Article

Dune: safe user-level access to privileged CPU features

Authors:

Ali Mashtizadeh,

David Mazières,

Christos KozyrakisAuthors Info & Claims

OSDI'12: Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation

Pages 335 - 348

Published: 08 October 2012 Publication History

Abstract

Dune is a system that provides applications with direct but safe access to hardware features such as ring protection, page tables, and tagged TLBs, while preserving the existing OS interfaces for processes. Dune uses the virtualization hardware in modern processors to provide a process, rather than a machine abstraction. It consists of a small kernel module that initializes virtualization hardware and mediates interactions with the kernel, and a user-level library that helps applications manage privileged hardware features. We present the implementation of Dune for 64- bit x86 Linux. We use Dune to implement three user-level applications that can benefit from access to privileged hardware: a sandbox for untrusted code, a privilege separation facility, and a garbage collector. The use of Dune greatly simplifies the implementation of these applications and provides significant performance advantages.

References

[1]

Libhugetlbfs. http://libhugetlbfs.sourceforge.net, Apr. 2012.

[2]

J. Ahn, S. Jin, and J. Huh. Revisiting Hardware-Assisted Page Walks for Virtualized Systems. In Proceedings of the 39th International Symposium on Computer Architecture, ISCA'12, pages 476-487, 2012.

Digital Library

[3]

AMD. Secure Virtual Machine Architecture Reference Manual.

[4]

G. Ammons, D. D. Silva, O. Krieger, D. Grove, B. Rosenburg, R. W. Wisniewski, M. Butrico, K. Kawachiya, and E. V. Hensbergen. Libra: A Library Operating System for a JVM in a Virtualized Execution Environment. In Proceedings of the 3rd International Conference on Virtual Execution Environments, pages 13-15, 2007.

Digital Library

[5]

A. Appel and K. Li. Virtual Memory Primitives for User Programs. In Proceedings of the Fourth International Conference on ASPLOS, pages 96-107, Apr. 1991.

Digital Library

[6]

M. Ben-Yehuda, M. D. Day, Z. Dubitzky, M. Factor, N. Har'El, A. Gordon, A. Liguori, O. Wasserman, and B.-A. Yassour. The Turtles Project: Design and Implementation of Nested Virtualization. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, 2010.

Digital Library

[7]

B. N. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. E. Fiuczynski, D. Becker, C. Chambers, and S. Eggers. Extensibility Safety and Performance in the SPIN Operating System. In Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles, SOSP'95, pages 267-283, 1995.

Digital Library

[8]

R. Bhargava, B. Serebrin, F. Spadini, and S. Manne. Accelerating Two-Dimensional Page Walks for Virtualized Systems. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 26-35, 2008.

Digital Library

[9]

A. Bittau. Toward Least-Privilege Isolation for Software. PhD thesis, 2009.

[10]

A. Bittau, P. Marchenko, M. Handley, and B. Karp. Wedge: Splitting Applications into Reduced-Privilege Compartments. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, NSDI'08, pages 309-322, 2008.

Digital Library

[11]

H. Boehm. GC Bench. http://www.hpl.hp.com/personal/ Hans_Boehm/gc/gc_bench/, Apr. 2012.

[12]

H. Boehm, A. Demers, and S. Shenker. Mostly Parallel Garbage Collection. In Proceedings of the ACM SIGPLAN 1991 Conference on Programming Language Design and Implementation, PLDI'91, pages 157-164, 1991.

Digital Library

[13]

S. Boyd-Wickizer and N. Zeldovich. Tolerating Malicious Device Drivers in Linux. In Proceedings of the 2010 USENIX Annual Technical Conference, USENIXATC'10, pages 9-9, 2010.

Digital Library

[14]

E. Bugnion, S. Devine, and M. Rosenblum. Disco: Running Commodity Operating Systems on Scalable Multiprocessors. In Proceedings of the Sixteenth ACM Symposium on Operating Systems Principles, SOSP'97, pages 143-156, 1997.

Digital Library

[15]

C. Click, G. Tene, and M. Wolf. The Pauseless GC Algorithm. In Proceedings of the 1st ACM/USENIX International Conference on Virtual Execution Environments, VEE'05, pages 46-56, 2005.

Digital Library

[16]

J. R. Douceur, J. Elson, J. Howell, and J. R. Lorch. Leveraging Legacy Code to Deploy Desktop Applications on the Web. In Proceedings of the 8th USENIX Conference on Operating systems Design and Implementation, OSDI'08, pages 339-354, 2008.

Digital Library

[17]

D. R. Engler, S. K. Gupta, and M. F. Kaashoek. AVM: Application-Level Virtual Memory. In Proceedings of the 5th Workshop on Hot Topics in Operating Systems, pages 72-77, Orcas Island, Washington, May 1995.

