Efficient kernel support of fine-grained protection domains for mobile code

Masahiko Takahashi; Kenji Kono; Takashi Masuda

Efficient kernel support of fine-grained protection domains for mobile code

Masahiko Takahashi, Kenji Kono, Takashi Masuda

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Mobile code is an emerging paradigm of distributed computing. It roams over a network, is linked with an application, and runs as a part of an application. In the case of web browsers, it is commonplace to download a mobile code, called a plug-in, from a truly open network such as Internet. Owning to the anonymity of an open network, the mobile code may be malicious; thus, it is indispensable to protect local computing resources from attacks by the malicious code. We have developed a kernel that supports fine-grained protection domains that preclude mobile code from making unauthorized accesses to the local resources. The developed scheme provides a novel mechanism, called a multi-protection page table, of virtual memory for creating fine-grained protection domains. The multi-protection page table enables efficient cross-domain calls, whereas it provides protection. Experimental results show that the developed scheme incurs only a 5.9% execution overhead even if cross-domain calls occur 30,000 times per second.

Original language	English
Title of host publication	Proceedings - International Conference on Distributed Computing Systems
Publisher	IEEE
Pages	64-73
Number of pages	10
ISBN (Print)	0769502229
Publication status	Published - 1999 Jan 1
Externally published	Yes
Event	Proceedings of the 1999 19th IEEE International Conference on Distributed Computing Systems (ICDCS'99) - Austin, TX, USA Duration: 1999 May 31 → 1999 Jun 4

Publication series

Name	Proceedings - International Conference on Distributed Computing Systems

Other

Other	Proceedings of the 1999 19th IEEE International Conference on Distributed Computing Systems (ICDCS'99)
City	Austin, TX, USA
Period	99/5/31 → 99/6/4

ASJC Scopus subject areas

Software
Hardware and Architecture
Computer Networks and Communications

Cite this

Efficient kernel support of fine-grained protection domains for mobile code. / Takahashi, Masahiko; Kono, Kenji; Masuda, Takashi.

Proceedings - International Conference on Distributed Computing Systems. IEEE, 1999. p. 64-73 (Proceedings - International Conference on Distributed Computing Systems).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Takahashi, M, Kono, K & Masuda, T 1999, Efficient kernel support of fine-grained protection domains for mobile code. in Proceedings - International Conference on Distributed Computing Systems. Proceedings - International Conference on Distributed Computing Systems, IEEE, pp. 64-73, Proceedings of the 1999 19th IEEE International Conference on Distributed Computing Systems (ICDCS'99), Austin, TX, USA, 99/5/31.

@inproceedings{49fa2f764ad94c849c520d61b2383c14,

title = "Efficient kernel support of fine-grained protection domains for mobile code",

abstract = "Mobile code is an emerging paradigm of distributed computing. It roams over a network, is linked with an application, and runs as a part of an application. In the case of web browsers, it is commonplace to download a mobile code, called a plug-in, from a truly open network such as Internet. Owning to the anonymity of an open network, the mobile code may be malicious; thus, it is indispensable to protect local computing resources from attacks by the malicious code. We have developed a kernel that supports fine-grained protection domains that preclude mobile code from making unauthorized accesses to the local resources. The developed scheme provides a novel mechanism, called a multi-protection page table, of virtual memory for creating fine-grained protection domains. The multi-protection page table enables efficient cross-domain calls, whereas it provides protection. Experimental results show that the developed scheme incurs only a 5.9% execution overhead even if cross-domain calls occur 30,000 times per second.",

author = "Masahiko Takahashi and Kenji Kono and Takashi Masuda",

year = "1999",

month = jan,

day = "1",

language = "English",

isbn = "0769502229",

series = "Proceedings - International Conference on Distributed Computing Systems",

publisher = "IEEE",

pages = "64--73",

booktitle = "Proceedings - International Conference on Distributed Computing Systems",

note = "Proceedings of the 1999 19th IEEE International Conference on Distributed Computing Systems (ICDCS'99) ; Conference date: 31-05-1999 Through 04-06-1999",

}

TY - GEN

T1 - Efficient kernel support of fine-grained protection domains for mobile code

AU - Takahashi, Masahiko

AU - Kono, Kenji

AU - Masuda, Takashi

PY - 1999/1/1

Y1 - 1999/1/1

N2 - Mobile code is an emerging paradigm of distributed computing. It roams over a network, is linked with an application, and runs as a part of an application. In the case of web browsers, it is commonplace to download a mobile code, called a plug-in, from a truly open network such as Internet. Owning to the anonymity of an open network, the mobile code may be malicious; thus, it is indispensable to protect local computing resources from attacks by the malicious code. We have developed a kernel that supports fine-grained protection domains that preclude mobile code from making unauthorized accesses to the local resources. The developed scheme provides a novel mechanism, called a multi-protection page table, of virtual memory for creating fine-grained protection domains. The multi-protection page table enables efficient cross-domain calls, whereas it provides protection. Experimental results show that the developed scheme incurs only a 5.9% execution overhead even if cross-domain calls occur 30,000 times per second.

AB - Mobile code is an emerging paradigm of distributed computing. It roams over a network, is linked with an application, and runs as a part of an application. In the case of web browsers, it is commonplace to download a mobile code, called a plug-in, from a truly open network such as Internet. Owning to the anonymity of an open network, the mobile code may be malicious; thus, it is indispensable to protect local computing resources from attacks by the malicious code. We have developed a kernel that supports fine-grained protection domains that preclude mobile code from making unauthorized accesses to the local resources. The developed scheme provides a novel mechanism, called a multi-protection page table, of virtual memory for creating fine-grained protection domains. The multi-protection page table enables efficient cross-domain calls, whereas it provides protection. Experimental results show that the developed scheme incurs only a 5.9% execution overhead even if cross-domain calls occur 30,000 times per second.

UR - http://www.scopus.com/inward/record.url?scp=0032644930&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0032644930&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:0032644930

SN - 0769502229

T3 - Proceedings - International Conference on Distributed Computing Systems

SP - 64

EP - 73

BT - Proceedings - International Conference on Distributed Computing Systems

PB - IEEE

T2 - Proceedings of the 1999 19th IEEE International Conference on Distributed Computing Systems (ICDCS'99)

Y2 - 31 May 1999 through 4 June 1999

ER -

Efficient kernel support of fine-grained protection domains for mobile code

Abstract

Publication series

Other

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this