Sciweavers

EUROSYS
2007
ACM

Sealing OS processes to improve dependability and safety

14 years 9 months ago
Sealing OS processes to improve dependability and safety
In most modern operating systems, a process is a -protected abstraction for isolating code and data. This protection, however, is selective. Many common mechanisms—dynamic code loading, run-time code generation, shared memory, and intrusive system APIs— make the barrier between processes very permeable. This paper argues that this traditional open process architecture exacerbates the dependability and security weaknesses of modern systems. As a remedy, this paper proposes a sealed process architecture, which prohibits dynamic code loading, selfmodifying code, shared memory, and limits the scope of the process API. This paper describes the implementation of the sealed process architecture in the Singularity operating system, discusses its merits and drawbacks, and evaluates its effectiveness. Some benefits of this sealed process architecture are: improved program analysis by tools, stronger security and safety guarantees, elimination of redundant overlaps between the OS and languag...
Galen C. Hunt, Mark Aiken, Manuel Fähndrich,
Added 10 Mar 2010
Updated 10 Mar 2010
Type Conference
Year 2007
Where EUROSYS
Authors Galen C. Hunt, Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Orion Hodson, James R. Larus, Steven Levi, Bjarne Steensgaard, David Tarditi, Ted Wobber
Comments (0)