Conference Paper

Sentry: A Binary-Level Interposition Mechanism for Trusted Kernel Extension

Korea University, Korea
DOI: 10.1109/CIT.2006.165 Conference: Computer and Information Technology, 2006. CIT '06. The Sixth IEEE International Conference on
Source: IEEE Xplore

ABSTRACT Several commodity operating systems have used kernel extensions to extend or replace their functionalities. Generally, since the kernel extensions are executed in the same address space with the kernel, a mere fault in the extensions may lead the whole system to be corrupted. So naturally, studies on the kernel extension are mainly proposed with the goal of isolating extension faults from the system. However, previous schemes require the static analysis of the extension module and the modification of kernel source code. The goal of this paper is to remove such overhead stages. This paper proposes Sentry; a lightweight kernel subsystem that provides dependable execution environment for the kernel extensions. We show the efficiency of Sentry through practical implementation on Linux.

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: One way to provide fault isolation among cooperating software modules is to place each in its own address space. However, for tightly-coupled modules, this solution incurs prohibitive context switch overhead. In this paper, we present a software approach to implementing fault isolation within a single address space. Our approach has two parts. First, we load the code and data for a distrusted module into its own fault domain, a logically separate portion of the application's address space. Second, we modify the object code of a distrusted module to prevent it from writing or jumping to an address outside its fault domain. Both these software operations are portable and programming language independent. Our approach poses a tradeoff relative to hardware fault isolation: substantially faster communication between fault domains, at a cost of slightly increased execution time for distrusted modules. We demonstrate that for frequently communicating modules, implementing fault isolation in ...
    ACM SIGOPS Operating Systems Review 02/2000;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: From a software-technology point of view, the µ-kernel concept is superior to large integrated kernels. On the other hand, it is widely believed that (a) µ-kernel based systems are inherently inefficient and (b) they are not sufficiently flexible. Contradictory to this belief, we show and support by documentary evidence that inefficiency and inflexibility of current µ-kernels is not inherited from the basic idea but mostly from overloading the kernel and/or from improper implementation. Based on functional reasons, we describe some concepts which must be implemented by a µ-kernel and illustrate their flexibility. Then, we analyze the performance critical points. We show what performance is achievable, that the efficiency is sufficient with respect to macro-kernels and why some published contradictory measurements are not evident. Furthermore, we describe some implementation techniques and illustrate why µ-kernels are inherently not portable, although they improve portability of the whole system.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Mach is a multiprocessor operating system kernel and environment under development at Carnegie Mellon University. Mach provides a new foundation for UNIX development that spans networks of uniprocessors and multiprocessors. This paper describes Mach and the motivations that led to its design. Also described are some of the details of its implemen- tation and current status.

Full-text (2 Sources)

Available from
Jul 17, 2014