The reliability, safety, and security of today's applications depend on controlled data accesses and updates during execution. For instance, many emerging applications are composed of multiple software modules. To protect these modules from each other within a single address space, inter-module operations need to be carefully monitored and controlled. Additionally, the reliability of online systems can benefit from live checking of memory access errors such as buffer overflows, memory leaks, and accesses to uninitialized data. Similarly, memory access monitoring can support information flow mtracking in a complex system for enhanced security.
Available mechanisms in today's processors are tied to support for virtual memory, making implementation of access control both heavy weight and coarse grained. The proposed research will design and utilize new light-weight memory access control mechanisms that are independent of and subordinate to existing system memory protection. At the hardware level, this approach minimizes impact on the processor core by placing the access control mechanisms outside the common critical path. At the operating system level, the required support is largely outside of the kernel memory management functions, incurring overhead only when exercised. Such auxiliary mechanisms are more amenable to practical deployment, yet they are capable of supporting fine-grained and flexible memory protection. In conjunction with these hardware/software mechanisms, the research will devise a new protection model that can be manipulated either at user or privileged level based on an application's requirements. The flexible, efficient memory monitoring framework developed will enable debugging tools that can help detect memory access errors such as out-of-bound accesses, and help enforce data security or privacy policies in live systems. The proposed work will target a wide variety of applications and utilizations with a view to validating the goal of improved programmer productivity.
Modern computing systems increasingly work in a multitasking environment with high levels of concurrency. The reliability, safety, and security of today's applications depend on controlled data access and updates during execution. This project has developed new technologies at the hardware / software intersection to improve the reliability, security, and efficiency of future computer systems. The developed technologies will influence the principle of hardware-assisted memory protection. They will also affect the principled use of hardware statistics in adaptive software system management. Specifically, we have developed value-based tainting to support memory access monitoring and information flow tracking in a complex system like operating systems. This technique can enhance security as well as enable the analysis of memory error susceptibility in a complex system environment. We have also designed and implemented a set of techniques to develop hardware performance counter-based models and enable adaptive system management. A particular example is the development of the power containers facility that performs fine-grained resource accounting and isolates power viruses in multi-core systems. Research and experimentation efforts in this project have enabled students at both the graduate and undergraduate level to gain knowledge and experience in advanced development at the hardware / software interface. To date, the project has helped produce three Ph.D. students. Experience from the research conducted as part of this grant has been used to inform instruction on protection issues. Students participating in the projects have received training in the design of memory systems and the metadata used to manage them.
