Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Defense Mechanisms: PaX and the future past continuous.

Published byChristian King Modified over 8 years ago

Similar presentations

Presentation on theme: "Software Defense Mechanisms: PaX and the future past continuous."— Presentation transcript:

1 Software Defense Mechanisms: PaX and the future past continuous

2 Who am I? NOT Brad Spengler – I have decent ears NOT Brad Spengler – I have decent ears Tiago Assumpção Tiago Assumpção NOT an academic NOT an academic An undisciplined curious person with lots of energy to be spent on whatever is valued by his self An undisciplined curious person with lots of energy to be spent on whatever is valued by his self

3 Who am I? (cont.) NOT a PaX developer… however… NOT a PaX developer… however… Have had delightful discussions with PaX Team about whatever blows your hair back Have had delightful discussions with PaX Team about whatever blows your hair back Have been improving the project [2] Have been improving the project [2] Have been questioning the project [3] Have been questioning the project [3]

4 In praise of hacking “The speculations of Thales, Anaximander, and Anaximenes are to be regarded as scientific hypotheses (...) The questions they asked were good questions, and their vigour inspired subsequent investigators.” “The speculations of Thales, Anaximander, and Anaximenes are to be regarded as scientific hypotheses (...) The questions they asked were good questions, and their vigour inspired subsequent investigators.” RUSSELL, Bertrand; History of Western Philosophy - 1946. p. 37

5 What is PaX? Quite simply: the greatest advance in system security in over a decade that you’ve never heard of Quite simply: the greatest advance in system security in over a decade that you’ve never heard of Less simply: It provides non-executable memory pages and full address space layout randomization (ASLR) for a wide variety of architectures. Less simply: It provides non-executable memory pages and full address space layout randomization (ASLR) for a wide variety of architectures. – Brad “grears” Spengler

6 What is PaX? Linux kernel patch Linux kernel patch Free-software & open-source is good for the general researcher Free-software & open-source is good for the general researcher Universal solutions: concepts easily extentend to any modern platform Universal solutions: concepts easily extentend to any modern platform

7 Why is PaX? Given a vector: Given a vector: Payload (code/data) injection Payload (code/data) injection Context (memory/registers/etc.) manipulation Context (memory/registers/etc.) manipulation Intentional Control Flow modification Intentional Control Flow modification

8 Outline PaX PaX SEGMEXEC SEGMEXEC PAGEEXEC PAGEEXEC KERNEXEC KERNEXEC ASLR ASLR RANDMMAP RANDMMAP RANDKSTACK RANDKSTACK PIE PIE UDEREF UDEREF

9 Outline (cont.) PaX’ Facts PaX’ Facts Past Continuous Past Continuous Control Flow Verification Control Flow Verification KERNSEAL KERNSEAL

10 PaX - SEGMEXEC SEGMEXEC is PaX’s implementation of per- page non-executable user pages using the segmentation logic of IA-32 (Intel x86 architecture) and virtual memory area mirroring (developed by PaX). SEGMEXEC is PaX’s implementation of per- page non-executable user pages using the segmentation logic of IA-32 (Intel x86 architecture) and virtual memory area mirroring (developed by PaX).

11 PaX – SEGMEXEC (cont.) The segmentation logic is fairly straightforward: The segmentation logic is fairly straightforward: Data Segment (DS) Data Segment (DS) Code Segment (CS) Code Segment (CS) There exist these two segments for user pages as well as kernel pages. There exist these two segments for user pages as well as kernel pages. PaX splits the address space down the middle: the bottom half for data, the top for code. PaX splits the address space down the middle: the bottom half for data, the top for code. Segmentation is a “window” into the address space Segmentation is a “window” into the address space No performance hit No performance hit

12 PaX – SEGMEXEC (cont.) User Code & Data Segments 3GB Without SEGMEXEC User Code Segment 1.5GB User Data Segment 1.5GB With SEGMEXEC

13 PaX – SEGMEXEC (cont.) PaX’s VMA mirroring involves duplicating every executable page in the lower half of the address space into the upper half. PaX’s VMA mirroring involves duplicating every executable page in the lower half of the address space into the upper half. Instruction fetch attempts at addresses located in the data segment that don’t have any code located at its mirrored address will cause a page fault. PaX handles this page fault and kills the task. Instruction fetch attempts at addresses located in the data segment that don’t have any code located at its mirrored address will cause a page fault. PaX handles this page fault and kills the task.

