Safe Execution of User Programs in Kernel Mode Using Typed Assembly Language
نویسندگان
چکیده
In traditional operating systems, user programs suffer from the overhead of system calls because of transitions between the user mode and the kernel mode across their protection boundary. However, this overhead can be eliminated if the user programs can be executed safely inside the kernel mode. We achieve this effect by developing a safe kernel mode execution mechanism using TAL, Typed Assembly Language. TAL is an assembly language which ensures memory safety and control flow safety of machine code through a type system. Memory safety means that a program accesses only memory which the program is permitted to access, while control flow safety means that a program jumps to only valid code which the program is permitted to execute. This memory and control flow safety are verified through a type checker using type annotations attached to machine code by the assembler of TAL. In our approach, user programs are written in TAL and their safety are verified through the type checker of TAL before they are executed in the kernel mode. Thus, user programs can be executed in the kernel mode both safely and efficiently, because their safety is verified before execution and there is little overhead of runtime checks. Moreover, unlike other approaches to safe kernel mode execution—such as the SPIN operating system and PCC (Proof-Carrying Code)—our approach neither depends on a specific high-level programming language and its compiler, nor requires expensive calculation of complex proofs. We implemented a prototype system based on our approach by modifying the Linux Kernel. This prototype system uses original system call functions of the Linux kernel as its interface to user programs, and achieves the same degree of safety (e.g., about access control of files) while eliminating the overhead of system calls only. For the purpose of performance evaluation, a TAL version of the “find” program, which traverses directory trees of a file system, is implemented on our prototype system and found to run 14 % faster in the kernel mode than in the user mode. Also, a TAL version of the “echod” program, which receives data from a client and sends it back to the client, is executed and its latency is improved 4 μs in the kernel mode.
منابع مشابه
Kernel Mode Linux: Toward an Operating System Protected by a Type Theory
Traditional operating systems protect themselves from user programs with a privilege level facility of CPUs. One problem of the protection-by-hardware approach is that system calls become very slow because heavy operations are required to safely switch the privilege levels of user programs. To solve the problem, we design an operating system that protects itself with a type theory. In our appro...
متن کاملResource Bound Certiication
Various code certiication systems allow the certiication and static veriication of important safety properties such as memory and control-ow safety. These systems are valuable tools for verifying that untrusted and potentially malicious code is safe before execution. However, one important safety property that is not usually included is that programs adhere to speciic bounds on resource consump...
متن کاملWriting practical memory management code with a strictly typed assembly language (Extended Version)
Memory management (e.g., malloc/free) cannot be implemented in traditional strictly typed programming languages because they do not allow programmers to reuse memory regions, in order to preserve memory safety. Therefore, they depend on external memory management facilities, such as garbage collection. Thus, many important programs that require explicit memory management (e.g., operating system...
متن کاملBranch Behavior of Java Runtime Systems and its Microarchitectural Implications
Java programs are becoming increasingly prevalent on numerous platforms ranging from embedded systems to high-end servers. Dynamic translation (interpretation and compilation), frequent calls to native interface libraries or operating system kernel services and abundant usage of virtual methods by Java programs can complicate the intrinsic predictability of the control flows that can be exploit...
متن کاملSharing in Typed Module Assembly Language
There is a growing need to provide low-overhead software-based protection mechanisms to protect against malicious or untrusted code. Type-based approaches such as proof-carrying code and typed assembly language provide this protection by relying on untrusted compilers to certify the safety properties of machine language programs. Typed Module Assembly Language (TMAL) is an extension of typed as...
متن کامل