Paper Info
Title
Dealing with disaster: surviving misbehaved kernel extensions
Abstract
Today's extensible operating systems allow applications to modify kernel behavior by providing mechanisms for application code to run in the kernel address space. The advantage of this approach is that it provides improved application flexibility and performance; the disadvan- tage is that buggy or malicious code can jeopardize the integrity of the kernel. It has been demonstrated that it is feasible to use safe languages, software fault isolation, or virtual memory protection to safeguard the main ker- nel. However, such protection mechanisms do not address the full range of problems, such as resource hoarding, that can arise when application code is intro- duced into the kernel. In this paper, we present an analysis of extension mechanisms in the VINO kernel. VINO uses software fault isolation as its safety mechanism and a lightweight transaction system to cope with resource-hoarding. We explain how these two mechanisms are sufficient to protect against a large class of errant or malicious extensions, and we quantify the overhead that this protection introduces. We find that while the overhead of these techniques is high relative to the cost of the extensions themselves, it is low relative to the benefits that extensibility brings.
Year
DOI
Venue
1996
10.1145/238721.238779
OSDI
Keywords
Field
DocType
misbehaved kernel extension,fault isolation,operating system,virtual memory
Address space,Kernel (linear algebra),Computer science,Virtual memory,Software fault isolation,Real-time computing,Safeguard,Database transaction,Extensibility,Operating system,Disadvantage,Distributed computing
Conference
Volume
Issue
ISSN
30
SI
0163-5980
ISBN
Citations 
PageRank 
1-880446-82-0
156
26.65
References 
Authors
11
4
Search Limit
100156
Name
Order
Citations
PageRank
Margo Seltzer13423623.54
Yasuhiro Endo215626.65
Christopher Small315627.32
Keith A. Smith451765.81