14 PaX – SEGMEXEC (cont.) 08048000-0804c000 r-xp /home/bradly/cat 0804c000-0804d000 rw-p /home/bradly/cat 0804d000-08079000 rw-p 20000000-20014000 r-xp /lib/ld-2.3.2.so 20014000-20015000 rw-p /lib/ld-2.3.2.so 20015000-20016000 rw-p 2001e000-20145000 r-xp /lib/libc-2.3.2.so 20145000-2014a000 rw-p /lib/libc-2.3.2.so 2014a000-2014c000 rw-p 2014c000-202d1000 r--p /usr/lib/locale/locale-archive 5ffff000-60000000 rw-p 68048000-6804c000 r-xp /home/bradly/cat 80000000-80014000 r-xp /lib/ld-2.3.2.so 8001e000-80145000 r-xp /lib/libc-2.3.2.so 08048000-0804c000 r-xp /home/bradly/cat 0804c000-0804d000 rw-p /home/bradly/cat 0804d000-08073000 rw-p 40000000-40014000 r-xp /lib/ld-2.3.2.so 40014000-40015000 rw-p /lib/ld-2.3.2.so 40015000-40016000 rw-p 4001e000-40145000 r-xp /lib/libc-2.3.2.so 40145000-4014a000 rw-p /lib/libc-2.3.2.so 4014a000-4014c000 rw-p 4014c000-402d1000 r--p /usr/lib/locale/locale-archive bfffe000-c0000000 rw-p Without SEGMEXEC With SEGMEXEC

15 PaX – SEGMEXEC (cont.) Instruction fetch attempt at 0x08049000 Segmentation logic translates 0x08049000 into 0x68049000 Does 0x68049000 belong to any mapping? Success Violation, process is terminated YES NO

16 PaX - PAGEEXEC PAGEEXEC was PaX’s first implementation of non-executable pages. PAGEEXEC was PaX’s first implementation of non-executable pages. Because of SEGMEXEC, it’s not used anymore on x86 (so I won’t discuss the implementation). Because of SEGMEXEC, it’s not used anymore on x86 (so I won’t discuss the implementation). Platforms which support the executable bit in hardware are implemented under PAGEEXEC (currently alpha, ppc, parisc, sparc, sparc64, amd64, and ia64) Platforms which support the executable bit in hardware are implemented under PAGEEXEC (currently alpha, ppc, parisc, sparc, sparc64, amd64, and ia64)

17 PaX - KERNEXEC KERNEXEC is PaX’s implementation of proper page protection in the kernel KERNEXEC is PaX’s implementation of proper page protection in the kernel ‘const’ finally means read only in the kernel ‘const’ finally means read only in the kernel Read-only system call table Read-only system call table Read-only interrupt descriptor table (IDT) Read-only interrupt descriptor table (IDT) Read-only global descriptor table (GDT) Read-only global descriptor table (GDT) Data is non-executable Data is non-executable Uses the same concept of segmentation as SEGMEXEC Uses the same concept of segmentation as SEGMEXEC Cannot co-exist with module support (currently) Cannot co-exist with module support (currently)

18 PaX - ASLR Full ASLR randomizes the locations of the following memory objects: Full ASLR randomizes the locations of the following memory objects: Executable image Executable image Brk-managed heap Brk-managed heap Library images Library images Mmap-managed heap Mmap-managed heap User space stack User space stack Kernel space stack Kernel space stack

