Memory Protection. Philip W. L. Fong. CPSC 525/625 (Winter 2018) Department of Computer Science University of Calgary Calgary, Alberta, Canada
|
|
- Marcus Holt
- 6 years ago
- Views:
Transcription
1 1 / 25 Memory Protection Philip W. L. Fong Department of Computer Science University of Calgary Calgary, Alberta, Canada CPSC 525/625 (Winter 2018)
2 2 / 25 Multiprogramming Memory Fence Remember my Apple computer: single user Multiprogrammed OS multiple users sharing resources processes and threads Processes have different resources, implying controlled access Threads share resources with less access control
3 Enter the Notion of Processes 3 / 25 Before: After:
4 Memory Protection 4 / 25 Preventing memory interference
5 Memory Protection 4 / 25 Preventing memory interference Traditionally implemented by hardware
6 5 / 25 Outline Memory Fence 1 Memory Fence 2 3
7 6 / 25 Outline Memory Fence 1 Memory Fence 2 3
8 7 / 25 Fixed Fence Memory Fence Problem: User code may read/write memory belonging to the OS.
9 7 / 25 Fixed Fence Memory Fence Problem: User code may read/write memory belonging to the OS. Solution: OS code resides in address 0 to n User code resides in address n + 1 onward Memory fault if user code attempts to access address within range 0 n.
10 8 / 25 Fence Register Memory Fence Problem: Fixed address layout, inflexible OS size may change over time.
11 8 / 25 Fence Register Memory Fence Problem: Fixed address layout, inflexible OS size may change over time. Solution: Store end of OS code in a fence register Reject instruction during user mode if addressing OS code in fence
12 Base/Bounds Register 9 / 25 Problem: Only protects kernel from users. What about process against process?
13 Base/Bounds Register 9 / 25 Problem: Only protects kernel from users. What about process against process? Solution: Base register: all addresses in a program is offsetted by the base register address + base
14 Base/Bounds Register 9 / 25 Problem: Only protects kernel from users. What about process against process? Solution: Base register: all addresses in a program is offsetted by the base register address + base Bounds register: all offsetted address is then compared to the bounds register, which delimits the upper bound of a legitimate address for the program address + base < bounds
15 Base/Bounds Register 9 / 25 Problem: Only protects kernel from users. What about process against process? Solution: Base register: all addresses in a program is offsetted by the base register address + base Bounds register: all offsetted address is then compared to the bounds register, which delimits the upper bound of a legitimate address for the program address + base < bounds OS changes the contents of base and bounds registers when context-switching to a different process.
16 10 / 25 Code vs Data Memory Fence Problem: Within a process, still possible to overwrite code.
17 10 / 25 Code vs Data Memory Fence Problem: Within a process, still possible to overwrite code. Solution: Separating the data space and code space: Data base Data bounds Program base Program bounds
18 10 / 25 Code vs Data Memory Fence Problem: Within a process, still possible to overwrite code. Solution: Separating the data space and code space: Data base Data bounds Program base Program bounds Each of data and program space can be loaded separately into different parts of the physical memory space.
19 Tagged Architecture 11 / 25 Problem: Protects only contiguous memory blocks. All-or-nothing protection. What if: mutual suspicion among code units within the same process change of accessibility over time (e.g., writable only during program initialization)
20 Tagged Architecture 11 / 25 Problem: Protects only contiguous memory blocks. All-or-nothing protection. What if: mutual suspicion among code units within the same process change of accessibility over time (e.g., writable only during program initialization) Solution: Tagged Architecture Protecting each memory word separately Each memory word is associated with a tag (a few bits) specifying accessibility (e.g., read-only, read/write, execute-only)
21 Example: Burroughs B / 25 3 tag bits to differentiate data words pointers control words (i.e., stack pointers, etc)
22 13 / 25 Example: BiiN Memory Fence one tag for a block of size 128 or 256 bytes less costly
23 14 / 25 Not Popular Memory Fence While the tagged architecture is very attractive by design, stock OSes (e.g., Windows, MacOS) are designed for conventional architecture (e.g., Intel).
