Efficient kernel support of fine-grained protection domains for mobile code

Mobile code is an emerging paradigm of distributed computing. It roams over a network, is linked with an application, and runs as a part of an application. In the case of Web browsers, it is commonplace to download a mobile code, called a plug-in, from a truly open network such as the Internet. Owing to the anonymity of an open network, the mobile code may be malicious; thus, it is important to protect local computing resources from attacks by malicious code. We have developed a kernel that supports fine-grained protection domains that preclude mobile code from making unauthorized accesses to the local resources. The developed scheme provides a novel mechanism, called a multi-protection page table, of virtual memory for creating fine-grained protection domains. The multi-protection page table enables efficient cross-domain calls, whereas it provides protection. Experimental results show that the developed scheme incurs only a 5.9% execution overhead even if cross domain calls occur 30000 times per second.

[1]  Jochen Liedtke,et al.  On micro-kernel construction , 1995, SOSP.

[2]  Tommy Thorne,et al.  Programming languages for mobile code , 1997, CSUR.

[3]  Takashi Masuda,et al.  Smart remote procedure calls: transparent treatment of remote pointers , 1994, 14th International Conference on Distributed Computing Systems.

[4]  Munindar P. Singh,et al.  Agents on the Web: Mobile Agents , 1997, IEEE Internet Comput..

[5]  Luca Cardelli,et al.  A language with distributed scope , 1995, POPL '95.

[6]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[7]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[8]  James G. Mitchell,et al.  Subcontract: a flexible base for distributed programming , 1994, SOSP '93.

[9]  James A. Gosling,et al.  The java language environment: a white paper , 1995 .

[10]  J. Liedtke On -Kernel Construction , 1995 .

[11]  Trent Jaeger,et al.  Achieved IPC Performance , 1997 .

[12]  Jack B. Dennis,et al.  Virtual memory, processes, and sharing in Multics , 1967, SOSP 1967.

[13]  Robert Wahbe,et al.  Efficient and language-independent mobile programs , 1996, PLDI '96.

[14]  R. Bukowski,et al.  Anonymous RPC: Low-Latency Protection in a 64-Bit Address Space , 1993, USENIX Summer.

[15]  Peter J. Denning Virtual Memory , 1996, ACM Comput. Surv..

[16]  Trent Jaeger,et al.  Achieved IPC performance (still the foundation for extensibility) , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[17]  Richard L. Sites,et al.  Alpha AXP architecture reference manual , 1995 .

[18]  Dan S. Wallach,et al.  Extensible security architectures for Java , 1997, SOSP.

[19]  Brian N. Bershad,et al.  Lightweight remote procedure call , 1990 .

[20]  Ali-Reza Adl-Tabatabai,et al.  Fast, effective code generation in a just-in-time Java compiler , 1998, PLDI.

[21]  Graham Hamilton,et al.  The Spring Nucleus: A Microkernel for Objects , 1993 .

[22]  Kazuhiko Kato,et al.  Integrating Remote Procedure Calls with Virtual Memory Management for Cooperative Autonomous Systems , 1998 .

[23]  Tommy Thorn,et al.  Programming languages for mobile code , 1997 .

[24]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[25]  Danny B. Lange,et al.  Programming and Deploying Java¿ Mobile Agents with Aglets¿ , 1998 .

[26]  Takashi Masuda,et al.  An Implementation Method of Migratable Distributed Objects Using an RPC Technique Integrated with Virtual Memory Management , 1996, ECOOP.