Results 1 - 10
of
10
Mondrian Memory Protection
, 2002
"... Mondrian memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier pagebased systems, MMP allows arbitrary permissions control at the granularity of individual words. We use a com ..."
Abstract
-
Cited by 124 (3 self)
- Add to MetaCart
Mondrian memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier pagebased systems, MMP allows arbitrary permissions control at the granularity of individual words. We use a compressed permissions table to reduce space overheads and employ two levels of permissions caching to reduce run-time overheads. The protection tables in our implementation add less than 9% overhead to the memory space used by the application. Accessing the protection tables adds less than 8% additional memory references to the accesses made by the application. Although it can be layered on top of demandpaged virtual memory, MMP is also well-suited to embedded systems with a single physical address space. We extend MMP to support segment translation which allows a memory segment to appear at another location in the address space. We use this translation to implement zero-copy networking underneath the standard read system call interface, where packet payload fragments are connected together by the translation system to avoid data copying. This saves 52% of the memory references used by a traditional copying network stack.
Components + Security = OS Extensibility
- In Proc. 6th ACSAC
, 2001
"... Component-based programming systems have shown themselves to be a natural way of constructing extensible software. Well-defined interfaces, encapsulation, late bind-ing and polymorphism promote extensibility, yet despite this synergy, components have not been widely employed at the systems level. Th ..."
Abstract
-
Cited by 5 (3 self)
- Add to MetaCart
(Show Context)
Component-based programming systems have shown themselves to be a natural way of constructing extensible software. Well-defined interfaces, encapsulation, late bind-ing and polymorphism promote extensibility, yet despite this synergy, components have not been widely employed at the systems level. This is primarily due to the failure of exist-ing component technologies to provide the protection and performance required of systems software. In this paper we identify the requirements for a component system to support secure extensions, and describe the design of such a system on the Mungi OS. 1.
Connecting Real-Time and Non-Real-Time Components
"... In this paper we describe a solution to the problem of communication between real-time and non-real-time components in a split container architecture. The split architecture carries forward an experience we gained in the The Dresden Real-Time Operating System Project (DROPS) [8]: Often, only small p ..."
Abstract
-
Cited by 3 (3 self)
- Add to MetaCart
In this paper we describe a solution to the problem of communication between real-time and non-real-time components in a split container architecture. The split architecture carries forward an experience we gained in the The Dresden Real-Time Operating System Project (DROPS) [8]: Often, only small parts of applications need to be real-time capable. Furthermore, often these parts require only a small fraction of the complex services, which the remainder of the application needs. Therefore,
A Type System for High Performance Communication and Computation
"... Abstract—The manner in which data is represented, accessed and transmitted has an affect upon the efficiency of any computing system. In the domain of high performance computing, traditional frameworks like MPI have relied upon a relatively static type system with a high degree of a priori knowledge ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
(Show Context)
Abstract—The manner in which data is represented, accessed and transmitted has an affect upon the efficiency of any computing system. In the domain of high performance computing, traditional frameworks like MPI have relied upon a relatively static type system with a high degree of a priori knowledge shared among the participants. However, modern scientific computing is increasingly distributed and dynamic, requiring the ability to dynamically create multi-platform workflows, to move processing to data, and to perform both in situ and streaming data analysis. Traditional approaches to data type description and communication in middleware, which typically either require a priori agreement on data types, or resort to highly inefficient representations like XML, are insufficient for the new domain of dynamic science. This paper describes a different approach, using FFS, a middleware library that implements efficient manipulation of application-level data. FFS provides for highly efficient binary data communication, XML-like examination of unknown data, and both third-party and in situ data processing via dynamic code generation. All of these capabilities are fully dynamic at run-time, without requiring a priori agreements or knowledge of the exact form of the data being communicated or analyzed. I.
Security Considerations of Commodity x86 Virtualization
, 2006
"... Hardware virtualization allows physical hardware of a single computer to be shared between multiple operating systems in a nearly transparent manner. A virtual machine monitor provides each operating system virtual resources which are backed by physical resources of the hardware. Though increasing s ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
Hardware virtualization allows physical hardware of a single computer to be shared between multiple operating systems in a nearly transparent manner. A virtual machine monitor provides each operating system virtual resources which are backed by physical resources of the hardware. Though increasing system complexity somewhat, hardware virtualization saves costs and has a number of other benefits. As the deployment of virtualization increases, dependence on the technology increases accordingly, thus emphasizing the importance of the security of virtualization mechanisms. We present a literature survey of commodity x86 hardware virtualization. We also consider virtualization security from two viewpoints: we first develop a security model for virtualization using an asset-threats approach, and then consider how virtualization can be used to improve system security. Finally, we discuss security oriented virtualization architectures, and the relationship between trusted computing, the Trusted Platform Module (TPM), and virtualization.
OPERATING SYSTEM
, 2005
"... A revision of MINIX that brings quality enhancements and strongly reduces the kernel in size by moving device drivers to user-space ..."
Abstract
- Add to MetaCart
(Show Context)
A revision of MINIX that brings quality enhancements and strongly reduces the kernel in size by moving device drivers to user-space
The COMQUAD Component Container Architecture And Contract Negotiation
, 2004
"... Component-based applications require runtime support to be able to guarantee non-functional properties. ..."
Abstract
- Add to MetaCart
Component-based applications require runtime support to be able to guarantee non-functional properties.
