Usenix Association 10th Usenix Symposium on Operating Systems Design and Implementation (osdi '12) 335 Dune: Safe User-level Access to Privileged Cpu Features

Dune is a system that provides applications with direct but safe access to hardware features such as ring protection, page tables, and tagged TLBs, while preserving the existing OS interfaces for processes. Dune uses the virtualization hardware in modern processors to provide a process, rather than a machine abstraction. It consists of a small kernel module that initializes virtualization hardware and mediates interactions with the kernel, and a user-level library that helps applications manage privileged hardware features. We present the implementation of Dune for 64- bit x86 Linux. We use Dune to implement three user-level applications that can benefit from access to privileged hardware: a sandbox for untrusted code, a privilege separation facility, and a garbage collector. The use of Dune greatly simplifies the implementation of these applications and provides significant performance advantages.

[1]  Scott Devine,et al.  Disco: running commodity operating systems on scalable multiprocessors , 1997, TOCS.

[2]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[3]  Tal Garfinkel,et al.  Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools , 2003, NDSS.

[4]  Damian L. Osisek,et al.  ESA/390 Interpretive-Execution Architecture, Foundation for VM/ESA , 1991, IBM Syst. J..

[5]  Samuel T. King,et al.  Trust and Protection in the Illinois Browser Operating System , 2010, OSDI.

[6]  Andrew W. Appel,et al.  Virtual memory primitives for user programs , 1991, ASPLOS IV.

[7]  Dilma Da Silva,et al.  Libra: a library operating system for a jvm in a virtualized execution environment , 2007, VEE '07.

[8]  Jason Nieh,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation , 2022 .

[9]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[10]  Andrea Bittau,et al.  Toward least-privilege isolation for software , 2009 .

[11]  Michael Wolf,et al.  C4: the continuously concurrent compacting collector , 2011, ISMM '11.

[12]  Mike Hibler,et al.  Microkernels meet recursive virtual machines , 1996, OSDI '96.

[13]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[14]  Jaehyuk Huh,et al.  Revisiting hardware-assisted page walks for virtualized systems , 2012, 2012 39th Annual International Symposium on Computer Architecture (ISCA).

[15]  Erez Petrank,et al.  The Compressor: concurrent, incremental, and parallel compaction , 2006, PLDI '06.

[16]  Gernot Heiser,et al.  Hardware-supported virtualization on ARM , 2011, APSys.

[17]  Srilatha Manne,et al.  Accelerating two-dimensional page walks for virtualized systems , 2008, ASPLOS.

[18]  Bennet S. Yee,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[19]  Sandeep K. Gupta,et al.  AVM: application-level virtual memory , 1995, Proceedings 5th Workshop on Hot Topics in Operating Systems (HotOS-V).

[20]  Edward R. Zayas,et al.  Attacking the process migration bottleneck , 1987, SOSP '87.

[21]  Scott Shenker,et al.  Mostly parallel garbage collection , 1991, PLDI '91.

[22]  Jon Howell,et al.  Leveraging Legacy Code to Deploy Desktop Applications on the Web , 2008, OSDI.

[23]  Michael Wolf,et al.  The pauseless GC algorithm , 2005, VEE '05.

[24]  Silas Boyd-Wickizer,et al.  Tolerating Malicious Device Drivers in Linux , 2010, USENIX Annual Technical Conference.

[25]  A. Kivity,et al.  kvm : the Linux Virtual Machine Monitor , 2007 .

[26]  Mark Handley,et al.  Wedge: Splitting Applications into Reduced-Privilege Compartments , 2008, NSDI.

[27]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[28]  Gil Neiger,et al.  Intel virtualization technology , 2005, Computer.

[29]  Robert P. Goldberg,et al.  Architectural Principles for Virtual Computer Systems , 1973 .

[30]  Bryan Ford,et al.  Vx32: Lightweight User-level Sandboxing on the x86 , 2008, USENIX Annual Technical Conference.

[31]  Muli Ben-Yehuda,et al.  The Turtles Project: Design and Implementation of Nested Virtualization , 2010, OSDI.