew L. Seidl , Mario Wolczko, An object-aware memory architecture, Science of Computer Programming, v.62 n.2, p.145-163, 1 October 2006
	Mihai Budiu , Úlfar Erlingsson , Martín Abadi, Architectural support for software-based protection, Proceedings of the 1st workshop on Architectural and system support for improving software dependability, p.42-51, October 21-21, 2006, San Jose, California
	Ranjit Jhala , Rupak Majumdar, Bit level types for high level reasoning, Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering, November 05-11, 2006, Portland, Oregon, USA
	Jianli Shen , Guru Venkataramani , Milos Prvulovic, Tradeoffs in fine-grained heap memory protection, Proceedings of the 1st workshop on Architectural and system support for improving software dependability, p.52-57, October 21-21, 2006, San Jose, California
	Surupa Biswas , Thomas Carley , Matthew Simpson , Bhuvan Middha , Rajeev Barua, Memory overflow protection for embedded systems using run-time checks, reuse, and compression, ACM Transactions on Embedded Computing Systems (TECS), v.5 n.4, p.719-752, November 2006
	Pin Zhou , Feng Qin , Wei Liu , Yuanyuan Zhou , Josep Torrellas, iWatcher: Efficient Architectural Support for Software Debugging, ACM SIGARCH Computer Architecture News, v.32 n.2, p.224, March 2004
	Francis M. David , Jeffrey C. Carlyle , Ellick M. Chan , Philip A. Reames , Roy H. Campbell, Improving dependability by revisiting operating system design, Proceedings of the 3rd conference on Third Workshop on Hot Topics in System Dependability, p.1-1, June 26, 2007, Edinburgh, UK
	Kevin M. Greenan , Ethan L. Miller, PRIMS: making NVRAM suitable for extremely reliable storage, Proceedings of the 3rd conference on Third Workshop on Hot Topics in System Dependability, p.10-10, June 26, 2007, Edinburgh, UK
	Radim Ballner , Pavel Tvrdik, MOOSS2: a CPU with support for HLL memory structures, Proceedings of the third conference on IASTED International Conference: Advances in Computer Science and Technology, p.7-16, April 02-04, 2007, Phuket, Thailand
	Kun Zhang , Tao Zhang , Santosh Pande, Memory Protection through Dynamic Access Control, Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, p.123-134, December 09-13, 2006
	Craig Zilles, Accordion arrays, Proceedings of the 6th international symposium on Memory management, October 21-22, 2007, Montreal, Quebec, Canada
	Grzegorz Miloś , Derek G. Murray, Boxing clever with IOMMUs, Proceedings of the 1st ACM workshop on Virtual machine security, October 27-27, 2008, Alexandria, Virginia, USA
	Bhuvan Middha , Matthew Simpson , Rajeev Barua, MTSS: Multitask stack sharing for embedded systems, ACM Transactions on Embedded Computing Systems (TECS), v.7 n.4, p.1-37, July 2008
	Olga Gelbart , Eugen Leontie , Bhagirath Narahari , Rahul Simha, A compiler-hardware approach to software protection for embedded systems, Computers and Electrical Engineering, v.35 n.2, p.315-328, March, 2009
	Lionel Litty , H. Andrés Lagar-Cavilla , David Lie, Hypervisor support for identifying covertly executing binaries, Proceedings of the 17th conference on Security symposium, p.243-258, July 28-August 01, 2008, San Jose, CA
	Ted Huffmire , Brett Brotherton , Nick Callegari , Jonathan Valamehr , Jeff White , Ryan Kastner , Tim Sherwood, Designing secure systems on reconfigurable hardware, ACM Transactions on Design Automation of Electronic Systems (TODAES), v.13 n.3, p.1-24, July 2008
	Yuji Chiba, Java heap protection for debugging native methods, Science of Computer Programming, v.70 n.2-3, p.149-167, February, 2008
	Úlfar Erlingsson , Martín Abadi , Michael Vrable , Mihai Budiu , George C. Necula, XFI: software guards for system address spaces, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
	Ram Kumar , Akhilesh Singhania , Andrew Castner , Eddie Kohler , Mani Srivastava, A system for coarse grained memory protection in tiny embedded processors, Proceedings of the 44th annual conference on Design automation, June 04-08, 2007, San Diego, California
	Susmit Biswas , Gang Wang , Tzvetan S. Metodi , Ryan Kastner , Frederic T. Chong, Combining static and dynamic defect-tolerance techniques for nanoscale memory systems, Proceedings of the 2007 IEEE/ACM international conference on Computer-aided design, November 05-08, 2007, San Jose, California
	Ashutosh Gupta , Thomas A. Henzinger , Rupak Majumdar , Andrey Rybalchenko , Ru-Gang Xu, Proving non-termination, ACM SIGPLAN Notices, v.43 n.1, January 2008
	Joe Devietti , Colin Blundell , Milo M. K. Martin , Steve Zdancewic, Hardbound: architectural support for spatial safety of the C programming language, ACM SIGARCH Computer Architecture News, v.36 n.1, March 2008
	Lee Baugh , Naveen Neelakantam , Craig Zilles, Using Hardware Memory Protection to Build a High-Performance, Strongly-Atomic Hybrid Transactional Memory, ACM SIGARCH Computer Architecture News, v.36 n.3, p.115-126, June 2008
	Joe Gebis , David Patterson, Embracing and Extending 20th-Century Instruction Set Architectures, Computer, v.40 n.4, p.68-75, April 2007
	Luke Yen , Stark C. Draper , Mark D. Hill, Notary: Hardware techniques to enhance signatures, Proceedings of the 2008 41st IEEE/ACM International Symposium on Microarchitecture, p.234-245, November 08-12, 2008
	Mohit Tiwari , Banit Agrawal , Shashidhar Mysore , Jonathan Valamehr , Timothy Sherwood, A small cache of large ranges: Hardware methods for efficiently searching, storing, and updating big dataflow tags, Proceedings of the 2008 41st IEEE/ACM International Symposium on Microarchitecture, p.94-105, November 08-12, 2008
	Sriram Rajamani , G. Ramalingam , Venkatesh Prasad Ranganath , Kapil Vaswani, ISOLATOR: dynamically ensuring isolation in comcurrent programs, ACM SIGPLAN Notices, v.44 n.3, March 2009
	Guru Venkataramani , Ioannis Doudalis , Yan Solihin , Milos Prvulovic, MemTracker: An accelerator for memory debugging and monitoring, ACM Transactions on Architecture and Code Optimization (TACO), v.6 n.2, p.1-33, June 2009

Collaborative Colleagues:

Emmett Witchel: colleagues

Josh Cates: colleagues

Krste Asanović: colleagues

This Article has also been published in:

Adobe Acrobat

QuickTime

Windows Media Player

Real Player