Digital Library

[18]

D. R. Engler, M. F. Kaashoek, and J. O'Toole, Jr. Exokernel: an Operating System Architecture for Application-level Resource Management. In Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles, SOSP'95, pages 251-266, 1995.

Digital Library

[19]

B. Ford and R. Cox. Vx32: Lightweight User-Level Sandboxing on the x86. In Proceedings of the 2008 USENIX Annual Technical Conference, ATC'08, pages 293-306, 2008.

Digital Library

[20]

B. Ford, M. Hibler, J. Lepreau, P. Tullmann, G. Back, and S. Clawson. Microkernels Meet Recursive Virtual Machines. In Proceedings of the Second USENIX Symposium on Operating Systems Design and Implementation, OSDI'96, pages 137-151, 1996.

Digital Library

[21]

T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the Network and Distributed Systems Security Symposium, pages 163-176, 2003.

[22]

R. P. Goldberg. Architectural Principles for Virtual Computer Systems. PhD thesis, Harvard University, Cambridge, MA, 1972.

[23]

Google. sparsehash. http://code.google.com/p/sparsehash/, Apr. 2012.

[24]

IBM. Power ISA, Version 2.06 Revision B.

[25]

Intel. Intel Virtualization Technology Specification for the Intel Itanium Architecture (VT-i).

[26]

Intel Corporation. Invalid Instruction Erratum Overview. http://www.intel.com/support/processors/pentium/sb/cs-013151.htm, Apr. 2012.

[27]

K. Kaspersky and A. Chang. Remote Code Execution thorugh Intel CPU Bugs. In Hack In The Box (HITB) 2008 Malaysia Conference.

[28]

H. Kermany and E. Petrank. The Compressor: Concurrent, Incremental, and Parallel Compaction. In Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI'06, pages 354-363, 2006.

Digital Library

[29]

S. T. King, P. M. Chen, Y.-M. Wang, C. Verbowski, H. J. Wang, and J. R. Lorch. SubVirt: Implementing Malware with Virtual Machines. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, SP'06, pages 314-327, 2006.

Digital Library

[30]

A. Kivity. KVM: the Linux Virtual Machine Monitor. In OLS'07: The 2007 Ottawa Linux Symposium, pages 225-230, July 2007.

[31]

D. L. Osisek, K. M. Jackson, and P. H. Gum. ESA/390 Interpretive-Execution Architecture, Foundation for VM/ESA. IBM Syst. J., 30(1):34-51, Feb. 1991.

Digital Library

[32]

S. Osman, D. Subhraveti, G. Su, and J. Nieh. The Design and Implementation of Zap: A System for Migrating Computing Environments. In Proceedings of the Fifth Symposium on Operating Systems Design and Implementation, pages 361-376, 2002.

Digital Library

[33]

N. Provos. Improving Host Security with System Call Policies. In Proceedings of the 12th USENIX Security Symposium, SSYM'03, 2003.

Digital Library

[34]

M. Sweet. Mini-XML: Lightweight XML Library. http://www.minixml.org/, Apr. 2012.

[35]

S. Tang, H. Mai, and S. T. King. Trust and Protection in the Illinois Browser Operating System. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI'10, pages 1-8, 2010.

Digital Library

[36]

G. Tene, B. Iyengar, and M. Wolf. C4: the Continuously Concurrent Compacting Collector. In Proceedings of the International Symposium on Memory Management, ISMM'11, pages 79-88, 2011.

Digital Library

[37]

R. Uhlig, G. Neiger, D. Rodgers, A. Santoni, F. Martins, A. Anderson, S. Bennett, A. Kagi, F. Leung, and L. Smith. Intel Virtualization Technology. Computer, 38(5):48-56, May 2005.

Digital Library

[38]

P. Varanasi and G. Heiser. Hardware-Supported Virtualization on ARM. In Proceedings of the Second Asia-Pacific Workshop on Systems, APSys'11, pages 11:1-11:5, 2011.

Digital Library

[39]

B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, SP'09, pages 79-93, 2009.

Digital Library

[40]

E. Zayas. Attacking the Process Migration Bottleneck. In Proceedings of the eleventh ACM Symposium on Operating Systems Principles, SOSP'87, pages 13-24, 1987.

