Article

Mondrian memory protection

Authors:

Emmett Witchel,

Krste AsanovićAuthors Info & Claims

ASPLOS X: Proceedings of the 10th international conference on Architectural support for programming languages and operating systems

Pages 304 - 316

https://doi.org/10.1145/605397.605429

Published: 01 October 2002 Publication History

Abstract

Mondrian memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier page-based systems, MMP allows arbitrary permissions control at the granularity of individual words. We use a compressed permissions table to reduce space overheads and employ two levels of permissions caching to reduce run-time overheads. The protection tables in our implementation add less than 9% overhead to the memory space used by the application. Accessing the protection tables adds than 8% additional memory references to the accesses made by the application. Although it can be layered on top of demand-paged virtual memory, MMP is also well-suited to embedded systems with a single physical address space. We extend MMP to support segment translation which allows a memory segment to appear at another location in the address space. We use this translation to implement zero-copy networking underneath the standard read system call interface, where packet payload fragments are connected together by the translation system to avoid data copying. This saves 52% of the memory references used by a traditional copying network stack.

References

[1]

Adobe Systems Incorporated. Adobe PDF Plugin, 2002. http://www.adobe.com/.]]

[2]

Apache Software Foundation. mod_perl, 2002. http://perl.apache.org/.]]

[3]

A. W. Appel and K. Li. Virtual memory primitives for user programs. In Proceedings of ASPLOS-IV, April 1991.]]

Digital Library

[4]

ARM Ltd. ARM940T Technical Reference Manual (Rev 2), ARM DDI 0144B 2000.]]

[5]

Burroughs Corporation. The Descriptor--a Definition of the B5000 Information Processing System., 1961. http://www.cs.virginia.edu/brochure/images/manuals/b5000/descrip/descrip.html.]]

[6]

M. Carlisle. Olden: Parallelizing Programs with Dynamic Data Structures on Distributed-Memory Machines. PhD thesis, Princeton University, 1996.]]

Digital Library

[7]

N. P. Carter, S. W. Keckler, and W. J. Dally. Hardware support for fast capability-based addressing. In Proceedings of ASPLOS-VI, pages 319-327, San Jose, California, 1994.]]

Digital Library

[8]

J. Chase. An Operating System Structure for Wide-Address Architectures. PhD thesis, University of Washington, 1995.]]

Digital Library

[9]

H. K. J. Chu. Zero-copy TCP in Solaris. In USENIX Annual Technical Conference, pages 253-264, 1996.]]

Digital Library

[10]

J. B. Dennis and E. C. V. Horn. Programming semantics for multiprogrammed computations. CACM, 9(3):143-155, March 1966.]]

Digital Library

[11]

D. Grunwald and R. Neves. Whole-program optimization for time and space efficient threads. In Proceedings of ASPLOS-VII, Oct 1996.]]

Digital Library

[12]

G. Heiser, K. Elphinstone, J. Vochteloo, S. Russell, and J. Liedtke. The Mungi single-address-space operating system. Software--Practice and Experience, 28(9):901-928, 1998.]]

Digital Library

[13]

M. E. Houdek, F. G. Soltis, and R. L. Hoffman. IBM System/38 support for capability-based addressing. In ISCA, pages 341-348, 1981.]]

Digital Library

[14]

Intel Corporation. Volume 1: Basic architecture, Intel Architecture Software Developer's Manual, Volume 1: Basic Architecture, 1997.]]

[15]

G. Kane and J. Heinrich. MIPS RISC Architecture (R2000/R3000). Prentice Hall, 1992.]]

Digital Library

[16]

E. J. Koldinger, J. S. Chase, and S. J. Eggers. Architectural support for single address space operating systems. In ASPLOS-V, pages 175-186, 1992.]]

Digital Library

[17]

B. Lampson. Protection. In Proc. 5th Princeton Conf. on Information Sciences and Systems, 1971.]]

[18]

H. M. Levy. Capability-Based Computer Systems. Digital Press, Bedford, Massachusetts, 1984.]]

Digital Library

[19]

H. Lieberman and C. Hewitt. A real-time garbage collector based on the lifetimes of objects. In Communications of the ACM 23(6):419-429, 1983.]]

Digital Library

[20]

K. Mackenzie, J. Kubiatowicz, M. Frank, W. Lee, V. Lee, A. Agarwal, and M. F. Kaashoek. Exploiting two-case delivery for fast protected messaging. In HPCA, pages 231-242, 1998.]]

Digital Library

[21]

G. C. Necula. Proof-carrying code. In POPL '97, pages 106-119, Paris, Jan. 1997.]]

Digital Library

[22]

NS Notes and Documentation. http://www.isi.edu/vint/nsnam/, 2000.]]

[23]

V. S. Pai, P. Druschel, and W. Zwaenepoel. IO-Lite: a unified I/O buffering and caching system. ACM Transactions on Computer Systems, 18(1):37-66, 2000.]]

Digital Library

[24]

Rational Software Corporation. Purify, 2002. http://www.rational.com/media/products/pqc/D610_PurifyPlus_unix.pdf.]]

[25]

M. Rinard and et al. The FLEX compiler infrastructure. 1999-2001. http://www.flex-compiler.lcs.mit.edu.]]

[26]

J. Saltzer. Protection and the control of information sharing in Multics. Comm. ACM 17, 7 (July 1974), 388-402, 1974.]]

Digital Library

[27]

D. Scales, K. Gharachorloo, and C. Thekkath. Shasta: A low overhead, software-only approach for supporting finegrain shared memory. In Proceedings of ASPLOS-VII, Oct 1996.]]

Digital Library

[28]

I. Schoinas, B. Falsafi, A. R. Lebeck, S. K. Reinhardt, J. R. Larus, and D. A. Wood. Fine-grain access control for distributed shared memory. In ASPLOS-VI, 1994.]]

