Article

Free access

Efficient software-based fault isolation

Authors:

Thomas E. Anderson,

Susan L. GrahamAuthors Info & Claims

SOSP '93: Proceedings of the fourteenth ACM symposium on Operating systems principles

Pages 203 - 216

https://doi.org/10.1145/168619.168635

Published: 01 December 1993 Publication History

Abstract

One way to provide fault isolation among cooperating software modules is to place each in its own address space. However, for tightly-coupled modules, this solution incurs prohibitive context switch overhead. In this paper, we present a software approach to implementing fault isolation within a single address space.Our approach has two parts. First, we load the code and data for a distrusted module into its own fault do main, a logically separate portion of the application's address space. Second, we modify the object code of a distrusted module to prevent it from writing or jumping to an address outside its fault domain. Both these software operations are portable and programming language independent.Our approach poses a tradeoff relative to hardware fault isolation: substantially faster communication between fault domains, at a cost of slightly increased execution time for distrusted modules. We demonstrate that for frequently communicating modules, implementing fault isolation in software rather than hardware can substantially improve end-to-end application performance.

References

[1]

T.L. Adam, K.M. Chandy, and J.R. Dickson. A comparison of list schedules for parallel processing systems. Communications of the A CM, 17(12):685-690, December 1974.]]

Digital Library

[2]

Thomas Anderson, Henry Levy, Brian Betshad, and Edward Lazowska. The Interaction of Architecture and Operating System Design. In Proceedings of the dth International Conference on Architectural Support/or Programming Languages and Operating Systems, pages 108- 120, April 1991.]]

Digital Library

[3]

Administrator: National Computer Graphics Association. SPEC Newsletter, 3(4), December 1991.]]

[4]

Alfred V. Aho, Ravi Sethi, and Jeffrey D. Ullman. Uompilers, Principles, Techniques, and Tools. Addison-Wesley Publishing Company, 1986.]]

Digital Library

[5]

Brian Bershad, Thomas Anderson, Edward Lazowska, and Henry Levy. Lightweight Remote Procedure Call. A CM Transactions on Computer Systems, 8(1), February 1990.]]

Digital Library

[6]

Brian Bershad, Thomas Anderson, Edward Lazowska, and Henry Levy. User-Level Interprocess Communication for Shared-Memory Multiprocessors. A UM Transactions on Computer Systems, 9(2), May 1991.]]

Digital Library

[7]

Brian Bershad, August 1993. Private Communication.]]

[8]

Thomas Ball and James R. Larus. Optimally profiling and tracing. In Proceedings of the Uonference on Principles of Programming Languages, pages 59-70, 1992.]]

Digital Library

[9]

David Black. Scheduling Support for Concurrency and Parallelism in the Mach Operating System. IEEE Computer, 23(5):35-43, May 1990.]]

Digital Library

[10]

Andrew Birrell and Bruce Nelson. Implementing Remote Procedure Calls. A CM Transactions on Computer Systems, 2(1):39-59, February 1984.]]

Digital Library

[11]

J.D. Clark. Window Programmer' Guide To OLE/DDE. Prentice-Hall, 1992.]]

Digital Library

[12]

L.P. Deutsch and C. A. Grant. A flexible measurement tool for software systems. In IFIP Congress, 1971.]]

[13]

Digital Equipment Corporation. Ultrix wi.2 Pixie Manual Page.]]

[14]

Peter Dyson. Xtensions for Xpress: Modular Software for Custom Systems. $eybold Report on Desktop Pubhshing, 6(10):1-21, June 1992.]]

[15]

Kevin Fall and Joseph PasquMe. Exploiting inkernel data paths to improve I/O throughput and CPU a vaklability. In Proceedings o/the 1993 Winter USENIX Conference, pages 327- 333, January 1993.]]

[16]

Keiran I/arty and David Cheriton. Application-controlled physical memory using external page-cache management. In Proceedings o/the 5th International Conference on Architectural Support/or Programming Languages and Operating Systems, October 1992.]]

Digital Library

[17]

Graham Hamilton and Pangs Kougiouris. The Spring nucleus: A microkernel for objects. In Proceedings o/ the Summer USENIX Conference, pages 147-159, June 1993.]]

[18]

J. Howard, M. Kazar, S. Menees, D. Nichols, M. Satyanarayanan, R. Sidebotham, and M. West. Scale and Performance in a Distributed File System. A CM Transactions on Computer Systems, 6(1):51-82, February 1988.]]

Digital Library

[19]

Intel Corporation, Santa Clara, California. Intel 80386 Programmer's Rej:erence Manual, 1986.]]

[20]

Michael B. Jones, Richard F. Rashid, and Mary R. Thompson. Matchmaker: An interface specification language for distributed processing. In Proceedings o/the 12th A CM SiGA CT-SIGPLAN Symposium on Principles of Programming Languages, pages 225-235, January 1985.]]

