Deconstructing process isolation

14 years 5 days ago
Deconstructing process isolation
Most operating systems enforce process isolation through hardware protection mechanisms such as memory segmentation, page mapping, and differentiated user and kernel instructions. Singularity is a new operating system that uses software mechanisms to enforce process isolation. A software isolated process (SIP) is a process whose boundaries are established by language safety rules and enforced by static type checking. SIPs provide a low cost isolation mechanism that provides failure isolation and fast inter-process communication. To compare the performance of Singularity’s SIPs against traditional isolation techniques, we implemented an optional hardware isolation mechanism. Protection domains are hardware-enforced address spaces, which can contain one or more SIPs. Domains can either run at the kernel’s privilege level or be fully isolated from the kernel and run at the normal application privilege level. With protection domains, we can construct Singularity configurations that ar...
Mark Aiken, Manuel Fähndrich, Chris Hawblitze
Added 13 Jun 2010
Updated 13 Jun 2010
Type Conference
Year 2006
Authors Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Galen C. Hunt, James R. Larus
Comments (0)