24 15 / 25 Outline Memory Fence 1 Memory Fence 2 3
25 16 / 25 Segmentation Memory Fence Divide a program into many small pieces (segment) a segment may correspond to a procedure or an array Address: segment, offset OS maintains a table (per process) mapping segment id to physical address Need mechanisms to check for access beyond end of a segment
26 General Advantages of Segmentation 17 / 25 1 Segments can be dynamically relocated at run time 2 Segments can be swapped out of physical memory into secondary storage 3 Every memory reference is mediated by the operating system, providing opportunities for protection
27 Security Advantages of Segmentation 18 / 25 Different levels of accessibility for different segments Different users can share a segment, with different access rights Physical addresses cannot be forged
28 19 / 25 Paging Memory Fence Divide program into equal-sized pages
29 19 / 25 Paging Memory Fence Divide program into equal-sized pages Divide physical memory space into equal-sized page frames
30 19 / 25 Paging Memory Fence Divide program into equal-sized pages Divide physical memory space into equal-sized page frames Address: page, offset
31 19 / 25 Paging Memory Fence Divide program into equal-sized pages Divide physical memory space into equal-sized page frames Address: page, offset OS maintains a table (per process) mapping page numbers to frame numbers
32 19 / 25 Paging Memory Fence Divide program into equal-sized pages Divide physical memory space into equal-sized page frames Address: page, offset OS maintains a table (per process) mapping page numbers to frame numbers Since all frames have same size, checking upper bound of offset is straightforward.
33 19 / 25 Paging Memory Fence Divide program into equal-sized pages Divide physical memory space into equal-sized page frames Address: page, offset OS maintains a table (per process) mapping page numbers to frame numbers Since all frames have same size, checking upper bound of offset is straightforward. Coarser grained than segmentation: same accessiblity level within a page
34 Paging + Segmentation 20 / 25 Paging: implementation efficiency Segmentation: logical protection IBM 390 mainframe: paged segmentation
35 21 / 25 Outline Memory Fence 1 Memory Fence 2 3
36 Memory Protection: Hardware Only? 22 / 25 Memory protection can be achieved by software technology.
37 Memory Protection: Hardware Only? 22 / 25 Memory protection can be achieved by software technology. Example: Omniware OmniVM bytecode: RISC architecture Segments Software-based Fault Isolation (SFI) is employed to rewrite unsafe code into safe code, using one of two techniques: Segment matching: guard code is injected before the instruction to check that the referenced segment id matches the allowed segment Sandboxing: the segment id of the target address is dynamically overwritten by the allowed segment id
38 Memory Protection: Hardware Only? 22 / 25 Memory protection can be achieved by software technology. Example: Omniware OmniVM bytecode: RISC architecture Segments Software-based Fault Isolation (SFI) is employed to rewrite unsafe code into safe code, using one of two techniques: Segment matching: guard code is injected before the instruction to check that the referenced segment id matches the allowed segment Sandboxing: the segment id of the target address is dynamically overwritten by the allowed segment id Software-based protection is potentially finer grained: beyond segments
39 Discussion: Protection within a Process 23 / 25 Other than anticipating programming errors, what are security considerations that motivate memory protection (or in general, mutual suspicion) among code units within a process?
