article

Mondrian memory protection

Authors:

Emmett Witchel,

Krste AsanovićAuthors Info & Claims

ACM SIGPLAN Notices, Volume 37, Issue 10

Pages 304 - 316

https://doi.org/10.1145/605432.605429

Published: 01 October 2002 Publication History

Abstract

Mondrian memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier page-based systems, MMP allows arbitrary permissions control at the granularity of individual words. We use a compressed permissions table to reduce space overheads and employ two levels of permissions caching to reduce run-time overheads. The protection tables in our implementation add less than 9% overhead to the memory space used by the application. Accessing the protection tables adds than 8% additional memory references to the accesses made by the application. Although it can be layered on top of demand-paged virtual memory, MMP is also well-suited to embedded systems with a single physical address space. We extend MMP to support segment translation which allows a memory segment to appear at another location in the address space. We use this translation to implement zero-copy networking underneath the standard read system call interface, where packet payload fragments are connected together by the translation system to avoid data copying. This saves 52% of the memory references used by a traditional copying network stack.

References

[1]

Adobe Systems Incorporated. Adobe PDF Plugin, 2002. http://www.adobe.com/.]]

[2]

Apache Software Foundation. mod_perl, 2002. http://perl.apache.org/.]]

[3]

A. W. Appel and K. Li. Virtual memory primitives for user programs. In Proceedings of ASPLOS-IV, April 1991.]]

Digital Library

[4]

ARM Ltd. ARM940T Technical Reference Manual (Rev 2), ARM DDI 0144B 2000.]]

[5]

Burroughs Corporation. The Descriptor--a Definition of the B5000 Information Processing System., 1961. http://www.cs.virginia.edu/brochure/images/manuals/b5000/descrip/descrip.html.]]

[6]

M. Carlisle. Olden: Parallelizing Programs with Dynamic Data Structures on Distributed-Memory Machines. PhD thesis, Princeton University, 1996.]]

Digital Library

[7]

N. P. Carter, S. W. Keckler, and W. J. Dally. Hardware support for fast capability-based addressing. In Proceedings of ASPLOS-VI, pages 319-327, San Jose, California, 1994.]]

Digital Library

[8]

J. Chase. An Operating System Structure for Wide-Address Architectures. PhD thesis, University of Washington, 1995.]]

Digital Library

[9]

H. K. J. Chu. Zero-copy TCP in Solaris. In USENIX Annual Technical Conference, pages 253-264, 1996.]]

Digital Library

[10]

J. B. Dennis and E. C. V. Horn. Programming semantics for multiprogrammed computations. CACM, 9(3):143-155, March 1966.]]

Digital Library

[11]

D. Grunwald and R. Neves. Whole-program optimization for time and space efficient threads. In Proceedings of ASPLOS-VII, Oct 1996.]]

Digital Library

[12]

G. Heiser, K. Elphinstone, J. Vochteloo, S. Russell, and J. Liedtke. The Mungi single-address-space operating system. Software--Practice and Experience, 28(9):901-928, 1998.]]

Digital Library

[13]

M. E. Houdek, F. G. Soltis, and R. L. Hoffman. IBM System/38 support for capability-based addressing. In ISCA, pages 341-348, 1981.]]

Digital Library

[14]

Intel Corporation. Volume 1: Basic architecture, Intel Architecture Software Developer's Manual, Volume 1: Basic Architecture, 1997.]]

[15]

G. Kane and J. Heinrich. MIPS RISC Architecture (R2000/R3000). Prentice Hall, 1992.]]

Digital Library

[16]

E. J. Koldinger, J. S. Chase, and S. J. Eggers. Architectural support for single address space operating systems. In ASPLOS-V, pages 175-186, 1992.]]

Digital Library

[17]

B. Lampson. Protection. In Proc. 5th Princeton Conf. on Information Sciences and Systems, 1971.]]

[18]

H. M. Levy. Capability-Based Computer Systems. Digital Press, Bedford, Massachusetts, 1984.]]

Digital Library

[19]

H. Lieberman and C. Hewitt. A real-time garbage collector based on the lifetimes of objects. In Communications of the ACM 23(6):419-429, 1983.]]

