Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS533 Concepts of Operating Systems Jonathan Walpole.

Published byShannon Lane Modified over 8 years ago

Similar presentations

Presentation on theme: "CS533 Concepts of Operating Systems Jonathan Walpole."— Presentation transcript:

1 CS533 Concepts of Operating Systems Jonathan Walpole

2 Efficient Software-Based Fault Isolation

3 The Cost of Protection-Domains Micro-kernel performance -L4-Linux is not as fast as monolithic Linux -but is it acceptable given the benefits? What were the benefits? -Did we get fine-grain protection domains? -L4 had the Linux server in a single domain -What performance would L4 achieve with fine-grain protection?

4 Alternate Approaches Protection using address space boundaries is inherently expensive -even with hardware support - execution within a domain is fast, but across domain boundaries is slow Language-level protection might help -binary rewriting (this paper) -type-safe languages (SPIN)

5 Software Fault Isolation Basic idea: create multiple protection domains within a single address space -catch attempts to access memory outside a domain -but don’t do this using hardware faults -instead, insert code that checks accesses - we could do this dynamically or statically - how can we communicate across domain boundaries?

6 Enforcing Protection Domains Protection domains are aligned and sized as a power of two bytes -all memory addresses in the same domain share the same high-order bits -those bits are checked for all memory references (loads, stores, jump targets) -if the bits don’t match, the access is invalid

7 But That’s Too Expensive Reads can’t hurt anything, so only check stores and jump targets? -is that ok? If that is still too expensive, maybe just set the high order bits without checking -force the access to fall within the domain -this is called sandboxing -it may be hard to detect bugs

8 How Is It Implemented? Modify GCC to generate sandboxed binaries -done at RTL level -RTL is an architecture independent assembly language -involves reserving up to 5 registers -adding sandboxing instructions Its done at compile-time but still needs runtime checks!

9 Segment Matching

10 Sandboxing

11 Costs Segment matching -4x instruction overhead -4 dedicated registers Sandboxing: -3x instruction overhead -5 dedicated registers How can this possibly be a win?

12 Performance Implications Impact of dedicated registers depends on architecture -with 32 registers its not noticeable -with 8 registers it is The extra instructions make normal execution much slower! Can we win back this performance through lower IPC costs?

13 Cross Domain RPC Single thread runs in caller and callee No address space switch Control flow uses a jump table to cross domain boundaries -readable, but not be writeable!

14 Call stub: 1.save trusted registers 2.set up dedicated registers 3.switch to untrusted stack 4.copy arguments to stack 5.Jump to called procedure Return stub: 1.restore trusted registers 2.switch to trusted stack 3.copy return values back to trusted stack Cross Domain RPC

15 Null Procedure Call Cost

16 Execution Overhead

17 50% of time in untrusted code 100% of time in untrusted code r: y-axis tc: x-axis h:overhead when in untrusted td: percent of time in untrusted When Does It Win?

18 Closing Thoughts Is it really language independent? How portable is it across CPU architectures?

Download ppt "CS533 Concepts of Operating Systems Jonathan Walpole."

Similar presentations

Memory Protection: Kernel and User Address Spaces  Background  Address binding  How memory protection is achieved.

Memory Protection: Kernel and User Address Spaces  Background  Address binding  How memory protection is achieved.
Computer Architecture CSCE 350

Computer Architecture CSCE 350
The University of Adelaide, School of Computer Science

The University of Adelaide, School of Computer Science
Assembler/Linker/Loader Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc11-12.html Chapter 4.3 J. Levine: Linkers & Loaders

Assembler/Linker/Loader Mooly Sagiv html:// Chapter 4.3 J. Levine: Linkers & Loaders
Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec. 5 2007.

Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec
Procedures and Stacks. Outline Stack organization PUSH and POP instructions Defining and Calling procedures.

Procedures and Stacks. Outline Stack organization PUSH and POP instructions Defining and Calling procedures.
Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.

Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.
“Efficient Software-Based Fault Isolation” (1993) by: Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham PRESENTED BY DAVID KENNEDY.

“Efficient Software-Based Fault Isolation” (1993) by: Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham PRESENTED BY DAVID KENNEDY.
CS533 Concepts of Operating Systems Class 12 Extensibility via Software Based Protection.

CS533 Concepts of Operating Systems Class 12 Extensibility via Software Based Protection.
G22.3250-001 Robert Grimm New York University Lightweight RPC.

G Robert Grimm New York University Lightweight RPC.
CS533 Concepts of Operating Systems Class 13 Micro-kernels (cont.) Extensibility via Software Based Protection.

CS533 Concepts of Operating Systems Class 13 Micro-kernels (cont.) Extensibility via Software Based Protection.
1 Storage Registers vs. memory Access to registers is much faster than access to memory Goal: store as much data as possible in registers Limitations/considerations:

1 Storage Registers vs. memory Access to registers is much faster than access to memory Goal: store as much data as possible in registers Limitations/considerations:
Tutorials 2 A programmer can use two approaches when designing a distributed application. Describe what are they? Communication-Oriented Design Begin with.

Tutorials 2 A programmer can use two approaches when designing a distributed application. Describe what are they? Communication-Oriented Design Begin with.
PC hardware and x86 3/3/08 Frans Kaashoek MIT

PC hardware and x86 3/3/08 Frans Kaashoek MIT
Dawson R. Engler, M. Frans Kaashoek, and James O'Tool Jr.

Dawson R. Engler, M. Frans Kaashoek, and James O'Tool Jr.
CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.

CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.
Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, Henry M. Levy ACM Transactions Vol. 8, No. 1, February 1990,

Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, Henry M. Levy ACM Transactions Vol. 8, No. 1, February 1990,
CS533 Concepts of Operating Systems Class 6 Micro-kernels Extensibility via Hardware or Software Based Protection.

CS533 Concepts of Operating Systems Class 6 Micro-kernels Extensibility via Hardware or Software Based Protection.
User-Level Interprocess Communication for Shared Memory Multiprocessors Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented.

User-Level Interprocess Communication for Shared Memory Multiprocessors Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented.
CS510 Concurrent Systems Jonathan Walpole. Lightweight Remote Procedure Call (LRPC)

CS510 Concurrent Systems Jonathan Walpole. Lightweight Remote Procedure Call (LRPC)

Similar presentations

Ads by Google