40 Discussion: Protection within a Process 23 / 25 Other than anticipating programming errors, what are security considerations that motivate memory protection (or in general, mutual suspicion) among code units within a process? Extensible systems Browser plug-ins (via dynamic loading/linking)
41 Discussion: Protection within a Process 23 / 25 Other than anticipating programming errors, what are security considerations that motivate memory protection (or in general, mutual suspicion) among code units within a process? Extensible systems Browser plug-ins (via dynamic loading/linking) Systems with scripting capabilities Visual Basic in Excel
42 Discussion: Protection within a Process 23 / 25 Other than anticipating programming errors, what are security considerations that motivate memory protection (or in general, mutual suspicion) among code units within a process? Extensible systems Browser plug-ins (via dynamic loading/linking) Systems with scripting capabilities Visual Basic in Excel Mobile code Java applets
43 Discussion: Protection within a Process 23 / 25 Other than anticipating programming errors, what are security considerations that motivate memory protection (or in general, mutual suspicion) among code units within a process? Extensible systems Browser plug-ins (via dynamic loading/linking) Systems with scripting capabilities Visual Basic in Excel Mobile code Java applets Systems that interpret code Database query evaluation (code injection)
44 A Change of World View 24 / 25 The traditional world view: Processes as units of protection.
45 A Change of World View 24 / 25 The traditional world view: Processes as units of protection. With the emergence of dynamic loaded code, scripting, mobile code, and multi-language development, the traditional world view simply is no longer valid.
46 A Change of World View 24 / 25 The traditional world view: Processes as units of protection. With the emergence of dynamic loaded code, scripting, mobile code, and multi-language development, the traditional world view simply is no longer valid. As we shall see, intra-process memory protection is typically achieved by software means.
47 Bibliographic Notes 25 / 25 Most of the materials in these slides are based on Section 5.1 of [Pfleeger et al.]. OmniWare and SFI: Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco, and Robert Wahbe. Efficient and language-independent mobile programs. In Proceedings of ACM SIGPLAN 96 Conference on Programming Language Design and Implementation (PLDI 96), pages , May Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. Efficient software-based fault isolation. In Proceedings of the 14th ACM Symposium on Operating Systems Principles, pages , Asheville, North Carolina, December 1993.
Module 29: Operating System Memory Protection
Module 29: Operating System Memory Protection An operating system is the multiprogramming system allowing multiple users to use concurrently. Operating system is designed in such a way that one user's
More informationEfficient Software Based Fault Isolation. Software Extensibility
Efficient Software Based Fault Isolation Robert Wahbe, Steven Lucco Thomas E. Anderson, Susan L. Graham Software Extensibility Operating Systems Kernel modules Device drivers Unix vnodes Application Software
More informationMulti-level Page Tables & Paging+ segmentation combined
Multi-level Page Tables & Paging+ segmentation combined Basic idea: use two levels of mapping to make tables manageable o Each segment contains one or more pages Segments correspond to logical units: code,
More informationProtection. Thierry Sans
Protection Thierry Sans Protecting Programs How to lower the risk of a program security flaw resulting from a bug? 1. Build better programs 2. Build better operating systems Build Better Programs Why are
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More informationChapter 5B. Large and Fast: Exploiting Memory Hierarchy
Chapter 5B Large and Fast: Exploiting Memory Hierarchy One Transistor Dynamic RAM 1-T DRAM Cell word access transistor V REF TiN top electrode (V REF ) Ta 2 O 5 dielectric bit Storage capacitor (FET gate,
More informationIntroduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu CSCE 4550/5550, Fall 2009 Lecture 17 1 Mid Term Mean = 32.64, Median = 33.53 8 7 6 5 4 3 2 1 0 0-5 5-10 10-15 15-20
More informationVirtual Memory. Daniel Sanchez Computer Science & Artificial Intelligence Lab M.I.T. November 15, MIT Fall 2018 L20-1
Virtual Memory Daniel Sanchez Computer Science & Artificial Intelligence Lab M.I.T. L20-1 Reminder: Operating Systems Goals of OS: Protection and privacy: Processes cannot access each other s data Abstraction:
More informationMemory Hierarchy Requirements. Three Advantages of Virtual Memory
CS61C L12 Virtual (1) CS61CL : Machine Structures Lecture #12 Virtual 2009-08-03 Jeremy Huddleston Review!! Cache design choices: "! Size of cache: speed v. capacity "! size (i.e., cache aspect ratio)
More informationControl Flow Integrity & Software Fault Isolation. David Brumley Carnegie Mellon University
Control Flow Integrity & Software Fault Isolation David Brumley Carnegie Mellon University Our story so far Unauthorized Control Information Tampering http://propercourse.blogspot.com/2010/05/i-believe-in-duct-tape.html
More informationMiSFIT: A Tool for Constructing Safe Extensible C++ Systems
MiSFIT: A Tool for Constructing Safe Extensible C++ Systems Christopher Small and Margo Seltzer Harvard University Abstract The boundary between application and system is becoming increasingly permeable.
