City Research Online - A New Protection Model for Component-Based

A New Protection Model for Component-Based

Law, G. (2001). A New Protection Model for Component-Based. (Unpublished Doctoral thesis, City, University of London)

Abstract

Protected operating systems multiplex programs onto resources such that they are isolated from one another — that is, concurrently executing programs cannot interfere with each other. A layer of software known as the kernel provides this protection to the software layers above it. Untrusted, ‘user’ programs are prevented from controlling the protection hardware because they are executed when the processor is in user mode — a mode of reduced privilege. In user mode, instructions that can be used to circumvent protection are unavailable; the processor’s instruction-set is reduced.

This thesis introduces a new operating system protection mechanism termed SISR — Software-based Instruction Set Reduction (pronounced scissor). Here, all software (including the kernel) executes in the same processor mode, while both language independence and protection are maintained. Untrusted (that is, ‘user level’) code is prevented from issuing privileged instructions not by reducing the processor’s instruction set, but by scanning code prior to its loading; any code found to contain privileged instructions is not loaded. Memory protection is provided through segmentation. SISR leads to improved architectures (that is, simpler and more modular), and improves performance significantly. Its low overheads make fine-grained protection practical, making it especially well-suited to component-based operating systems.

A prototype system has been built for x86-based PCs as a ‘proof-of-concept’. Significant improvements in architectures have been delivered. Tasks that have previously been inextricably linked (such as interrupt handling and CPU scheduling) have been separated into distinct components. Experiments have demonstrated significant improvements in performance, compared even to the leanest research operating systems.

Publication Type:	Thesis (Doctoral)
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments:	School of Science & Technology > Computer Science School of Science & Technology > School of Science & Technology Doctoral Theses Doctoral Theses

[thumbnail of Law thesis 2001 PDF-A.pdf]

Preview

Text - Accepted Version
Download (5MB) | Preview

Export

Downloads

Downloads per month over past year

View more statistics

Metadata

Altmetric

CORE (COnnecting REpositories)

Actions (login required)

Admin Login

Creators:	Law, G.
Status:	Unpublished
URI:	https://openaccess.city.ac.uk/id/eprint/30836
Date available in CRO:	29 Jun 2023 15:50
Date deposited:	29 June 2023
Dates:	Date Event 11 October 2001 Completed