A communication mechanism for resource isolation

Sharing resources between multiple untrusted clients requires a shared service that provides access to the resources upon client requests. But executing these requests needs other resources, like memory or CPU time, which must be carefully allocated. In this paper, we investigate a communication mechanism that allows access to shared services without changing existing allocation decisions. This is achieved by systematically using the new resource lending principle, that allows a service to use the resources of its clients to perform the request. We present an easily understandable design model for this communication mechanism named the thread lending model, that completely avoids any allocation by the service, and demonstrate its implementation in our prototype OS Anaxagoros. We finally investigate the consequences of using this model on the structure and implementation of the shared services.

[1]  William A. Wulf,et al.  Policy/mechanism separation in Hydra , 1975, SOSP.

[2]  Jonathan S. Shapiro Vulnerabilities in synchronous IPC designs , 2003, 2003 Symposium on Security and Privacy, 2003..

[3]  Trent Jaeger,et al.  Preventing denial-of-service attacks on a /spl mu/-kernel for WebOSes , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[4]  Jochen Liedtke,et al.  Improving IPC by kernel design , 1994, SOSP '93.

[5]  Jonathan S. Shapiro,et al.  USENIX Association Proceedings of the General Track : 2004 USENIX Annual Technical Conference , 2004 .

[6]  Hermann Härtig,et al.  Fast component interaction for real-time systems , 2005, 17th Euromicro Conference on Real-Time Systems (ECRTS'05).

[7]  Jonathan M. Smith,et al.  Eros: a capability system , 1999 .

[8]  Stefan Savage,et al.  Processor Capacity Reserves for Multimedia Operating Systems , 1993 .

[9]  Jonathan M. Smith,et al.  The measured performance of a fast local IPC , 1996, Proceedings of the Fifth International Workshop on Object-Orientation in Operation Systems.

[10]  Andreas Haeberlen,et al.  User-Level Management of Kernel Memory , 2003, Asia-Pacific Computer Systems Architecture Conference.

[11]  Bryan Ford,et al.  CPU inheritance scheduling , 1996, OSDI '96.

[12]  Graham Hamilton,et al.  The Spring Nucleus: A Microkernel for Objects , 1993 .

[13]  Kevin Elphinstone,et al.  Kernel design for isolation and assurance of physical memory , 2008, IIES '08.

[14]  Timothy Roscoe,et al.  The structure of a multi-service operating system , 1995 .

[15]  B. Lampson,et al.  Protection 1 , 2022 .

[16]  Michael B. Jones,et al.  CPU reservations and time constraints: efficient, predictable scheduling of independent activities , 1997, SOSP.

[17]  Norman Feske,et al.  A Nitpicker’s guide to a minimal-complexity secure GUI , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[18]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.