Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.

Published byDylan Ford Modified over 8 years ago

Similar presentations

Presentation on theme: "Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation."— Presentation transcript:

1 Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation in computer architecture and systems software. Virtual Memory – Architecture support for protecting processes from each other. Virtual Machines 1

2 Protection via Virtual Memory … (1) Data blocks – between main memory and cache. Pages – between secondary storage and main memory. Translation Lookaside Buffer (TLB) – cache to provide translation from virtual to physical address. 2

3 Protection via Virtual Machines … (1) Emulation that provides standard software interface. VMs that provide complete system-level environment at binary ISA (Instruction Level Architecture) level. These are called OS Virtual Machines. – Examples: IBM z/VM, VMWare ESX Server, etc.. Provides illusion that users of VM have entire computer control, including OS. One computer can run multiple VMs and support multiple OSes.  In conventional platform, one OS “owns” all hardware.  In VM, multiple OSes share hardware resources. 3

4 Protection via Virtual Memory … (4) Most popular memory protection scheme – Add protection restrictions to each page in virtual memory. – Page Table Mapping from virtual address space to physical address space. Protection restrictions (can user read, write, execute from this page?) are included in page table against each page entry. Only OS can update page table  paging mechanism provides access protection. – TLB Provides faster address translation (from virtual to physical address). Two parts: tag portion and data portion. Tag portion: Portions of virtual address. Data portion: Physical page address, Protection field, Valid bit, Use bit, Dirty bit. OS changes these bits in page table  this updates TLB entry. 4

5 Protection via Virtual Memory … (2) Multiprogramming – Multiple programs running concurrently. – Need for protection and sharing of resources among programs. – Process: Running program + state needed to run. – Context / Process switch: Switch from one process to another. OS and architecture allow processes to share hardware without interfering with each other. Types of processes – User process Access to local processor state only. – OS / Kernel / Supervisor process Access to entire processor state. 5

6 Protection via Virtual Memory … (3) To prevent processes from interfering with each other, architecture must provide the following. 1.At least two modes: user mode and OS mode. 2.Provide a processor state that a user process can use but not write. 1.Example: user/supervisor mode bit(s), memory protection information. 2.Because OS cannot have control if user processes grant themselves supervisor privileges. 3.Mechanism for processor to go from user to supervisor mode and vice versa. 1.Using system call; PC is saved; processor switches to user/supervisor mode; executes; return to supervisor/user mode; continue earlier subroutine. 4.Mechanism to protect memory state of a process during context switch, without having to swap process to disk. 6

7 Protection via Virtual Memory … (5) Insufficient – Depends on accuracy of OS and hardware. – OSes are huge programs. – Flaws in OS lead to vulnerabilities. Hence – Look for protection in a smaller code base than full OS.  Virtual Machines. 7

8 Protection via Virtual Machines … (2) Hypervisor – A.k.a. Virtual Machine Monitor (VMM). – Software that supports VMs. – Determines how to map virtual resources to physical resources. – Physical resource is time-shared / partitioned / emulated in software. – VMM is much smaller than OS (~ 10K l.o.c.). Host – Underlying hardware platform. Guest – VMs that share the host’s resources through the VMM. 8

9 Protection via Virtual Machines … (3) Other benefits of Virtual Machines. – Managing Software VMs provide abstractions to run complete software stacks, such as entire OSes. – Managing Hardware Servers – allow applications to run on compatible OSes on dedicated hardware  improves dependability. VMs allow these applications and OSes to run independently on shared hardware  reduces need for multiple servers. 9

10 Requirements of a Virtual Machine Monitor Provide interface to guest software. Isolate the state of guests from each other. Protect itself from guest software and OSes. Qualitative requirements – Guest software behaviour on VM = behaviour on native hardware; except for performance-related behaviour. – Guest software should not be able to change real system resources directly. 10

Download ppt "Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation."

Similar presentations

An Overview Of Virtual Machine Architectures Ross Rosemark.

An Overview Of Virtual Machine Architectures Ross Rosemark.
Virtual Memory main memory can act as a cache for secondary storage motivation: Allow programs to use more memory that there is available transparent to.

Virtual Memory main memory can act as a cache for secondary storage motivation: Allow programs to use more memory that there is available transparent to.
Computer Organization CS224 Fall 2012 Lesson 44. Virtual Memory  Use main memory as a “cache” for secondary (disk) storage l Managed jointly by CPU hardware.

Computer Organization CS224 Fall 2012 Lesson 44. Virtual Memory  Use main memory as a “cache” for secondary (disk) storage l Managed jointly by CPU hardware.
15-447 Computer ArchitectureFall 2008 © November 10, 2007 Nael Abu-Ghazaleh Lecture 23 Virtual.

Computer ArchitectureFall 2008 © November 10, 2007 Nael Abu-Ghazaleh Lecture 23 Virtual.
Disco Running Commodity Operating Systems on Scalable Multiprocessors.

Disco Running Commodity Operating Systems on Scalable Multiprocessors.
Virtual Memory and Paging J. Nelson Amaral. Large Data Sets Size of address space: – 32-bit machines: 2 32 = 4 GB – 64-bit machines: 2 64 = a huge number.

Virtual Memory and Paging J. Nelson Amaral. Large Data Sets Size of address space: – 32-bit machines: 2 32 = 4 GB – 64-bit machines: 2 64 = a huge number.
1  1998 Morgan Kaufmann Publishers Chapter Seven Large and Fast: Exploiting Memory Hierarchy (Part II)

1  1998 Morgan Kaufmann Publishers Chapter Seven Large and Fast: Exploiting Memory Hierarchy (Part II)
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,

Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,
LINUX Virtualization Running other code under LINUX.

LINUX Virtualization Running other code under LINUX.
Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.

Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Virtualization Concept. Virtualization  Real: it exists, you can see it.  Transparent: it exists, you cannot see it  Virtual: it does not exist, you.

Virtualization Concept. Virtualization  Real: it exists, you can see it.  Transparent: it exists, you cannot see it  Virtual: it does not exist, you.
Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.

Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

Microkernels, virtualization, exokernels Tutorial 1 – CSC469.
CS533 Concepts of Operating Systems Jonathan Walpole.

CS533 Concepts of Operating Systems Jonathan Walpole.
Computer Architecture Lecture 28 Fasih ur Rehman.

Computer Architecture Lecture 28 Fasih ur Rehman.
Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.

Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.
Virtualization Concepts Presented by: Mariano Diaz.

Virtualization Concepts Presented by: Mariano Diaz.

Similar presentations

Ads by Google