Digital Library

[20]

K. Mackenzie, J. Kubiatowicz, M. Frank, W. Lee, V. Lee, A. Agarwal, and M. F. Kaashoek. Exploiting two-case delivery for fast protected messaging. In HPCA, pages 231-242, 1998.]]

Digital Library

[21]

G. C. Necula. Proof-carrying code. In POPL '97, pages 106-119, Paris, Jan. 1997.]]

Digital Library

[22]

NS Notes and Documentation. http://www.isi.edu/vint/nsnam/, 2000.]]

[23]

V. S. Pai, P. Druschel, and W. Zwaenepoel. IO-Lite: a unified I/O buffering and caching system. ACM Transactions on Computer Systems, 18(1):37-66, 2000.]]

Digital Library

[24]

Rational Software Corporation. Purify, 2002. http://www.rational.com/media/products/pqc/D610_PurifyPlus_unix.pdf.]]

[25]

M. Rinard and et al. The FLEX compiler infrastructure. 1999-2001. http://www.flex-compiler.lcs.mit.edu.]]

[26]

J. Saltzer. Protection and the control of information sharing in Multics. Comm. ACM 17, 7 (July 1974), 388-402, 1974.]]

Digital Library

[27]

D. Scales, K. Gharachorloo, and C. Thekkath. Shasta: A low overhead, software-only approach for supporting finegrain shared memory. In Proceedings of ASPLOS-VII, Oct 1996.]]

Digital Library

[28]

I. Schoinas, B. Falsafi, A. R. Lebeck, S. K. Reinhardt, J. R. Larus, and D. A. Wood. Fine-grain access control for distributed shared memory. In ASPLOS-VI, 1994.]]

Digital Library

[29]

J. S. Shapiro, J. M. Smith, and D. J. Farber. EROS: a fast capability system. In SOSP, pages 170-185, 1999.]]

Digital Library

[30]

T. von Eicken, A. Basu, V. Buch, and W. Vogels. U-net: A user-level network interface for parallel and distributed computing. In Symposium on Operating Systems Principles, pages 303-316, 1995.]]

Digital Library

[31]

T. von Eicken, C.-C. Chang, G. Czajkowski, C. Hawblitzel, D. Hu, and D. Spoonhower. J-kernel: A capability-based operating system for Java. In Secure Internet Programming, pages 369-393, 1999.]]

Digital Library

[32]

D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, pages 3-17, San Diego, CA, February 2000.]]

[33]

R. Wahbe. Efficient data breakpoints. In Proceedings of ASPLOS-V, Oct 1992.]]

Digital Library

[34]

R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review, 27(5):203-216, December 1993.]]

Digital Library

[35]

C. Yarvin, R. Bukowski, and T. Anderson. Anonymous RPC: Low-latency protection in a 64-bit address space. In USENIX Summer, pages 175-186, 1993.]]

[36]

C. B. Zilles. Benchmark health considered harmful. Computer Architecture News, 29(3), 2001.]]

Digital Library

Cited By

Schrammel DUnterguggenberger MLamster LSultana SGrewal KLeMay MDurham DMangard S(2024)Memory Tagging using Cryptographic Integrity on Commodity x86 CPUs2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00024(311-326)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSP60621.2024.00024
Giuliari GRoos DWyss MGarcía-Pardo JLegner MPerrig ACarle GOtt J(2021)ColibriProceedings of the 17th International Conference on emerging Networking EXperiments and Technologies10.1145/3485983.3494871(104-118)Online publication date: 2-Dec-2021
https://dl.acm.org/doi/10.1145/3485983.3494871
Woodruff JJoannou AXia HFox ANorton RChisnall DDavis BGudka KFilardo NMarkettos ARoe MNeumann PWatson RMoore S(2019)CHERI Concentrate: Practical Compressed CapabilitiesIEEE Transactions on Computers10.1109/TC.2019.291403768:10(1455-1469)Online publication date: 1-Oct-2019
https://doi.org/10.1109/TC.2019.2914037
Show More Cited By