19 PaX – ASLR (cont.) Notes on amount of randomization: Notes on amount of randomization: The following values are for 32bit architectures. They are larger on 64bit architectures, though not twice as large (since they generally don’t use 64 bits for the address space). The following values are for 32bit architectures. They are larger on 64bit architectures, though not twice as large (since they generally don’t use 64 bits for the address space). Stack – 24 bits (28 bits for argument/environment pages) Stack – 24 bits (28 bits for argument/environment pages) Mmap – 16 bits Mmap – 16 bits Executable – 16 bits Executable – 16 bits Heap – 12 bits (or 24 bits if executable is randomized also) Heap – 12 bits (or 24 bits if executable is randomized also)

20 PaX – ASLR (cont.) The randomizations applied to each memory region are independent of each other The randomizations applied to each memory region are independent of each other Because PaX guarantees no arbitrary code execution, exploits will most likely need to access different memory regions. Because PaX guarantees no arbitrary code execution, exploits will most likely need to access different memory regions. So, if the exploit needs access to libraries and the stack, the bits that must be guessed are the sum of the two regions: 40 bits (or 44). The chance of such an attack succeeding while depending on hard coded addresses is effectively zero. So, if the exploit needs access to libraries and the stack, the bits that must be guessed are the sum of the two regions: 40 bits (or 44). The chance of such an attack succeeding while depending on hard coded addresses is effectively zero.

21 PaX – ASLR (cont.) 08048000-0804c000 r-xp /home/bradly/cat 0804c000-0804d000 rw-p /home/bradly/cat 0804d000-08078000 rw-p 4edaa000-4edbe000 r-xp /lib/ld-2.3.2.so 4edbe000-4edbf000 rw-p /lib/ld-2.3.2.so 4edbf000-4edc0000 rw-p 4edc8000-4eeef000 r-xp /lib/libc-2.3.2.so 4eeef000-4eef4000 rw-p /lib/libc-2.3.2.so 4eef4000-4eef6000 rw-p 4eef6000-4f07b000 r--p /usr/lib/locale/locale-archive bf3dc000-bf3dd000 rw-p 08048000-0804c000 r-xp /home/bradly/cat 0804c000-0804d000 rw-p /home/bradly/cat 0804d000-08070000 rw-p 43d8c000-43da0000 r-xp /lib/ld-2.3.2.so 43da0000-43da1000 rw-p /lib/ld-2.3.2.so 43da1000-43da2000 rw-p 43daa000-43ed1000 r-xp /lib/libc-2.3.2.so 43ed1000-43ed6000 rw-p /lib/libc-2.3.2.so 43ed6000-43ed8000 rw-p 43ed8000-4405d000 r--p /usr/lib/locale/locale- archive b54f9000-b54fa000 rw-p Two runs of a binary with stack, mmap, and heap randomization

22 PaX – ASLR (cont.) RANDKSTACK RANDKSTACK Randomizes the kernel’s stack Randomizes the kernel’s stack Randomized on each system call, so info- leaking the randomization is useless Randomized on each system call, so info- leaking the randomization is useless Randomizes 5 bits of the stack. Brute forcing generally shouldn’t be possible, as each attempt will most likely crash the kernel. Randomizes 5 bits of the stack. Brute forcing generally shouldn’t be possible, as each attempt will most likely crash the kernel.

23 PaX – ASLR (cont.) PIE PIE Special type of ELF binary (the same used for shared libraries) Special type of ELF binary (the same used for shared libraries) Position independent code (PIC) Position independent code (PIC) Allows for relocation of the binary at a random location Allows for relocation of the binary at a random location Needed to achieve Full ASLR Needed to achieve Full ASLR Requires a recompile and re-link of applications Requires a recompile and re-link of applications

24 PaX – Dangling Pointers “Dangling pointers and wild pointers in computer programming are pointers that do not point to a valid object of the appropriate type, or to a distinguished null pointer value in languages which support this” “Dangling pointers and wild pointers in computer programming are pointers that do not point to a valid object of the appropriate type, or to a distinguished null pointer value in languages which support this”Wikipedia