Digital Library

Cited By

Miller SKumar AVakharia TChen AZhuo DAnderson T(2024)Enoki: High Velocity Linux Kernel Scheduler DevelopmentProceedings of the Nineteenth European Conference on Computer Systems10.1145/3627703.3629569(962-980)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3627703.3629569
Castes CGhosn A(2023)Dynamic Linkers Are the Narrow Waist of Operating SystemsProceedings of the 12th Workshop on Programming Languages and Operating Systems10.1145/3623759.3624548(26-33)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3623759.3624548
Tchana AGoepp DBitchebe SLachaize R(2023)xOSProceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on Systems10.1145/3609510.3609817(1-8)Online publication date: 24-Aug-2023
https://dl.acm.org/doi/10.1145/3609510.3609817
Show More Cited By

Dune: safe user-level access to privileged CPU features

Recommendations

Cellular automata to understand the behaviour of beach-dune systems

Coastal dunes are sedimentary environments characterized by their high dynamism. Their evolution is determined by sedimentary exchanges between the beach-dune subsystems and the dune dynamics itself. Knowledge about these exchanges is important to ...
A free cellular model of dune dynamics

Currently, dune field surveying is employed to assess dune net volume changes and their accretion and erosion patterns. In dune fields with complex sediment sources and sink interactions such as El Fangar Spit (Ebro Delta, Spain), it is difficult to ...
A 3D forward stratigraphic model of aeolian dune evolution for prediction of lithofacies heterogeneity
Abstract
Within aeolian systems, complex dune morphologies can develop due to the interplay of a variety of allogenic and autogenic controls. As a result, the preserved sedimentary record of aeolian dune deposits is highly varied, exhibiting an array of ...
Highlights
- Present DASH model, a novel numerical model of aeolian dune stratigraphic evolution.
- Employ DASH to model transverse, linear and compound dunes and facies architecture.
- Employ DASH to model the Triassic Helsby Sandstone Formation, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

OSDI'12: Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation

October 2012

362 pages

ISBN:9781931971966

Program Chairs:
Amin Vahdat
Google and University of California, San Diego
,
Chandu Thekkath
Microsoft Research Silicon Valley

Sponsors

Infosys
EMC2: EMC2
Microsoft Reasearch: Microsoft Reasearch
ORACLE: ORACLE
USENIX Assoc: USENIX Assoc

In-Cooperation

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

USENIX Association

United States

Publication History

Published: 08 October 2012

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

81
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Miller SKumar AVakharia TChen AZhuo DAnderson T(2024)Enoki: High Velocity Linux Kernel Scheduler DevelopmentProceedings of the Nineteenth European Conference on Computer Systems10.1145/3627703.3629569(962-980)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3627703.3629569
Castes CGhosn A(2023)Dynamic Linkers Are the Narrow Waist of Operating SystemsProceedings of the 12th Workshop on Programming Languages and Operating Systems10.1145/3623759.3624548(26-33)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3623759.3624548
Tchana AGoepp DBitchebe SLachaize R(2023)xOSProceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on Systems10.1145/3609510.3609817(1-8)Online publication date: 24-Aug-2023
https://dl.acm.org/doi/10.1145/3609510.3609817
Narayanan VBurtsev A(2023)The Opportunities and Limitations of Extended Page Table Switching for Fine-Grained IsolationIEEE Security and Privacy10.1109/MSEC.2023.325138521:3(16-26)Online publication date: 1-May-2023
https://dl.acm.org/doi/10.1109/MSEC.2023.3251385
Kolosick MNarayan SJohnson EWatt CLeMay MGarg DJhala RStefan D(2022)Isolation without taxation: near-zero-cost transitions for WebAssembly and SFIProceedings of the ACM on Programming Languages10.1145/34986886:POPL(1-30)Online publication date: 12-Jan-2022
https://dl.acm.org/doi/10.1145/3498688
Humphries JKaffes KMazières DKozyrakis CAngel SKasikci BKohler E(2021)A case against (most) context switchesProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3458336.3465274(17-25)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3458336.3465274
Schrammel DWeiser SSteinegger SSchwarzl MSchwarz MMangard SGruss DCapkun SRoesner F(2020)DonkyProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489307(1677-1694)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489307
Fried JRuan ZOusterhout ABelay ALu SHowell J(2020)CaladanProceedings of the 14th USENIX Conference on Operating Systems Design and Implementation10.5555/3488766.3488782(281-297)Online publication date: 4-Nov-2020
https://dl.acm.org/doi/10.5555/3488766.3488782
Yehuda RZaidenberg N(2020)The hypletProceedings of the 2020 Summer Simulation Conference10.5555/3427510.3427553(1-8)Online publication date: 20-Jul-2020
https://dl.acm.org/doi/10.5555/3427510.3427553
Yao DZhang ZZhang G(2020)Practical Control Flow Integrity using Multi-Variant executionProceedings of the 2020 International Conference on Internet Computing for Science and Engineering10.1145/3424311.3424312(14-19)Online publication date: 14-Jan-2020
https://dl.acm.org/doi/10.1145/3424311.3424312
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents