skip to main content
10.1145/1178597.1178599acmconferencesArticle/Chapter ViewAbstractPublication PagesmspConference Proceedingsconference-collections
Article

Deconstructing process isolation

Published: 22 October 2006 Publication History

Abstract

Most operating systems enforce process isolation through hardware protection mechanisms such as memory segmentation, page mapping, and differentiated user and kernel instructions. Singularity is a new operating system that uses software mechanisms to enforce process isolation. A software isolated process (SIP) is a process whose boundaries are established by language safety rules and enforced by static type checking. SIPs provide a low cost isolation mechanism that provides failure isolation and fast inter-process communication.To compare the performance of Singularity's SIPs against traditional isolation techniques, we implemented an optional hardware isolation mechanism. Protection domains are hardware-enforced address spaces, which can contain one or more SIPs. Domains can either run at the kernel's privilege level or be fully isolated from the kernel and run at the normal application privilege level. With protection domains, we can construct Singularity configurations that are similar to micro-kernel and monolithic kernel systems. We found that hardware-based isolation incurs non-trivial performance costs (up to 25--33%) and complicates system implementation. Software isolation has less than 5% overhead on these benchmarks.The lower run-time cost of SIPs makes their use feasible at a finer granularity than conventional processes. However, hardware isolation remains valuable as a defense-in-depth against potential failures in software isolation mechanisms. Singularity's ability to employ hardware isolation selectively enables careful balancing of the costs and benefits of each isolation technique.

References

[1]
Accetta, M., Baron, R., Bolosky, W., Golub, D., Rashid, R., Tevanian, A. and Young, M. A New Kernel Foundation for UNIX Development. in Summer USENIX Conference, Atlanta, GA, 1986, 93--112.]]
[2]
Allen, D. H., Dhong, S. H., Hofstee, H. P., Leenstra, J., Nowka, K. J., Stasiak, D. L. and Wendel, D. F. Custom Circuit Design as a Driver of Microprocessor Performance. IBM Journal of Research and Development, 44 (6), 2000.]]
[3]
Anderson, T. E., Levy, H. M., Bershad, B. N. and Lazowska, E. D. The Interaction of Architecture and Operating System Design Proceedings of the Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, Santa Clara, CA, 1991, 108--120.]]
[4]
Appel, A. A. and Li, K. Virtual Memory Primitives for User Programs Proceedings of the Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, Santa Clara, CA, 1991, 96--107.]]
[5]
Back, G., Hsieh, W. C. and Lepreau, J. Processes in KaffeOS: Isolation, Resource Management, and Sharing in Java Proceedings of the 4th USENIX Symposium on Operating Systems Design & Implementation (OSDI), San Diego, CA, 2000.]]
[6]
Bala, K., Kaashoek, M. F. and Weihl, W. E. Software Prefetching and Caching for Translation Lookaside Buffers Proceedings of the First Symposium on Operating Systems Design and Implementation (OSDI), 1994, 243--253.]]
[7]
Bershad, B. N., Chambers, C., Eggers, S., Maeda, C., McNamee, D., Pardyak, P., Savage, S. and Sirer, E. G. SPIN: An Extensible Microkernel for Application-specific Operating System Services Proceedings of the 6th ACM SIGOPS European Workshop, Wadern, Germany, 1994, 68--71.]]
[8]
Bershad, B. N., Savage, S., Pardyak, P., Sirer, E. G., Fiuczynski, M., Becker, D., Eggers, S. and Chambers, C. Extensibility, Safety and Performance in the SPIN Operating System Proceedings of the Fifteenth ACM Symposium on Operating System Principles, Copper Mountain Resort, CO, 1995, 267--284.]]
[9]
Chen, J. and Tardit, D. A Simple Typed Intermediate Language for Object-oriented Languages Proceedings of the 32nd ACM SIGPLANSIGACT Symposium on Principles of Programming Languages (POPL 05), Long Beach, CA, 2005, 38--49.]]
[10]
Chen, J. B., Borg, A. and Jouppi, N. P. A Simulation Based Study of TLB Performance Proceedings of the 19th Annual International Symposium on Computer Architecture (ISCA '92), Queensland, Australia, 1992, 114--123.]]
[11]
Doom, L. v. A Secure Java#8482; Virtual Machine Proceedings of the 9th USENIX Security Symposium, Denver, CO, 2000, 19--34.]]
[12]
Dorward, S., Pike, R., Presotto, D. L., Ritchie, D. M., Trickey, H. and Winterbottom, P. The Inferno Operating System. Bell Labs Technical Journal, 2 (1), 1997, 5--18.]]
[13]
Engler, D. R., Kaashoek, M. F. and O'Toole, J., Jr. Exokeerel: an Operating System Architecture for Application-Level Resource Management Proceedings of the Fifteenth ACM Symposium on Operating System Principles, Copper Mountain Resort, CO, 1995, 251--266.]]
[14]
Erlingsson, Ú. and MacCormick, J., Ad hoc Extensibility and Access Control. Report MSR-TR-2005-143, Microsoft Research, 2005.]]
[15]
Fähndrich, M., Aiken, M., Hawblitzel, C., Hodson, O., Hunt, G, Larus, J. R. and Levi, S. Language Support for Fast and Reliable Message Based Communication in Singularity OS. in To appear: EuroSys2006, Leuven, Belgium, 2005.]]
[16]
Fitzgerald, R., Knoblock, T. B., Ruf, E., Steensgaard, B. and Tarditi, D. Marmot: an Optimizing Compiler for Java. Software-Practice and Experience, 30 (3), 2000, 199--232.]]
[17]
Fitzgerald, R. and Tarditi, D. The Case for Profile-directed Selection of Garbage Collectors Proceedings of the 2nd International Symposium on Memory Management (ISMM '00), Minneapolis, MN, 2000, 111--120.]]
[18]
Flatt, M. and Findler, R. B. Kill-safe Synchronization Abstractions Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation (PLDI 04), Washington, DC, 2004, 47--58.]]
[19]
Glew, N. and Morrisett, G. Type-safe Linking and Modular Assembly Language Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Antonio, TX, 1999, 250--261.]]
[20]
Goldberg, A. and Robson, D. Smalltalk-80: The Language and Its Implementation. Addison-Wesley, 1983.]]
[21]
Golm, M., Felser, M., Wawersich, C. and Kleinoeder, J. The JX Operating System Proceedings of the USENIX 2002 Annual Conference, Monterey, CA, 2002, 45--58.]]
[22]
Govindavajhala, S. and Appel, A. W. Using Memory Errors to Attack a Virtual Machine Proceedings of the 2003 Symposium on Security and Privacy, Oakland, CA, 2003, 154--165.]]
[23]
Härtig, H., Hohmuth, M., Liedtke, J. and Schönberg, S. The Performance of μ-kernel-based Systems Proceedings of the Sixteenth ACM Symposium on Operating Systems Principles (SOSP '97), Saint Malo, France, 1997, 66--77.]]
[24]
Hawblitzel, C., Chang, C.-C., Czajkowski, G., Hu, D. and Eicken, T. v. Implementing Multiple Protection Domains in Java Proceedings of the 1998 USENIX Annual Technical Conference, New Orleans, LA, 1998, 259--270.]]
[25]
Hawblitzel, C. and Eicken, T. v. Luna: A Flexible Java Protection System Proceedings of the Fifth ACM Symposium on Operating System Design and Implementation (OSDI '02), Boston, MA, 2002, 391--402.]]
[26]
Huck, J. and Hays, J. Architectural Support for Translation Table Management in Large Address Space Machines Proceedings of the 20th Annual International Symposium on Computer Architecture (ISCA '93), San Diego, CA, 1993, 29--50.]]
[27]
Hunt, G., Larus, J., Abadi, M., Aiken, M., Barham, P., Fähndrich, M., Hawblitzel, C., Hodson, O., Levi, S., Murphy, N., Steensgaard, B., Tarditi, D., Wobber, T. and Zill, B., An Overview of the Singularity Project. Report MSR-TR-2005-135, Microsoft Research, 2005.]]
[28]
Jacob, B. and Mudge, T. Virtual Memory in Contemporary Microprocessors. IEEE Micro, 18 (4), 1998, 60--75.]]
[29]
Jacob, B. L. and Mudge, T. N. A Look at Several Memory Management Units, TLB-refill Mechanisms, and Page Table Organizations Proceedings of the Eighth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'98), San Jose, CA, 1998, 295--306.]]
[30]
Kongetira, P., Aingaran, K. and Olukotun, K. Niagara: A 32-Way Multithreaded Sparc Processor. IEEE Micro, 25 (2), 2005, 21--29.]]
[31]
Morrisett, G., Walker, D., Crary, K. and Glew, N. From System F to Typed Assembly Language. ACM Transactions on Programming Languages and Systems, 21 (3), 1999, 527--568.]]
[32]
Mukherjee, S. S., Weaver, C. T., Emer, J., Reinhardt, S. K. and Austin, T. Measuring Architectural Vulnerability Factors. IEEE Micro, 23 (6), 2003, 70--75.]]
[33]
Process, J. C. Application Isolation API Specification Java Specification Request, 2003, JSR-000121.]]
[34]
Rajamani, S. K. and Rehof, J. Conformance Checking for Models of Asynchronous Message Passing Software Proceedings of the International Conference on Computer Aided Verification (CAV 02), Springer, Copenhagen, Denmark, 2002, 166--179.]]
[35]
Redell, D. D., Dalal, Y. K., Horsley, T. R., Lauer, H. C., Lynch, W. C., McJones, P. R., Murray, H. G. and Purcell, S. C. Pilot: An Operating System for a Personal Computer. Communications of the ACM, 23 (2), 1980, 81--92.]]
[36]
Rosenblum, M., Bugnion, E., Herrod, S. A., Witchel, E. and Gupta, A. The Impact of Architectural Trends on Operating System Performance Proceedings of the Fifteenth ACM Symposium on Operating System Principles, Copper Mountain Resort, CO, 1995, 285--298.]]
[37]
Seltzer, M. I., Endo, Y., Small, C. and Smith, K. A. Dealing with Disaster: Surviving Misbehaved Kernel Extensions Proceedings of the Second USENIX Symposium on Operating Systems Design and Implementation (OSDI 96), Seattle, WA, 1996, 213--227.]]
[38]
Swift, M. M., Bershad, B. N. and Levy, H. M. Improving the Reliability of Commodity Operating Systems Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP '03), Bolton Landing, NY, 2003, 207--222.]]
[39]
Swinehart, D. C., Zellweger, P. T., Beach, R. J. and Hagmann, R. B. A Structural View of the Cedar Programming Environment. ACM Transactions on Programming Languages and Systems, 8 (4), 1986, 419--490.]]
[40]
Talluri, M. and Hill, M. D. Surpassing the TLB Performance of Superpages with Less Operating System Support Proceedings of the Sixth International Conference on Architectural Support for Programming Languages and Operating Systems, San Jose, CA, 1994, 171--182.]]
[41]
Uhlig, R., Nagle, D., Stanley, T., Mudge, T., Sechrest, S. and Brown, R. Design Tradeoffs for Software-Managed TLBs. ACM Transactions on Computer Systems, 12 (3), 1994, 175--205.]]
[42]
Wahbe, R., Lucco, S., Anderson, T. E. and Graham, S. L. Efficient Software-Based Fault Isolation Proceedings of the Fourteenth ACM Symposium on Operating System Principles, Asheville, NC, 1993, 203--216.]]
[43]
Wang, D. C. and Appel, A. W. Type-preserving Garbage Collectors Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (PLDI '02), Berlin, Germany, 2002, 166--178.]]
[44]
Weinreb, D. and Moon, D. Lisp Machine Manuel. Symbolics, Inc, Cambridge, MA, 1981.]]
[45]
Witchel, E., Cates, J. and Asanovic', K. Mondrian Memory Protection Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems, San Jose, CA, 2002, 304--316.]]
[46]
Wood, D. A., Eggers, S. J., Gibson, G., Hill, M. D., Pendleton, J., Ritchie, S. A., Katz, R. H. and Patterson, D. A. An In-Cache Address Translation Mechanism Proceedings of the Thirteenth Annual International Symposium on Computer Architecture, Tokyo, Japan, 1986, 158--166.]]