More informationSPIN Operating System
SPIN Operating System Motivation: general purpose, UNIX-based operating systems can perform poorly when the applications have resource usage patterns poorly handled by kernel code Why? Current crop of
More informationMondrian Memory Protection
H igh Perfo rman ce S witc hing andr outin g T elecomcent erworksho p:sept4,1 97. Mondrian Memory Protection Presenter: Mohammad Moghimi CSE ept. UCS Most of the slides are taken from: http://groups.csail.mit.edu/cag/scale/papers/mmp-asplos2002-slides.ppt
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationmemory management Vaibhav Bajpai
memory management Vaibhav Bajpai OS 2013 motivation virtualize resources: multiplex CPU multiplex memory (CPU scheduling) (memory management) why manage memory? controlled overlap processes should NOT
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 Reference Monitor Observes execution of the program/process At what level? Possibilities:
More informationCIS Operating Systems Memory Management Cache. Professor Qiang Zeng Fall 2017
CIS 5512 - Operating Systems Memory Management Cache Professor Qiang Zeng Fall 2017 Previous class What is logical address? Who use it? Describes a location in the logical memory address space Compiler
More informationFuture Work. Build applications that use extensions to optimize performance. Interface design.
Future Work Finish building VINO. Networking. Naming. Build applications that use extensions to optimize performance. Interface design. What types of extensions actually get used? Revisit flexibility vs.
More informationVirtual Memory. Daniel Sanchez Computer Science & Artificial Intelligence Lab M.I.T. April 12, 2018 L16-1
Virtual Memory Daniel Sanchez Computer Science & Artificial Intelligence Lab M.I.T. L16-1 Reminder: Operating Systems Goals of OS: Protection and privacy: Processes cannot access each other s data Abstraction:
More informationPaging, and segmentation
Paging, and segmentation Memory Management Subdividing memory to accommodate multiple processes Memory needs to be allocated efficiently to pack as many processes into memory as possible 2 Big Picture
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationSecuring Untrusted Code
Securing Untrusted Code Untrusted Code May be untrustworthy Intended to be benign, but may be full of vulnerabilities These vulnerabilities may be exploited by attackers (or other malicious processes)
More informationOutline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution
Outline V22.0202-001 Computer Systems Organization II (Honors) (Introductory Operating Systems) Lecture 21 Language-Based Protection Security April 29, 2002 Announcements Lab 6 due back on May 6th Final
More information16 Sharing Main Memory Segmentation and Paging
Operating Systems 64 16 Sharing Main Memory Segmentation and Paging Readings for this topic: Anderson/Dahlin Chapter 8 9; Siberschatz/Galvin Chapter 8 9 Simple uniprogramming with a single segment per
More informationMEMORY MANAGEMENT/1 CS 409, FALL 2013
MEMORY MANAGEMENT Requirements: Relocation (to different memory areas) Protection (run time, usually implemented together with relocation) Sharing (and also protection) Logical organization Physical organization
More informationTowards a Resilient Operating System for Wireless Sensor Networks
Towards a Resilient Operating System for Wireless Sensor Networks Hyoseung Kim Hojung Cha Yonsei University, Korea 2006. 6. 1. Hyoseung Kim hskim@cs.yonsei.ac.kr Motivation (1) Problems: Application errors
More information15 Sharing Main Memory Segmentation and Paging
Operating Systems 58 15 Sharing Main Memory Segmentation and Paging Readings for this topic: Anderson/Dahlin Chapter 8 9; Siberschatz/Galvin Chapter 8 9 Simple uniprogramming with a single segment per
More informationCS 491/591: Introduction to Computer Security. Confinement
CS 491/591: Introduction to Computer Security Confinement James Hook (some slides adapted from Bishop) Plan Confinement Problem (Lampson) Isolation Virtual Machines Sandboxes Covert Channels 1 The Confinement
More informationAddresses in the source program are generally symbolic. A compiler will typically bind these symbolic addresses to re-locatable addresses.