25 PaX – Dangling Pointers (cont.) Most i386 OSs don't separate the userland virtual address space from that of the kernel. Most i386 OSs don't separate the userland virtual address space from that of the kernel. Linux 2.6 has per-cpu GDTs; LDTs are untouched Linux 2.6 has per-cpu GDTs; LDTs are untouched BSDs creates flat per-process LDTs BSDs creates flat per-process LDTs Windows creates flat per-process LDTs Windows creates flat per-process LDTs

26 PaX – Dangling Pointers (cont.) Thence, whenever userland can make the kernel (unexpectedly) dereference a pointer within its range of control, it holds ability to controlling the data (and, possibly, code) flow of the kernel by virtue of providing the attack elements in its own address space. Thence, whenever userland can make the kernel (unexpectedly) dereference a pointer within its range of control, it holds ability to controlling the data (and, possibly, code) flow of the kernel by virtue of providing the attack elements in its own address space. Real-life [4] Real-life [4]

27 PaX – UDEREF Kernel & User Segments 4GB Without UDEREF Kernel Segments 1GB User Segments 3GB With UDEREF

28 PaX – UDEREF (cont.) Segment selectors are properly set Segment selectors are properly set Few modifications are done regarding user/kernel, kernel/kernel system calls Few modifications are done regarding user/kernel, kernel/kernel system calls

29 Facts PaX PaX 24/28 bit stack randomization 24/28 bit stack randomization 16 bit mmap randomization 16 bit mmap randomization Completely implemented in the kernel. Can be implemented transparently and retain binary compatibility with all distributions. Completely implemented in the kernel. Can be implemented transparently and retain binary compatibility with all distributions.

30 Facts (cont.) PaX PaX Cuts usable address space in half (though this can be changed if it becomes a problem) Cuts usable address space in half (though this can be changed if it becomes a problem) Support for non-executable and read-only kernel pages on i386 Support for non-executable and read-only kernel pages on i386

31 PaX PaX Per-system call kernel stack randomization Per-system call kernel stack randomization Brk-managed heap randomization Brk-managed heap randomization Ability to enable/disable all features on a per binary basis Ability to enable/disable all features on a per binary basis Annihilates the possibility of exploiting kernel dereferencing pointer vulnerabilities Annihilates the possibility of exploiting kernel dereferencing pointer vulnerabilities Facts (cont.)

32 PaX PaX Supports the same user space features on i386, alpha, ppc, parisc, sparc, sparc64, amd64, and ia64 Supports the same user space features on i386, alpha, ppc, parisc, sparc, sparc64, amd64, and ia64 Supports a per-page implementation of non- executable pages on ppc Supports a per-page implementation of non- executable pages on ppc Facts (cont.)

33 PaX – Past Continuous Control Flow Verification Control Flow Verification Basic blocks Basic blocks A basic block is a sequence of statements that is always entered at the beginning and exited at the end, that is: A basic block is a sequence of statements that is always entered at the beginning and exited at the end, that is: The first statement is a LABEL The first statement is a LABEL The last statement is a JUMP or a CJUMP The last statement is a JUMP or a CJUMP There are no other LABELs, JUMPs, or JUMPs There are no other LABELs, JUMPs, or JUMPs APPEL, Andrew W.; Modern Compiler Implementation in ML- 2004. p. 180

34 PaX – Past Continuous Control Flow Verification Control Flow Verification Control Flow Graph (CFG) Control Flow Graph (CFG) “In computer science, a control flow graph (CFG) is a representation, using graph notation, of all paths that might be traversed through a program during its execution. Each node in the graph represents a basic block, (…)” “In computer science, a control flow graph (CFG) is a representation, using graph notation, of all paths that might be traversed through a program during its execution. Each node in the graph represents a basic block, (…)”Wikipedia