Cited By

View all
  • (2023)JinnProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620627(6965-6982)Online publication date: 9-Aug-2023
  • (2023)Friend or Foe Inside? Exploring In-Process Isolation to Maintain Memory Safety for Unsafe Rust2023 IEEE Secure Development Conference (SecDev)10.1109/SecDev56634.2023.00020(54-66)Online publication date: 18-Oct-2023
  • (2022)CARAT CAKE: replacing paging via compiler/kernel cooperationProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507771(98-114)Online publication date: 28-Feb-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
MSPC '06: Proceedings of the 2006 workshop on Memory system performance and correctness
October 2006
114 pages
ISBN:1595935789
DOI:10.1145/1178597
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 October 2006

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. hardware isolated process (HIP)
  2. hardware protection domain
  3. singularity
  4. software isolated process (SIP)

Qualifiers

  • Article

Conference

MSPC '06
Sponsor:

Acceptance Rates

Overall Acceptance Rate 6 of 20 submissions, 30%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)46
  • Downloads (Last 6 weeks)3
Reflects downloads up to 13 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)JinnProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620627(6965-6982)Online publication date: 9-Aug-2023
  • (2023)Friend or Foe Inside? Exploring In-Process Isolation to Maintain Memory Safety for Unsafe Rust2023 IEEE Secure Development Conference (SecDev)10.1109/SecDev56634.2023.00020(54-66)Online publication date: 18-Oct-2023
  • (2022)CARAT CAKE: replacing paging via compiler/kernel cooperationProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507771(98-114)Online publication date: 28-Feb-2022
  • (2022)Isolation without taxation: near-zero-cost transitions for WebAssembly and SFIProceedings of the ACM on Programming Languages10.1145/34986886:POPL(1-30)Online publication date: 12-Jan-2022
  • (2022)Object Detection Based On Multi-Process2022 IEEE International Conference on Networking, Sensing and Control (ICNSC)10.1109/ICNSC55942.2022.10004179(1-5)Online publication date: 15-Dec-2022
  • (2021)AnyCallProceedings of the 11th Workshop on Programming Languages and Operating Systems10.1145/3477113.3487267(1-8)Online publication date: 25-Oct-2021
  • (2021)Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege ReductionProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484535(1821-1838)Online publication date: 12-Nov-2021
  • (2020)TheseusProceedings of the 14th USENIX Conference on Operating Systems Design and Implementation10.5555/3488766.3488767(1-19)Online publication date: 4-Nov-2020
  • (2020)The Five Strands of Living LabACM Transactions on Computer-Human Interaction10.1145/338095827:2(1-26)Online publication date: 11-Mar-2020
  • (2020)Automated Model-Based Optimization of Data-Adaptable Embedded SystemsACM Transactions on Embedded Computing Systems10.1145/337214219:1(1-22)Online publication date: 6-Feb-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media