1 Memory Management Address Binding The normal procedures is to select one of the processes in the input queue and to load that process into memory. As the process executed, it accesses instructions and
More informationCS252 S05. Main memory management. Memory hardware. The scale of things. Memory hardware (cont.) Bottleneck
Main memory management CMSC 411 Computer Systems Architecture Lecture 16 Memory Hierarchy 3 (Main Memory & Memory) Questions: How big should main memory be? How to handle reads and writes? How to find
More informationVirtual Memory 1. To do. q Segmentation q Paging q A hybrid system
Virtual Memory 1 To do q Segmentation q Paging q A hybrid system Address spaces and multiple processes IBM OS/360 Split memory in n parts (possible!= sizes) A process per partition Program Code Heap Operating
More informationMachine-Independent Virtual Memory Management for Paged June Uniprocessor 1st, 2010and Multiproce 1 / 15
Machine-Independent Virtual Memory Management for Paged Uniprocessor and Multiprocessor Architectures Matthias Lange TU Berlin June 1st, 2010 Machine-Independent Virtual Memory Management for Paged June
More informationIntroduction to Processes in Computer Systems SEEM
Introduction to Processes in Computer Systems SEEM 3460 1 Overview of Processes What is the concept of a process A program in execution The animated spirit of a program The entity that can be assigned
More informationVirtual Memory. Today. Segmentation Paging A good, if common example
Virtual Memory Today Segmentation Paging A good, if common example Virtual memory system Goals Transparency Programs should not know that memory is virtualized; the OS +HW multiplex memory among processes
More informationHY225 Lecture 12: DRAM and Virtual Memory
HY225 Lecture 12: DRAM and irtual Memory Dimitrios S. Nikolopoulos University of Crete and FORTH-ICS May 16, 2011 Dimitrios S. Nikolopoulos Lecture 12: DRAM and irtual Memory 1 / 36 DRAM Fundamentals Random-access
More informationMemory Allocation. Copyright : University of Illinois CS 241 Staff 1
Memory Allocation Copyright : University of Illinois CS 241 Staff 1 Recap: Virtual Addresses A virtual address is a memory address that a process uses to access its own memory Virtual address actual physical
More informationLECTURE 12. Virtual Memory
LECTURE 12 Virtual Memory VIRTUAL MEMORY Just as a cache can provide fast, easy access to recently-used code and data, main memory acts as a cache for magnetic disk. The mechanism by which this is accomplished
More informationChapter 8 Virtual Memory
Chapter 8 Virtual Memory Contents Hardware and control structures Operating system software Unix and Solaris memory management Linux memory management Windows 2000 memory management Characteristics of
More informationRecall: Address Space Map. 13: Memory Management. Let s be reasonable. Processes Address Space. Send it to disk. Freeing up System Memory
Recall: Address Space Map 13: Memory Management Biggest Virtual Address Stack (Space for local variables etc. For each nested procedure call) Sometimes Reserved for OS Stack Pointer Last Modified: 6/21/2004
More informationInteraction of JVM with x86, Sparc and MIPS
Interaction of JVM with x86, Sparc and MIPS Sasikanth Avancha, Dipanjan Chakraborty, Dhiral Gada, Tapan Kamdar {savanc1, dchakr1, dgada1, kamdar}@cs.umbc.edu Department of Computer Science and Electrical
More informationMechanism: Address Translation