Recommendations

Mondrian memory protection
ASPLOS X: Proceedings of the 10th international conference on Architectural support for programming languages and operating systems

Mondrian memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier page-based systems, MMP allows arbitrary permissions control at ...
Mondrian memory protection
Special Issue: Proceedings of the 10th annual conference on Architectural Support for Programming Languages and Operating Systems

Mondrian memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier page-based systems, MMP allows arbitrary permissions control at ...
Mondrian memory protection

Mondrian memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier page-based systems, MMP allows arbitrary permissions control at ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 37, Issue 10

October 2002

296 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/605432

Issue’s Table of Contents

ASPLOS X: Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
October 2002
318 pages
ISBN:1581135742
DOI:10.1145/605397
Conference Chair:
Kourosh Gharachorloo
Compaq Western Research Lab
,
Program Chair:
David A. Wood

Copyright © 2002 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2002

Published in SIGPLAN Volume 37, Issue 10

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

245
Total Citations
View Citations
2,314
Total Downloads

Downloads (Last 12 months)85
Downloads (Last 6 weeks)16

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Schrammel DUnterguggenberger MLamster LSultana SGrewal KLeMay MDurham DMangard S(2024)Memory Tagging using Cryptographic Integrity on Commodity x86 CPUs2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00024(311-326)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSP60621.2024.00024
Giuliari GRoos DWyss MGarcía-Pardo JLegner MPerrig ACarle GOtt J(2021)ColibriProceedings of the 17th International Conference on emerging Networking EXperiments and Technologies10.1145/3485983.3494871(104-118)Online publication date: 2-Dec-2021
https://dl.acm.org/doi/10.1145/3485983.3494871
Woodruff JJoannou AXia HFox ANorton RChisnall DDavis BGudka KFilardo NMarkettos ARoe MNeumann PWatson RMoore S(2019)CHERI Concentrate: Practical Compressed CapabilitiesIEEE Transactions on Computers10.1109/TC.2019.291403768:10(1455-1469)Online publication date: 1-Oct-2019
https://doi.org/10.1109/TC.2019.2914037
Yoon MSalajegheh NChen YChristodorescu M(2016)PIFTACM SIGARCH Computer Architecture News10.1145/2980024.287240344:2(713-725)Online publication date: 25-Mar-2016
https://dl.acm.org/doi/10.1145/2980024.2872403
Yoon MSalajegheh NChen YChristodorescu M(2016)PIFTACM SIGOPS Operating Systems Review10.1145/2954680.287240350:2(713-725)Online publication date: 25-Mar-2016
https://doi.org/10.1145/2954680.2872403
Yoon MSalajegheh NChen YChristodorescu M(2016)PIFTACM SIGPLAN Notices10.1145/2954679.287240351:4(713-725)Online publication date: 25-Mar-2016
https://dl.acm.org/doi/10.1145/2954679.2872403
Mitropoulou KPorpodas VZhang XJones T(2016)LynxProceedings of the 2016 International Conference on Supercomputing10.1145/2925426.2926274(1-12)Online publication date: 1-Jun-2016
https://dl.acm.org/doi/10.1145/2925426.2926274
Yoon MSalajegheh NChen YChristodorescu MConte TZhou Y(2016)PIFTProceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/2872362.2872403(713-725)Online publication date: 25-Mar-2016
https://dl.acm.org/doi/10.1145/2872362.2872403
Song CMoon HAlam MYun ILee BKim TLee WPaek Y(2016)HDFI: Hardware-Assisted Data-Flow Isolation2016 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2016.9(1-17)Online publication date: May-2016
https://doi.org/10.1109/SP.2016.9
Watson RNorton RWoodruff JMoore SNeumann PAnderson JChisnall DDavis BLaurie BRoe MDave NGudka KJoannou AMarkettos AMaste EMurdoch SRothwell CSon SVadera M(2016)Fast Protection-Domain Crossing in the CHERI Capability-System ArchitectureIEEE Micro10.1109/MM.2016.8436:5(38-49)Online publication date: Sep-2016
https://doi.org/10.1109/MM.2016.84
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents