| 
|
QuoteRef: chiuTC3_1999
Topic:
computer architecture
Topic:
operating system security
Group:
memory management
Topic:
memory management by paging
Topic:
extensible systems
Topic:
interrupts
Topic:
managing shared memory
Topic:
heap memory management
Reference
Chiueh, T.-C., Venkitachalam, G., Pradhan, P., "Intra-address space protection using segmentation hardware", Proceedings of the Seventh Workshop on Hot Topics in Operating Systems, Rio Rico, Arizona, USA, March 1999, IEEE Computer Society, pp. 110-115. Google
111 ;;Quote: Intel x86 provides segment protection levels and page protection levels
111 ;;Quote: efficient intra-address space protection by combining segmentation and paging hardware
111 ;;Quote: protect the kernel from extension modules by loading each module into a less privileged segment within kernel space
111 ;;Quote: on Intel architectures, an interrupt gate allows user processes to call kernel services
112 ;;Quote: extension modules can access the kernel through a specialized system-call interface; but normally, extensions should be self-contained
112 ;;Quote: the kernel and extension modules share a read-write memory region for non-sensitive data; e.g., packet headers
112 ;;Quote: use page protection to provide access to shared libraries from user-level extensions; data/function pointers stay the same; applications control which pages are accessible
113 ;;Quote: use 'ret' to call a less-privileged extension, and 'call' to return from the extension
113 ;;Quote: 10x cost for hardware-based extensions vs. 40x cost for kernel-process call-return; also, avoids TLB misses
114 ;;Quote: hardware-based extensions need pooled memory allocation
Topic: computer architecture (46 items)
Topic: operating system security (18 items)
Group: memory management (11 topics, 367 quotes)
Topic: memory management by paging (23 items)
Topic: extensible systems (22 items)
Topic: interrupts (25 items)
Topic: managing shared memory (74 items)
Topic: heap memory management (33 items)