35 PaX – Past Continuous Control Flow Verification Control Flow Verification

36 PaX – Past Continuous Control Flow Verification Control Flow Verification Call graphs Call graphs “A call graph (also known as a call multigraph) is a directed graph that represents calling relationship among subroutines in a computer program” “A call graph (also known as a call multigraph) is a directed graph that represents calling relationship among subroutines in a computer program”Wikipedia

37 PaX – Past Continuous Control Flow Verification Control Flow Verification

38 PaX – Past Continuous Control Flow Verification Control Flow Verification Static analysis Static analysis Build call graph for program P Build call graph for program P Build set S of callers Build set S of callers Build set Q of callees Build set Q of callees Build set R of relationships between S and Q, creating magic value for each Build set R of relationships between S and Q, creating magic value for each

39 PaX – Past Continuous Control Flow Verification Control Flow Verification Code generation Code generation Create proper prologues for every member of S Create proper prologues for every member of S Create proper epilogues for every member of Q Create proper epilogues for every member of Q Magic Values Magic Values Hard to predict by exhaustive search values kept within safe memory regions, they are verified in run-time Hard to predict by exhaustive search values kept within safe memory regions, they are verified in run-time

40 PaX – Past Continuous Control Flow Verification Control Flow Verificationcallee epilogue:mov register,[esp] cmp [register+1],MAGIC jnz.1 retn.1: jmp esp caller: call callee test eax,MAGIC

41 PaX – Past Continuous Control Flow Verification: Nondeterminism Control Flow Verification: Nondeterminism Branch tables: run-time environment Branch tables: run-time environment OO virtual methods and function pointers OO virtual methods and function pointers

42 PaX – Past Continuous Control Flow Verification Control Flow Verification GOT entries GOT entries Made read-only by tweaking the static and the dynamic linker Made read-only by tweaking the static and the dynamic linker.ctors/.dtors.ctors/.dtors Made read-only by modifying the link-editor script Made read-only by modifying the link-editor script

43 PaX – Past Continuous Control Flow Verification Control Flow Verification Are of a dynamic nature Are of a dynamic nature atexit() handlers atexit() handlers malloc() callbacks malloc() callbacks linuxthread callbacks (atfork() handlers) linuxthread callbacks (atfork() handlers)

44 PaX – Past Continuous (cont.) Control Flow Verification: Results Control Flow Verification: Results Breaks my attack [3] – brief explanation? – and anything that rely on the following premisses Breaks my attack [3] – brief explanation? – and anything that rely on the following premisses execute existing code out of original program order execute existing code out of original program order execute existing code in original program order with arbitrary data execute existing code in original program order with arbitrary data

45 PaX – Past Continuous (cont.) Control Flow Verification: Results Control Flow Verification: Results Opens a wide range of possibilities for improving systemic security Opens a wide range of possibilities for improving systemic security Call graph trust relationship ensures that (in most cases) all control flow (including intra-procedural) can’t be broken with a very low performance impact Call graph trust relationship ensures that (in most cases) all control flow (including intra-procedural) can’t be broken with a very low performance impact Call graph trust relationship allows data integrity verification (KERNSEAL) Call graph trust relationship allows data integrity verification (KERNSEAL)

46 PaX – Past Continuous KERNSEAL KERNSEAL Liveness Analysis Liveness Analysis “We say a variable is live if it holds a value that may be needed in the future, so this analysis is called liveness analysis” “We say a variable is live if it holds a value that may be needed in the future, so this analysis is called liveness analysis” APPEL, Andrew W.; Modern Compiler Implementation in ML- 2004. p. 211

47 PaX – Past Continuous KERNSEAL KERNSEAL The set of live variables at line L2 is {b, c}, but the set of live variables at line L1 is only {b} since variable c is updated in line 2. The value of variable a is never used, so the variable is never live. The set of live variables at line L2 is {b, c}, but the set of live variables at line L1 is only {b} since variable c is updated in line 2. The value of variable a is never used, so the variable is never live. L1: b := 3; L2: c := 5; L3: a := b + c; goto L1;

