Files in this item



application/pdfMatthew_Johnson.pdf (4MB)
(no description provided)PDF


Title:Flexible memory protection for multicore processors
Author(s):Johnson, Matthew
Advisor(s):Patel, Sanjay J.
Department / Program:Electrical & Computer Eng
Discipline:Electrical & Computer Engr
Degree Granting Institution:University of Illinois at Urbana-Champaign
Processor Architecture
Memory Systems
Memory Protection
Data Structures
Virtual Memory
Abstract:A system’s memory access control mechanisms profoundly impact the performance, reliability, security, and composability of the software it runs. Desirable features of an access control mechanism include: the ability to grant arbitrary permissions on any region of memory to any thread in the system; zero-copy sharing between threads with no restrictions on the set of sharers, region granularity, or sharing of pointer-based data structures; time and space overheads dependent only on the fundamental complexity of the access control being requested; and well-defined, hierarchical memory region ownership and permission semantics. The virtual-memory-based access control used in most modern systems, as well as recently proposed enhancements, fall short along one or more of these dimensions. We introduce Lumen, an access control scheme providing security, fault isolation, and efficient shared memory to any number of threads within a single address space. Lumen uses a new concurrent interval skip list (ISL) to scalably maintain and query a set of memory region descriptors containing permissions information. We describe a permissions and ownership system for memory regions that allows safe delegation of privileges between protection domains for sandboxing and software reusability purposes. We describe the LumenCache, which caches region permissions to avoid most ISL lookups. We discuss applications of Lumen in debugging, security, and reliability, and extensions to use Lumen for prefetching, profiling, and user-facing memory management features. Lumen offers scalable, flexible memory access control and the ability to trade off security, system reliability, and performance in a way not possible with existing solutions.
Issue Date:2013-05-24
Rights Information:Copyright 2013 Matthew R. Johnson
Date Available in IDEALS:2013-05-24
Date Deposited:2013-05

This item appears in the following Collection(s)

Item Statistics