TY - GEN
T1 - Efficient kernel support of fine-grained protection domains for mobile code
AU - Takahashi, Masahiko
AU - Kono, Kenji
AU - Masuda, Takashi
PY - 1999/1/1
Y1 - 1999/1/1
N2 - Mobile code is an emerging paradigm of distributed computing. It roams over a network, is linked with an application, and runs as a part of an application. In the case of web browsers, it is commonplace to download a mobile code, called a plug-in, from a truly open network such as Internet. Owning to the anonymity of an open network, the mobile code may be malicious; thus, it is indispensable to protect local computing resources from attacks by the malicious code. We have developed a kernel that supports fine-grained protection domains that preclude mobile code from making unauthorized accesses to the local resources. The developed scheme provides a novel mechanism, called a multi-protection page table, of virtual memory for creating fine-grained protection domains. The multi-protection page table enables efficient cross-domain calls, whereas it provides protection. Experimental results show that the developed scheme incurs only a 5.9% execution overhead even if cross-domain calls occur 30,000 times per second.
AB - Mobile code is an emerging paradigm of distributed computing. It roams over a network, is linked with an application, and runs as a part of an application. In the case of web browsers, it is commonplace to download a mobile code, called a plug-in, from a truly open network such as Internet. Owning to the anonymity of an open network, the mobile code may be malicious; thus, it is indispensable to protect local computing resources from attacks by the malicious code. We have developed a kernel that supports fine-grained protection domains that preclude mobile code from making unauthorized accesses to the local resources. The developed scheme provides a novel mechanism, called a multi-protection page table, of virtual memory for creating fine-grained protection domains. The multi-protection page table enables efficient cross-domain calls, whereas it provides protection. Experimental results show that the developed scheme incurs only a 5.9% execution overhead even if cross-domain calls occur 30,000 times per second.
UR - http://www.scopus.com/inward/record.url?scp=0032644930&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=0032644930&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:0032644930
SN - 0769502229
T3 - Proceedings - International Conference on Distributed Computing Systems
SP - 64
EP - 73
BT - Proceedings - International Conference on Distributed Computing Systems
PB - IEEE
T2 - Proceedings of the 1999 19th IEEE International Conference on Distributed Computing Systems (ICDCS'99)
Y2 - 31 May 1999 through 4 June 1999
ER -