48 PaX – Past Continuous KERNSEAL KERNSEAL Liveness Analysis: Dataflow equations Liveness Analysis: Dataflow equations “Liveness of variables ‘flows’ around the edges of the control-flow graph; determining the live range of each variable is na example of a dataflow problem” “Liveness of variables ‘flows’ around the edges of the control-flow graph; determining the live range of each variable is na example of a dataflow problem” APPEL, Andrew W.; Modern Compiler Implementation in ML- 2004. p. 213

49 PaX – Past Continuous KERNSEAL KERNSEAL Liveness Analysis: Terminology Liveness Analysis: Terminology Out-edges: nodes leading to successor nodes Out-edges: nodes leading to successor nodes In-edges: nodes coming from predecesor nodes In-edges: nodes coming from predecesor nodes pred[n], holding the set of predecessors of node n pred[n], holding the set of predecessors of node n succ[n], holding the set of successors of node n succ[n], holding the set of successors of node n

50 PaX – Past Continuous KERNSEAL KERNSEAL Liveness Analysis: Terminology Liveness Analysis: Terminology Uses: the set of variables in use at a given node Uses: the set of variables in use at a given node Defs: the set of variables assigned at a given node Defs: the set of variables assigned at a given node

51 PaX – Past Continuous KERNSEAL KERNSEAL Liveness Analysis: Terminology Liveness Analysis: Terminology Liveness: “A variable is live on an edge if there is a directed path from tha edge to a use of the variable that does not go through any def. A variable is live-in at a node if it is live on any of the in-edges of that node; it is live-out at a node if it is live on any of the out-edges of the node.” Liveness: “A variable is live on an edge if there is a directed path from tha edge to a use of the variable that does not go through any def. A variable is live-in at a node if it is live on any of the in-edges of that node; it is live-out at a node if it is live on any of the out-edges of the node.” APPEL, Andrew W.; Modern Compiler Implementation in ML- 2004. p. 213

52 PaX – Past Continuous KERNSEAL KERNSEAL Liveness Analysis: Liveness Analysis: The dataflow equations used for a given basic block s and exiting block f in live variable analysis The dataflow equations used for a given basic block s and exiting block f in live variable analysisWikipedia

53 PaX – Past Continuous KERNSEAL KERNSEAL Liveness Analysis Liveness Analysis Allows access control of specific code procedures – known a priori – towards sensitive data (kernel data) Allows access control of specific code procedures – known a priori – towards sensitive data (kernel data) Process structures Process structures Object Credentials Object Credentials Kernel Function Pointers Kernel Function Pointers And others And others

54 PaX – Past Continuous KERNSEAL KERNSEAL Design Design Unreadable memory pages Read-only memory pages Read-write memory pages

55 PaX – Past Continuous KERNSEAL KERNSEAL Example: protect user credentials info Example: protect user credentials info Perform liveness analysis for deriving specific code blocks that may have legit read/write access to it Perform liveness analysis for deriving specific code blocks that may have legit read/write access to it Set memory properties holding the data structures to read-only Set memory properties holding the data structures to read-only Embed (through instrumentation) write-key procedure to allowing legit code to access the structure Embed (through instrumentation) write-key procedure to allowing legit code to access the structure

56 PaX – Past Continuous KERNSEAL KERNSEAL Results Results Strengthen of Trusted Computing Base (TCB) Strengthen of Trusted Computing Base (TCB) Defense in Depth: even if compromised, kernel operations towards sensitive memory areas are restricted by nature Defense in Depth: even if compromised, kernel operations towards sensitive memory areas are restricted by nature Provides strong trust-relationship infrastructure to creating several other protection mechanisms in different layers of the kernel as well as of the user space Provides strong trust-relationship infrastructure to creating several other protection mechanisms in different layers of the kernel as well as of the user space

