Paper Info
Title
Dune: safe user-level access to privileged CPU features
Abstract
Dune is a system that provides applications with direct but safe access to hardware features such as ring protection, page tables, and tagged TLBs, while preserving the existing OS interfaces for processes. Dune uses the virtualization hardware in modern processors to provide a process, rather than a machine abstraction. It consists of a small kernel module that initializes virtualization hardware and mediates interactions with the kernel, and a user-level library that helps applications manage privileged hardware features. We present the implementation of Dune for 64- bit x86 Linux. We use Dune to implement three user-level applications that can benefit from access to privileged hardware: a sandbox for untrusted code, a privilege separation facility, and a garbage collector. The use of Dune greatly simplifies the implementation of these applications and provides significant performance advantages.
Year
Venue
Keywords
2012
OSDI
privileged hardware feature,user-level application,virtualization hardware,user-level library,privileged hardware,garbage collector,existing os interface,machine abstraction,safe access,small kernel module,privileged cpu feature,safe user-level access
Field
DocType
Citations 
Virtualization,Kernel (linear algebra),Sandbox (computer security),x86,Privilege separation,Computer science,Page table,Ring protection,Garbage collection,Operating system,Embedded system
Conference
64
PageRank 
References 
Authors
1.73
24
6
Name
Order
Citations
PageRank
Adam Belay12129.81
Andrea Bittau237223.64
Ali José Mashtizadeh326310.79
David Terei41485.54
David Mazières53893396.35
Christos Kozyrakis65817355.99