Efficient kernel support of fine-grained protection domains for mobile code

Masahiko Takahashi, Kenji Kono, Takashi Masuda

Research output: Chapter in Book/Report/Conference proceedingChapter

19 Citations (Scopus)

Abstract

Mobile code is an emerging paradigm of distributed computing. It roams over a network, is linked with an application, and runs as a part of an application. In the case of web browsers, it is commonplace to download a mobile code, called a plug-in, from a truly open network such as Internet. Owning to the anonymity of an open network, the mobile code may be malicious; thus, it is indispensable to protect local computing resources from attacks by the malicious code. We have developed a kernel that supports fine-grained protection domains that preclude mobile code from making unauthorized accesses to the local resources. The developed scheme provides a novel mechanism, called a multi-protection page table, of virtual memory for creating fine-grained protection domains. The multi-protection page table enables efficient cross-domain calls, whereas it provides protection. Experimental results show that the developed scheme incurs only a 5.9% execution overhead even if cross-domain calls occur 30,000 times per second.

Original languageEnglish
Title of host publicationProceedings - International Conference on Distributed Computing Systems
PublisherIEEE
Pages64-73
Number of pages10
ISBN (Print)0769502229
Publication statusPublished - 1999
Externally publishedYes
EventProceedings of the 1999 19th IEEE International Conference on Distributed Computing Systems (ICDCS'99) - Austin, TX, USA
Duration: 1999 May 311999 Jun 4

Other

OtherProceedings of the 1999 19th IEEE International Conference on Distributed Computing Systems (ICDCS'99)
CityAustin, TX, USA
Period99/5/3199/6/4

Fingerprint

Web browsers
Distributed computer systems
Internet
Data storage equipment

ASJC Scopus subject areas

  • Hardware and Architecture

Cite this

Takahashi, M., Kono, K., & Masuda, T. (1999). Efficient kernel support of fine-grained protection domains for mobile code. In Proceedings - International Conference on Distributed Computing Systems (pp. 64-73). IEEE.

Efficient kernel support of fine-grained protection domains for mobile code. / Takahashi, Masahiko; Kono, Kenji; Masuda, Takashi.

Proceedings - International Conference on Distributed Computing Systems. IEEE, 1999. p. 64-73.

Research output: Chapter in Book/Report/Conference proceedingChapter

Takahashi, M, Kono, K & Masuda, T 1999, Efficient kernel support of fine-grained protection domains for mobile code. in Proceedings - International Conference on Distributed Computing Systems. IEEE, pp. 64-73, Proceedings of the 1999 19th IEEE International Conference on Distributed Computing Systems (ICDCS'99), Austin, TX, USA, 99/5/31.
Takahashi M, Kono K, Masuda T. Efficient kernel support of fine-grained protection domains for mobile code. In Proceedings - International Conference on Distributed Computing Systems. IEEE. 1999. p. 64-73
Takahashi, Masahiko ; Kono, Kenji ; Masuda, Takashi. / Efficient kernel support of fine-grained protection domains for mobile code. Proceedings - International Conference on Distributed Computing Systems. IEEE, 1999. pp. 64-73
@inbook{49fa2f764ad94c849c520d61b2383c14,
title = "Efficient kernel support of fine-grained protection domains for mobile code",
abstract = "Mobile code is an emerging paradigm of distributed computing. It roams over a network, is linked with an application, and runs as a part of an application. In the case of web browsers, it is commonplace to download a mobile code, called a plug-in, from a truly open network such as Internet. Owning to the anonymity of an open network, the mobile code may be malicious; thus, it is indispensable to protect local computing resources from attacks by the malicious code. We have developed a kernel that supports fine-grained protection domains that preclude mobile code from making unauthorized accesses to the local resources. The developed scheme provides a novel mechanism, called a multi-protection page table, of virtual memory for creating fine-grained protection domains. The multi-protection page table enables efficient cross-domain calls, whereas it provides protection. Experimental results show that the developed scheme incurs only a 5.9{\%} execution overhead even if cross-domain calls occur 30,000 times per second.",
author = "Masahiko Takahashi and Kenji Kono and Takashi Masuda",
year = "1999",
language = "English",
isbn = "0769502229",
pages = "64--73",
booktitle = "Proceedings - International Conference on Distributed Computing Systems",
publisher = "IEEE",

}

TY - CHAP

T1 - Efficient kernel support of fine-grained protection domains for mobile code

AU - Takahashi, Masahiko

AU - Kono, Kenji

AU - Masuda, Takashi

PY - 1999

Y1 - 1999

N2 - Mobile code is an emerging paradigm of distributed computing. It roams over a network, is linked with an application, and runs as a part of an application. In the case of web browsers, it is commonplace to download a mobile code, called a plug-in, from a truly open network such as Internet. Owning to the anonymity of an open network, the mobile code may be malicious; thus, it is indispensable to protect local computing resources from attacks by the malicious code. We have developed a kernel that supports fine-grained protection domains that preclude mobile code from making unauthorized accesses to the local resources. The developed scheme provides a novel mechanism, called a multi-protection page table, of virtual memory for creating fine-grained protection domains. The multi-protection page table enables efficient cross-domain calls, whereas it provides protection. Experimental results show that the developed scheme incurs only a 5.9% execution overhead even if cross-domain calls occur 30,000 times per second.

AB - Mobile code is an emerging paradigm of distributed computing. It roams over a network, is linked with an application, and runs as a part of an application. In the case of web browsers, it is commonplace to download a mobile code, called a plug-in, from a truly open network such as Internet. Owning to the anonymity of an open network, the mobile code may be malicious; thus, it is indispensable to protect local computing resources from attacks by the malicious code. We have developed a kernel that supports fine-grained protection domains that preclude mobile code from making unauthorized accesses to the local resources. The developed scheme provides a novel mechanism, called a multi-protection page table, of virtual memory for creating fine-grained protection domains. The multi-protection page table enables efficient cross-domain calls, whereas it provides protection. Experimental results show that the developed scheme incurs only a 5.9% execution overhead even if cross-domain calls occur 30,000 times per second.

UR - http://www.scopus.com/inward/record.url?scp=0032644930&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0032644930&partnerID=8YFLogxK

M3 - Chapter

AN - SCOPUS:0032644930

SN - 0769502229

SP - 64

EP - 73

BT - Proceedings - International Conference on Distributed Computing Systems

PB - IEEE

ER -