14 Mechanism: Address Translation In developing the virtualization of the CPU, we focused on a general mechanism known as limited direct execution (or LDE). The idea behind LDE is simple: for the most
More informationMemory Management. Reading: Silberschatz chapter 9 Reading: Stallings. chapter 7 EEL 358
Memory Management Reading: Silberschatz chapter 9 Reading: Stallings chapter 7 1 Outline Background Issues in Memory Management Logical Vs Physical address, MMU Dynamic Loading Memory Partitioning Placement
More informationPage 1. Goals for Today" Virtualizing Resources" Important Aspects of Memory Multiplexing" CS162 Operating Systems and Systems Programming Lecture 20
Goals for Today" CS162 Operating Systems and Systems Programming Lecture 20 Address Translation" November 7, 2011 Anthony D. Joseph and Ion Stoica http://inst.eecs.berkeley.edu/~cs162 Address Translation
More informationMemory management: outline
Memory management: outline Concepts Swapping Paging o Multi-level paging o TLB & inverted page tables 1 Memory size/requirements are growing 1951: the UNIVAC computer: 1000 72-bit words! 1971: the Cray
More informationMemory management: outline
Memory management: outline Concepts Swapping Paging o Multi-level paging o TLB & inverted page tables 1 Memory size/requirements are growing 1951: the UNIVAC computer: 1000 72-bit words! 1971: the Cray
More informationChapter 8 Virtual Memory
Operating Systems: Internals and Design Principles Chapter 8 Virtual Memory Seventh Edition William Stallings Modified by Rana Forsati for CSE 410 Outline Principle of locality Paging - Effect of page
More informationMemory Management Topics. CS 537 Lecture 11 Memory. Virtualizing Resources
Memory Management Topics CS 537 Lecture Memory Michael Swift Goals of memory management convenient abstraction for programming isolation between processes allocate scarce memory resources between competing
More informationAnother View of the Memory Hierarchy. Lecture #25 Virtual Memory I Memory Hierarchy Requirements. Memory Hierarchy Requirements
CS61C L25 Virtual I (1) inst.eecs.berkeley.edu/~cs61c CS61C : Machine Structures Lecture #25 Virtual I 27-8-7 Scott Beamer, Instructor Another View of the Hierarchy Thus far{ Next: Virtual { Regs Instr.
More informationFall 2017 :: CSE 306. Introduction to. Virtual Memory. Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau)
Introduction to Virtual Memory Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau) Motivating Virtual Memory (Very) old days: Uniprogramming only one process existed at a time OS was little
More informationChapter 7 Memory Management
Operating Systems: Internals and Design Principles Chapter 7 Memory Management Ninth Edition William Stallings Frame Page Segment A fixed-length block of main memory. A fixed-length block of data that
More informationCIS Operating Systems Memory Management Cache and Demand Paging. Professor Qiang Zeng Spring 2018
CIS 3207 - Operating Systems Memory Management Cache and Demand Paging Professor Qiang Zeng Spring 2018 Process switch Upon process switch what is updated in order to assist address translation? Contiguous
More informationELEC 377 Operating Systems. Week 1 Class 2
Operating Systems Week 1 Class 2 Labs vs. Assignments The only work to turn in are the labs. In some of the handouts I refer to the labs as assignments. There are no assignments separate from the labs.