Digital Library

[21]

Paul A. Karger. Using Registers to Optimize Cross-Domain Call Performance. In Proceedings of the 3rd International Conference on Architectural Support for Programming Languages and Operating Systems, pages 194-204, April 3-6 1989.]]

Digital Library

[22]

Steven R. Kleiman. Vnodes: An Architecture for Multiple File System Types in SUN UNIX. In Proceedings of the 1986 Summer USENL~ Con/erence, pages 238-247, 1986.]]

[23]

James R. Larus and Thomas Ball. Rewriting executable files to measure program behavior. Technical Report 1083, University of Wisconsin-Madison, March 1992.]]

[24]

Scott McFarling. Program optimization for instruction caches. In Proceedzngs of the international Conference on Architectural Support for Programming Languages and Operating Systems, pages 183-191, April 1989.]]

Digital Library

[25]

Steven McCanne and Van Jacobsen. The BSD Packet Filter: A New Architecture for User-Level Packet Capture. In Proceedings o/ the 1993 W~nter USENL~ Uon/erence, :January 1993.]]

Digital Library

[26]

J. C. Mogul, R. F. Rashid, and M. J. Accetta. The packet filter: An efficient mechanism for user-level network code. In Proceedzngs of the Symposium on Operating System Principles, pages 39-51, November 1987.]]

Digital Library

[27]

Karl Pettis and Robert C. Hansen. Profile guided code positioning. In Proceedings of the Conference on Programming Language Design and Implementation, pages 16-27, White Plains, New York, June 1990. Appeared as SIGPLAN NOTICES 25(6).]]

Digital Library

[28]

David D. Redell, Yogen K. Dalai, Thomas R. Horsley, Hugh C. Lauer, William C. Lynch, Paul R. McJones, Hal G. Murray, and Stephen C. Purcell. Pilot: An Operating System for a Personal Computer. Communications of the A CM, 23(2):81-92, February 1980.]]

Digital Library

[29]

A. Dain Samples. Code reorganization for instruction caches. Technical Report UCB/CSD 88/447, University of California, Berkeley, October 1988.]]

Digital Library

[30]

Michael Schroeder and Michael Burrows. Performance of Firefly RPC. AUM Transactions on Computer Systems, 8(1):1-17, February 1990.]]

Digital Library

[31]

Richard L. Sites, Anton Chernoff, Matthew B. Kirk, Maurice P. Marks, and Scott G. Robinson. Binary translation. Commun,cat~ons of the A CM, 36(2):69-81, February 1993.]]

Digital Library

[32]

M. Stonebraker, J. Frew, K. Gardels, and J. Meridith. The Sequoia 2000 Benchmark. In Proceedings of the A CM SIGMOD International Conference on Management of Data, May 1993.]]

Digital Library

[33]

Michael Stonebraker. Extensibility in POST- GRES. IEEE Database Engineering, September 1987.]]

[34]

Michael Stonebraker. Inclusion of new types in relational data base systems. In Michael Stonebraker, editor, Readings in Database Systems, pages 480-487. Morgan Kaufmann Publishers, Inc., 1988.]]

Digital Library

[35]

J. P. Singh, W. Weber, and A. Gupta. Splash: Stanford parallel applications for shared-memory. Technical Report CSL-TR-91- 469, Stanford, 1991.]]

Digital Library

[36]

Shin-Yuan Tzou and David P. Anderson. A Performance Evaluation of the DASH Message- Passing System. Technical Report UCB/CSD 88/452, Computer Science Division, University of California, Berkeley, October 1988.]]

Digital Library

[37]

Thinking Machines Corporation. CM-5 Network Interface Programmer's Guide, 1992.]]

[38]

T. yon Eicken, D. Culler, S. Goldstein, and K. Schauser. Active Messages: A Mechanism for Integrated Communication and Computation. In Proceed,ngs of the 19th Annual Symposium on Computer Architecture, 1992.]]

Digital Library

[39]

Robbert van Renesse, Hans van Staveren, and Andrew S. Tanenbaum. Performance of the World's Fastest Distributed Operating System. Opcratir~g Sy~tcma Review, 22(4):25-34, October 1988.]]

Digital Library

[40]

Nell Webber. Operating System Support for Portable Filesystem Extensions. In Proceedings of the 1993 Winter USENIX Con/erence, January 1993.]]

[41]

Curtis Yarvin, Richard Bukowski, and Thomas Anderson. Anonymous RPC: Low Latency Protection in a 64-Bit Address Space. In Proceedings o/the Summer USENIX Conference, June 1993.]]

