Abstract
The need for programs to execute subcomponents in isolation from each other or with lower privileges is prevalent among today's systems. We introduce ribbons: a shared memory programming model that allows for more implicit sharing of memory than processes but is more restrictive than threads. Ribbons structure the heap into protection domains. Privileges between these protection domains are carefully controlled in order to confine computation. We propose RibbonJ, a backwards-compatible extension of Java, to easily create or port programs to use the ribbons model. We study the progress and isolation properties of a subset of the language. Building on JikesRVM we implement ribbons by leveraging existing memory protection mechanisms in modern hardware and operating systems, avoiding the overhead of inline security checks and read or write barriers. We evaluate efficiency via microbenchmarks and the DaCapo suite, observing minor overhead. Additionally, we refactor Apache Tomcat to use ribbons for application isolation, discuss the refactoring's design and complexity, and evaluate performance using the SPECweb2009 benchmark.
- M. Aiken, F. Fahndrich, C. Hawblitzel, G. Hunt, and J. Larus. Deconstructing Process Isolation. In MSPC'06, pages 1--10, 2006. Google Scholar
Digital Library
- B. Alpern, S. Augart, S. M. Blackburn, M. Butrico, A. Cocchi, P. Cheng, J. Dolby, S. Fink, D. Grove, M. Hind, K. S. McKinley, M. Mergen, J. E. B. Moss, T. Ngo, and V. Sarkar. The Jikes Research Virtual Machine Project: Building an Open-source Research Community. IBM Systems Journal, 44(2):399--417, 2005. Google Scholar
Digital Library
- C. Andreae, Y. Coady, C. Gibbs, J. Noble, J. Vitek, and T. Zhao. Scoped Types and Aspects for Real-Time Java. In ECOOP'06, pages 124--147, 2006. Google Scholar
Digital Library
- B. N. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. E. Fiuczynski, D. Becker, C. Chambers, and S. Eggers. Extensibility Safety and Performance in the SPIN Operating System. SIGOPS OSR, 29(5):267--283, 1995. Google Scholar
Digital Library
- S. M. Blackburn, R. Garner, C. Hoffmann, A. M. Khang, K. S. McKinley, R. Bentzur, A. Diwan, D. Feinberg, D. Frampton, S. Z. Guyer, M. Hirzel, A. Hosking, M. Jump, H. Lee, J. E. B. Moss, B. Moss, A. Phansalkar, D. Stefanović, T. VanDrunen, D. von Dincklage, and B. Wiedermann. The DaCapo Benchmarks: Java Benchmarking Development and Analysis. In OOPSLA'06, pages 169--190, 2006. Google Scholar
Digital Library
- C. Boyapati, R. Lee, and M. C. Rinard. Ownership Types for Safe Programming: Preventing Data Races and Deadlocks. In OOPSLA'02, pages 211--230, 2002. Google Scholar
Digital Library
- C. Boyapati, A. Salcianu, W. S. Beebee, and M. C. Rinard. Ownership Types for Safe Region-based Memory Management in Real-time Java. In PLDI'03, pages 324--337, 2003. Google Scholar
Digital Library
- J. S. Chase, H. M. Levy, M. J. Feeley, and E. D. Lazowska. Sharing and Protection in a Single-address-space Operating System. ACM TOCS, 12(4):271--307, 1994. Google Scholar
Digital Library
- S. Chen, D. Ross, and Y.-M. Wang. An Analysis of Browser Domain-isolation Bugs and a Light-weight Transparent Defense Mechanism. In CCS'07, pages 2--11, 2007. Google Scholar
Digital Library
- Y. Chiba. Heap Protection for Java Virtual Machines. In PPPJ'06, pages 103--112, 2006. Google Scholar
Digital Library
- T. Chiueh, G. Venkitachalam, and P. Pradhan. Integrating Segmentation and Paging Protection for Safe, Efficient and Transparent Software Extensions. In SOSP'99, pages 140--153, 1999. Google Scholar
Digital Library
- D. G. Clarke, J. Potter, and J. Noble. Ownership Types for Flexible Alias Protection. In OOPSLA'98, pages 48--64, 1998. Google Scholar
Digital Library
- E. Cohen and D. Jefferson. Protection in the Hydra Operating System. In SOSP'75, pages 141--160, 1975. Google Scholar
Digital Library
- G. Czajkowski, L. Daynès, and B. Titzer. A Multi-user Virtual Machine. In USENIX ATC'03, pages 7--7, 2003. Google Scholar
Digital Library
- P. Dasgupta, J. Richard J. LeBlanc, M. Ahamad, and U. Ramachandran. The Clouds Distributed Operating System. IEEE Computer, 24(11):34--44, 1991. Google Scholar
Digital Library
- D. Dean, E. W. Felten, and D. S. Wallach. Java Security: from HotJava to Netscape and Beyond. In SP'96, pages 190--200, 1996. Google Scholar
Digital Library
- A. Dearle and D. Hulse. Operating System Support for Persistent Systems: Past, Present and Future. Software--Practice & Experience, 30(4):295--324, 2000. Google Scholar
Digital Library
- J. Devietti, C. Blundell, M. Martin, and S. Zdancewic. Hardbound: Architectural Support for Spatial Safety of the C Programming Language. In ASPLOS'08, pages 103--114, 2008. Google Scholar
Digital Library
- T. Ekman and G. Hedin. The JastAdd Extensible Java Compiler. In OOPSLA'07, pages 1--18, 2007. Google Scholar
Digital Library
- U. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. Necula. XFI: Software Guards for System Address Spaces. In OSDI'06, pages 6--6, 2006. Google Scholar
Digital Library
- M. Flatt and R. Findler. Kill-safe Synchronization Abstractions. In PLDI'04, pages 47--58, 2004. Google Scholar
Digital Library
- M. Flatt, S. Krishnamurthi, and M. Felleisen. Classes and Mixins. In POPL'98, pages 171--183, 1998. Google Scholar
Digital Library
- D. Grossman, J. G. Morrisett, T. Jim, M. W. Hicks, Y. Wang, and J. Cheney. Region-Based Memory Management in Cyclone. In PLDI'02, 2002. Google Scholar
Digital Library
- J. J. Heiss. The Multi-Tasking Virtual Machine: Building a Highly Scalable JVM. Java Developers Forum, March 2005.Google Scholar
- K. Hoffman. http://kevinjhoffman.com/ribbons/, 2011.Google Scholar
- A. Igarashi, B. C. Pierce, and P. Wadler. Featherweight Java: a Minimal Core Calculus for Java and GJ. ACM TOPLAS, 23(3):396--450, 2001. Google Scholar
Digital Library
- F. Qin, S. Lu, and Y. Zhou. SafeMem: Exploiting ECC-Memory for Detecting Memory Leaks and Memory Corruption During Production Runs. In HPCA'05, pages 291--302, 2005. Google Scholar
Digital Library
- S. Rajunas, N. Hardy, A. Bomberger, W. Frantz, and C. Landau. Security In KeyKOS. In SP'86, 0:78, 1986.Google Scholar
- M. Rinard, C. Cadar, D. Dumitran, D. Roy, T. Leu, and W. B. Jr. Enhancing Server Availability and Security Through Failure-Oblivious Computing. In OSDI'04, pages 21--21, 2004. Google Scholar
Digital Library
- J. Rosenberg. The MONADS Architecture: A Layered View. In POS'90, pages 215--225, 1990.Google Scholar
- R. Shetty, M. Kharbutli, Y. Solihin, and M. Prvulovic. HeapMon: A Helper-thread Approach to Programmable, Automatic, and Low-overhead Memory Bug Detection. IBM Journal of Research and Development, 50(2/3), 2006. Google Scholar
Digital Library
- W. Shi, J. Fryman, G. Gu, H.-H. Lee, Y. Zhang, and J. Yang. InfoShield: a Security Architecture for Protecting Information Usage in Memory. In HPCA'06, pages 222--231, 2006.Google Scholar
- M. Swift, B. Bershad, and H. Levy. Improving the Reliability of Commodity Operating Systems. ACM TOCS, 23(1):77--110, 2005. Google Scholar
Digital Library
- M. Takahashi, K. Kono, and T. Masuda. Efficient Kernel Support of Fine-Grained Protection Domains for Mobile Code. In ICDCS'99, page 64, 1999. Google Scholar
Digital Library
- M. Tofte and L. Birkedal. A Region Inference Algorithm. ACM TOPLAS, 20(4):724--767, 1998. Google Scholar
Digital Library
- G. Venkataramani, B. Roemer, Y. Solihin, and M. Prvulovic. MemTracker: Efficient and Programmable Support for Memory Access Monitoring and Debugging. In HPCA'07, pages 273--284, 2007. Google Scholar
Digital Library
- R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient Software-based Fault Isolation. SIGOPS OSR, 27(5):203--216, 1993. Google Scholar
Digital Library
- A. Wiggins, S. Winwood, H. Tuch, and G. Heiser. Legba: Fast Hardware Support for Fine-Grained Protection. In ACSAC'03, pages 320--336, 2003.Google Scholar
- E. Witchel, J. Rhee, and K. Asanovic. Mondrix: Memory Isolation for Linux Using Mondriaan Memory Protection. In SOSP'05, pages 31--44, 2005. Google Scholar
Digital Library
- K. Zhang, T. Zhang, and S. Pande. Memory Protection through Dynamic Access Control. In MICRO'06, pages 123--134, 2006. Google Scholar
Digital Library
Index Terms
Ribbons: a partially shared memory programming model
Recommendations
Ribbons: a partially shared memory programming model
OOPSLA '11: Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applicationsThe need for programs to execute subcomponents in isolation from each other or with lower privileges is prevalent among today's systems. We introduce ribbons: a shared memory programming model that allows for more implicit sharing of memory than ...
The Collie: a wait-free compacting collector
ISMM '12We describe the Collie collector, a fully concurrent compacting collector that uses transactional memory techniques to achieve wait-free compaction. The collector uses compaction as the primary means of reclaiming unused memory, and performs "individual ...
The Collie: a wait-free compacting collector
ISMM '12: Proceedings of the 2012 international symposium on Memory ManagementWe describe the Collie collector, a fully concurrent compacting collector that uses transactional memory techniques to achieve wait-free compaction. The collector uses compaction as the primary means of reclaiming unused memory, and performs "individual ...







Comments