57 Questions? Thanks!!! contact me at tiago@assumpcao.org tiago@assumpcao.org

58 References [1] http://pax.grsecurity.net [1] http://pax.grsecurity.nethttp://pax.grsecurity.net [2] http://www.phrack.org/issues.html?issue=63&id=4 [2] http://www.phrack.org/issues.html?issue=63&id=4http://www.phrack.org/issues.html?issue=63&id=4 [3] http://assumpcao.org/content/publications/Breaking_PaX_ASLR.ppt [3] http://assumpcao.org/content/publications/Breaking_PaX_ASLR.ppthttp://assumpcao.org/content/publications/Breaking_PaX_ASLR.ppt [4] http://lists.immunitysec.com/pipermail/dailydave/2007- March/004133.html [4] http://lists.immunitysec.com/pipermail/dailydave/2007- March/004133.htmlhttp://lists.immunitysec.com/pipermail/dailydave/2007- March/004133.htmlhttp://lists.immunitysec.com/pipermail/dailydave/2007- March/004133.html

Download ppt "Software Defense Mechanisms: PaX and the future past continuous."

Similar presentations

Memory Management Unit

Memory Management Unit
1/1/ / faculty of Electrical Engineering eindhoven university of technology Memory Management and Protection Part 3:Virtual memory, mode switching, 80286.

1/1/ / faculty of Electrical Engineering eindhoven university of technology Memory Management and Protection Part 3:Virtual memory, mode switching,
Part IV: Memory Management

Part IV: Memory Management
Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Paging Hardware With TLB

Paging Hardware With TLB
Memory Management Questions answered in this lecture: How do processes share memory? What is static relocation? What is dynamic relocation? What is segmentation?

Memory Management Questions answered in this lecture: How do processes share memory? What is static relocation? What is dynamic relocation? What is segmentation?
OS Memory Addressing.

OS Memory Addressing.
CPSC 325 - Compiler Tutorial 8 Code Generator (unoptimized)

CPSC Compiler Tutorial 8 Code Generator (unoptimized)
CS 153 Design of Operating Systems Spring 2015 Lecture 19: Page Replacement and Memory War.

CS 153 Design of Operating Systems Spring 2015 Lecture 19: Page Replacement and Memory War.
UQC152H3 Advanced OS Memory Management under Linux.

UQC152H3 Advanced OS Memory Management under Linux.
Memory Management (II)

Memory Management (II)
CE6105 Linux 作業系統 Linux Operating System 許 富 皓. Chapter 2 Memory Addressing.

CE6105 Linux 作業系統 Linux Operating System 許 富 皓. Chapter 2 Memory Addressing.
Run time vs. Compile time

Run time vs. Compile time
Memory Management (continued) CS-3013 C-term 20081 Memory Management CS-3013 Operating Systems C-term 2008 (Slides include materials from Operating System.

Memory Management (continued) CS-3013 C-term Memory Management CS-3013 Operating Systems C-term 2008 (Slides include materials from Operating System.
Memory Management 1 CS502 Spring 2006 Memory Management CS-502 Spring 2006.

Memory Management 1 CS502 Spring 2006 Memory Management CS-502 Spring 2006.
CS-3013 & CS-502, Summer 2006 Memory Management1 CS-3013 & CS-502 Summer 2006.

CS-3013 & CS-502, Summer 2006 Memory Management1 CS-3013 & CS-502 Summer 2006.
CS2422 Assembly Language & System Programming September 22, 2005.

CS2422 Assembly Language & System Programming September 22, 2005.
Protected Mode. Protected Mode (1 of 2) 4 GB addressable RAM –(00000000 to FFFFFFFFh) Each program assigned a memory partition which is protected from.

Protected Mode. Protected Mode (1 of 2) 4 GB addressable RAM –( to FFFFFFFFh) Each program assigned a memory partition which is protected from.
Network File System (NFS) in AIX System COSC513 Operation Systems Instructor: Prof. Anvari Yuan Ma SID: 105820.

Network File System (NFS) in AIX System COSC513 Operation Systems Instructor: Prof. Anvari Yuan Ma SID:

Similar presentations

Ads by Google