Cited By

Yadav NVollmer FSadeghi ASmaragdakis GVoulimeneas A(2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
https://doi.org/10.23919/3S60530.2024.10592292
Chintamaneni SSomaraju SWilliams D(2024)Unsafe kernel extension composition via BPF program nestingProceedings of the ACM SIGCOMM 2024 Workshop on eBPF and Kernel Extensions10.1145/3672197.3673440(65-67)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672197.3673440
Koizumi SKondo TTeraoka FOkoshi TKo JLiKamWa R(2024)Poster: Secure NFV Infrastructure based on Software Fault Isolation Considering Multi-Tenant EnvironmentProceedings of the 22nd Annual International Conference on Mobile Systems, Applications and Services10.1145/3643832.3661403(650-651)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3643832.3661403
Show More Cited By

Recommendations

Efficient software-based fault isolation

One way to provide fault isolation among cooperating software modules is to place each in its own address space. However, for tightly-coupled modules, this solution incurs prohibitive context switch overhead. In this paper, we present a software ...
Fault isolation for nonisolated blocks

We consider circuits represented as interconnections of logic blocks. In such circuits, the goal of fault isolation is to identify which one of the blocks is faulty based on a faulty output response produced by the circuit. We study this issue and ...
Lightweight Fault Isolation: Practical, Efficient, and Secure Software Sandboxing
ASPLOS '24: Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2

Software-based fault isolation (SFI) is a longstanding technique that allows isolation of one or more processes from each other with minimal or no use of hardware protection mechanisms. The demand for SFI systems has been increasing due to the advent of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SOSP '93: Proceedings of the fourteenth ACM symposium on Operating systems principles

January 1994

284 pages

ISBN:0897916328

DOI:10.1145/168619

Chairmen:
Andrew P. Black
Digital Equipment Corp.
,
Barbara Liskov
Massachusetts Institute of Technology (MIT), Cambridge

ACM SIGOPS Operating Systems Review Volume 27, Issue 5
Dec. 1993
283 pages
ISSN:0163-5980
DOI:10.1145/173668
Editor:
William M. Waite
Univ. of Colorado, Boulder
Issue’s Table of Contents

Copyright © 1993 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 December 1993

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

SOSP93

Sponsor:

SIGOPS

SOSP93: 14th ACM Symposium on Operating Systems Principles

December 5 - 8, 1993

North Carolina, Asheville, USA

Acceptance Rates

Overall Acceptance Rate 131 of 716 submissions, 18%

Upcoming Conference

SOSP '24

Sponsor:
sigops

ACM SIGOPS 30th Symposium on Operating Systems Principles

November 5 - 8, 2024

Austin , TX , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

811
Total Citations
View Citations
7,183
Total Downloads

Downloads (Last 12 months)842
Downloads (Last 6 weeks)53

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yadav NVollmer FSadeghi ASmaragdakis GVoulimeneas A(2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
https://doi.org/10.23919/3S60530.2024.10592292
Chintamaneni SSomaraju SWilliams D(2024)Unsafe kernel extension composition via BPF program nestingProceedings of the ACM SIGCOMM 2024 Workshop on eBPF and Kernel Extensions10.1145/3672197.3673440(65-67)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672197.3673440
Koizumi SKondo TTeraoka FOkoshi TKo JLiKamWa R(2024)Poster: Secure NFV Infrastructure based on Software Fault Isolation Considering Multi-Tenant EnvironmentProceedings of the 22nd Annual International Conference on Mobile Systems, Applications and Services10.1145/3643832.3661403(650-651)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3643832.3661403
Yedidia ZTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Lightweight Fault Isolation: Practical, Efficient, and Secure Software SandboxingProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640408(649-665)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640408
Bang IKayondo MMoon HPaek YCalandrino JTroncoso C(2023)TRUSTProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620626(6947-6964)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620626
Chien YBădoiu VYang YHuo YKaoudis KLefeuvre HOlivier PDautenhahn N(2023)CIVSCOPE: Analyzing Potential Memory Corruption Bugs in Compartment InterfacesProceedings of the 1st Workshop on Kernel Isolation, Safety and Verification10.1145/3625275.3625399(33-40)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3625275.3625399
Schuermann LThomas ALevy A(2023)Encapsulated Functions: Fortifying Rust's FFI in Embedded SystemsProceedings of the 1st Workshop on Kernel Isolation, Safety and Verification10.1145/3625275.3625397(41-48)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3625275.3625397
Filipiuk TWanninger NDhiantravan NSurmeier CBernat ADinda P(2023)CARAT KOP: Towards Protecting the Core HPC Kernel from Linux Kernel ModulesProceedings of the SC '23 Workshops of The International Conference on High Performance Computing, Network, Storage, and Analysis10.1145/3624062.3624237(1596-1605)Online publication date: 12-Nov-2023
https://dl.acm.org/doi/10.1145/3624062.3624237
Ahad AWang GKim CJana SLin ZKwon YAamodt TSwift MJerger N(2023)FreePart: Hardening Data Processing Software via Framework-based Partitioning and IsolationProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624760(169-188)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624760
Bauman EDuan JHamlen KLin Z(2023)Renewable Just-In-Time Control-Flow IntegrityProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607239(580-594)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607239
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents