Kernel (computing) - Kernel Design Decisions - Issues of Kernel Support For Protection - Hardware-based Protection or Language-based Protection

Hardware-based Protection or Language-based Protection

Typical computer systems today use hardware-enforced rules about what programs are allowed to access what data. The processor monitors the execution and stops a program that violates a rule (e.g., a user process that is about to read or write to kernel memory, and so on). In systems that lack support for capabilities, processes are isolated from each other by using separate address spaces. Calls from user processes into the kernel are regulated by requiring them to use one of the above-described system call methods.

An alternative approach is to use language-based protection. In a language-based protection system, the kernel will only allow code to execute that has been produced by a trusted language compiler. The language may then be designed such that it is impossible for the programmer to instruct it to do something that will violate a security requirement.

Advantages of this approach include:

  • No need for separate address spaces. Switching between address spaces is a slow operation that causes a great deal of overhead, and a lot of optimization work is currently performed in order to prevent unnecessary switches in current operating systems. Switching is completely unnecessary in a language-based protection system, as all code can safely operate in the same address space.
  • Flexibility. Any protection scheme that can be designed to be expressed via a programming language can be implemented using this method. Changes to the protection scheme (e.g. from a hierarchical system to a capability-based one) do not require new hardware.

Disadvantages include:

  • Longer application start up time. Applications must be verified when they are started to ensure they have been compiled by the correct compiler, or may need recompiling either from source code or from bytecode.
  • Inflexible type systems. On traditional systems, applications frequently perform operations that are not type safe. Such operations cannot be permitted in a language-based protection system, which means that applications may need to be rewritten and may, in some cases, lose performance.

Examples of systems with language-based protection include JX and Microsoft's Singularity.

Read more about this topic:  Kernel (computing), Kernel Design Decisions, Issues of Kernel Support For Protection

Famous quotes containing the word protection:

    Without infringing on the liberty we so much boast, might we not ask our professional Mayor to call upon the smokers, have them register their names in each ward, and then appoint certain thoroughfares in the city for their use, that those who feel no need of this envelopment of curling vapor, to insure protection may be relieved from a nuisance as disgusting to the olfactories as it is prejudicial to the lungs.
    Harriot K. Hunt (1805–1875)