Sealing OS processes to improve dependability and safety-Reference-Cited by-同舟云学术

Sealing OS processes to improve dependability and safety

Published:2007-06 Issue:3 Volume:41 Page:341-354
ISSN:0163-5980
Container-title:ACM SIGOPS Operating Systems Review
language:en
Short-container-title:SIGOPS Oper. Syst. Rev.

Author:

Hunt Galen¹,Aiken Mark¹,Fähndrich Manuel¹,Hawblitzel Chris¹,Hodson Orion¹,Larus James¹,Levi Steven¹,Steensgaard Bjarne¹,Tarditi David¹,Wobber Ted¹

Affiliation:

1. Microsoft Research, One Microsoft Way, Redmond, WA

Abstract

In most modern operating systems, a process is a hardware-protected abstraction for isolating code and data. This protection, however, is selective. Many common mechanisms---dynamic code loading, run-time code generation, shared memory, and intrusive system APIs---make the barrier between processes very permeable. This paper argues that this traditional open process architecture exacerbates the dependability and security weaknesses of modern systems. As a remedy, this paper proposes a sealed process architecture , which prohibits dynamic code loading, self-modifying code, shared memory, and limits the scope of the process API. This paper describes the implementation of the sealed process architecture in the Singularity operating system, discusses its merits and drawbacks, and evaluates its effectiveness. Some benefits of this sealed process architecture are: improved program analysis by tools, stronger security and safety guarantees, elimination of redundant overlaps between the OS and language runtimes, and improved software engineering. Conventional wisdom says open processes are required for performance; our experience suggests otherwise. We present the first macrobenchmarks for a sealed-process operating system and applications. The benchmarks show that an experimental sealed-process system can achieve performance competitive with highly-tuned, commercial, open-process systems.

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/1272998.1273032

Reference49 articles.

1. Deconstructing process isolation

2. Thorough static analysis of device drivers

Cited by 16 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. CARAT CAKE: replacing paging via compiler/kernel cooperation;Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems;2022-02-22

2. Paths to OpenMP in the kernel;Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis;2021-11-13

3. Polymorphic Iterable Sequential Effect Systems;ACM Transactions on Programming Languages and Systems;2021-03-31

4. CARAT: a case for virtual memory through compiler- and runtime-based address translation;Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation;2020-06-06

5. X-Containers;Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems;2019-04-04