Digital Library

[29]

J. S. Shapiro, J. M. Smith, and D. J. Farber. EROS: a fast capability system. In SOSP, pages 170-185, 1999.]]

Digital Library

[30]

T. von Eicken, A. Basu, V. Buch, and W. Vogels. U-net: A user-level network interface for parallel and distributed computing. In Symposium on Operating Systems Principles, pages 303-316, 1995.]]

Digital Library

[31]

T. von Eicken, C.-C. Chang, G. Czajkowski, C. Hawblitzel, D. Hu, and D. Spoonhower. J-kernel: A capability-based operating system for Java. In Secure Internet Programming, pages 369-393, 1999.]]

Digital Library

[32]

D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, pages 3-17, San Diego, CA, February 2000.]]

[33]

R. Wahbe. Efficient data breakpoints. In Proceedings of ASPLOS-V, Oct 1992.]]

Digital Library

[34]

R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review, 27(5):203-216, December 1993.]]

Digital Library

[35]

C. Yarvin, R. Bukowski, and T. Anderson. Anonymous RPC: Low-latency protection in a 64-bit address space. In USENIX Summer, pages 175-186, 1993.]]

[36]

C. B. Zilles. Benchmark health considered harmful. Computer Architecture News, 29(3), 2001.]]

Digital Library

Cited By

Feng EFeng DDu DXia YZheng WZhao SChen HTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)sIOPMP: Scalable and Efficient I/O Protection for TEEsProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640378(1061-1076)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640378
Lamster LUnterguggenberger MSchrammel DMangard SCalandrino JTroncoso C(2023)HashTagProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620394(2797-2814)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620394
Yu JWatt CBadole ACarlson TSaxena PCalandrino JTroncoso C(2023)CAPSTONEProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620282(787-804)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620282
Show More Cited By

Recommendations

Mondrian memory protection

Mondrian memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier page-based systems, MMP allows arbitrary permissions control at ...
Mondrian memory protection
Special Issue: Proceedings of the 10th annual conference on Architectural Support for Programming Languages and Operating Systems

Mondrian memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier page-based systems, MMP allows arbitrary permissions control at ...
Mondrian memory protection

Mondrian memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier page-based systems, MMP allows arbitrary permissions control at ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS X: Proceedings of the 10th international conference on Architectural support for programming languages and operating systems

October 2002

318 pages

ISBN:1581135742

DOI:10.1145/605397

Conference Chair:
Kourosh Gharachorloo
Compaq Western Research Lab
,
Program Chair:
David A. Wood

ACM SIGARCH Computer Architecture News Volume 30, Issue 5
Special Issue: Proceedings of the 10th annual conference on Architectural Support for Programming Languages and Operating Systems
December 2002
296 pages
ISSN:0163-5964
DOI:10.1145/635506
Issue’s Table of Contents
ACM SIGPLAN Notices Volume 37, Issue 10
October 2002
296 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/605432
Issue’s Table of Contents
ACM SIGOPS Operating Systems Review Volume 36, Issue 5
December 2002
296 pages
ISSN:0163-5980
DOI:10.1145/635508
Issue’s Table of Contents

Copyright © 2002 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2002

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

ASPLOS02

Sponsor:

ASPLOS02: Tenth International Conference on Architectural Support for Programming Languages and Operating Systems

October 5 - 9, 2002

California, San Jose

Acceptance Rates

ASPLOS X Paper Acceptance Rate 24 of 175 submissions, 14%;

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

242
Total Citations
View Citations
2,286
Total Downloads

Downloads (Last 12 months)74
Downloads (Last 6 weeks)6

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Feng EFeng DDu DXia YZheng WZhao SChen HTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)sIOPMP: Scalable and Efficient I/O Protection for TEEsProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640378(1061-1076)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640378
Lamster LUnterguggenberger MSchrammel DMangard SCalandrino JTroncoso C(2023)HashTagProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620394(2797-2814)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620394
Yu JWatt CBadole ACarlson TSaxena PCalandrino JTroncoso C(2023)CAPSTONEProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620282(787-804)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620282
Chacon GWilliams CKnechtel JSinanoglu OGratz PSoteriou V(2023)Coherence Attacks and Countermeasures in Interposer-based Chiplet SystemsACM Transactions on Architecture and Code Optimization10.1145/363346121:2(1-25)Online publication date: 20-Nov-2023
https://dl.acm.org/doi/10.1145/3633461
Du DYang BXia YChen H(2023)Accelerating Extra Dimensional Page Walks for Confidential ComputingProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3614293(654-669)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3614293
Lei HZhang ZZhang SJiang PZhong ZHe NLi DGuo YChen XMeng WJensen CCremers CKirda E(2023)Put Your Memory in Order: Efficient Domain-based Memory Isolation for WASM ApplicationsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623205(904-918)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623205
Unterguggenberger MSchrammel DLamster LNasahl PMangard SMeng WJensen CCremers CKirda E(2023)Cryptographically Enforced Memory SafetyProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623138(889-903)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623138
Bhattacharyya AHofhammer FLi YGupta SSanchez AFalsafi BPayer M(2023)SecureCells: A Secure Compartmentalized Architecture2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179472(2921-2939)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179472
Khan AXu DTian D(2023)EC: Embedded Systems Compartmentalization via Intra-Kernel Isolation2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179285(2990-3007)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179285
Jain AKadiyala DDaglis A(2023)Safety Hints for HTM Capacity Abort Mitigation2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA56546.2023.10071113(206-219)Online publication date: Mar-2023
https://doi.org/10.1109/HPCA56546.2023.10071113
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents