Extending Mondrian Memory Protection

Most modern operating systems implement some sort of memory protection scheme for user processes. These schemes make it is possible to set access permissions that determine whether a region of memory allocated for a process can be read, written, or executed by this process. Mondrian memory protection is a technique that extends the traditional memory protection scheme and allows fine-grain permission settings. Instead of being able to set access permissions on a page-level, Mondrian memory protection supports different access permissions for individual words. However, this protection scheme is still limited to only two permission bits that have a predefined semantics. This is not sufficient to implement more complex security techniques, for example, a race condition detection system. In this paper, we propose an extension to the simple Mondrian protection scheme that provides more flexibility to user programs and the operating system. Based on our extended architecture, we implement mechanisms to protect sensitive data structures on the heap and on the stack. Moreover, we present the implementation of a technique to detect race conditions and suggest further areas of application. Our experiments demonstrate that the system can provide the expected protection and ability to detect races with reasonable overheads. Furthermore, our results show that even large systems such as the GNU C library and the Apache web server contain problems related to race conditions. RTO-MP-IST-091 101 Extending Mondrian Memory Protection