More informationVirtual Memory. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University
Virtual Memory Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu SSE3044: Operating Systems, Fall 2017, Jinkyu Jeong (jinkyu@skku.edu) Virtual Memory:
More informationLightweight Remote Procedure Call. Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat
Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat Outline Introduction RPC refresher Monolithic OS vs. micro-kernel
More informationSeparating Access Control Policy, Enforcement, and Functionality in Extensible Systems. Robert Grimm University of Washington
Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems Robert Grimm University of Washington Extensions Added to running system Interact through low-latency interfaces Form
More informationEmbedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi
Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi Lecture - 13 Virtual memory and memory management unit In the last class, we had discussed
More informationConfinement (Running Untrusted Programs)
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
More informationIntroduction to Operating Systems
Introduction to Operating Systems Lecture 6: Memory Management MING GAO SE@ecnu (for course related communications) mgao@sei.ecnu.edu.cn Apr. 22, 2015 Outline 1 Issues of main memory 2 Main memory management
More informationCPS221 Lecture: Operating System Functions
CPS221 Lecture: Operating System Functions Objectives last revised 6/23/10 1. To overview key hardware concepts 2. To iintroduce the process concept 3. To discuss the various kinds of functionality of
More informationCIS Operating Systems Memory Management Cache. Professor Qiang Zeng Fall 2015
CIS 5512 - Operating Systems Memory Management Cache Professor Qiang Zeng Fall 2015 Previous class What is logical address? Who use it? Describes a location in the logical address space Compiler and CPU
More informationEECS 470. Lecture 16 Virtual Memory. Fall 2018 Jon Beaumont
Lecture 16 Virtual Memory Fall 2018 Jon Beaumont http://www.eecs.umich.edu/courses/eecs470 Slides developed in part by Profs. Austin, Brehob, Falsafi, Hill, Hoe, Lipasti, Shen, Smith, Sohi, Tyson, and
More informationUNIT III MEMORY MANAGEMENT
UNIT III MEMORY MANAGEMENT TOPICS TO BE COVERED 3.1 Memory management 3.2 Contiguous allocation i Partitioned memory allocation ii Fixed & variable partitioning iii Swapping iv Relocation v Protection
More informationThe Virtual Memory Abstraction. Memory Management. Address spaces: Physical and Virtual. Address Translation
The Virtual Memory Abstraction Memory Management Physical Memory Unprotected address space Limited size Shared physical frames Easy to share data Virtual Memory Programs are isolated Arbitrary size All
More informationOperating Systems (2INC0) 2017/18
Operating Systems (2INC0) 2017/18 Memory Management (09) Dr. Courtesy of Dr. I. Radovanovic, Dr. R. Mak (figures from Bic & Shaw) System Architecture and Networking Group Agenda Reminder: OS & resources
More informationLast Class: Deadlocks. Where we are in the course
Last Class: Deadlocks Necessary conditions for deadlock: Mutual exclusion Hold and wait No preemption Circular wait Ways of handling deadlock Deadlock detection and recovery Deadlock prevention Deadlock
More informationMemory Management Part 1. Operating Systems in Depth XX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
Memory Management Part 1 Operating Systems in Depth XX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. The Address-Space Concept Protect processes from one another Protect the OS from user processes
More informationCOS 318: Operating Systems. Virtual Memory and Address Translation
COS 318: Operating Systems Virtual Memory and Address Translation Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Today s Topics
More informationOperating Systems Design Exam 2 Review: Spring 2011
Operating Systems Design Exam 2 Review: Spring 2011 Paul Krzyzanowski pxk@cs.rutgers.edu 1 Question 1 CPU utilization tends to be lower when: a. There are more processes in memory. b. There are fewer processes
More informationMechanism: Address Translation
15 Mechanism: Address Translation In developing the virtualization of the CPU, we focused on a general mechanism known as limited direct execution (or LDE). The idea behind LDE is simple: for the most
More informationCS 5523 Operating Systems: Memory Management (SGG-8)
CS 5523 Operating Systems: Memory Management (SGG-8) Instructor: Dr Tongping Liu Thank Dr Dakai Zhu, Dr Palden Lama, and Dr Tim Richards (UMASS) for providing their slides Outline Simple memory management:
More informationCS 416: Opera-ng Systems Design March 23, 2012
Question 1 Operating Systems Design Exam 2 Review: Spring 2011 Paul Krzyzanowski pxk@cs.rutgers.edu CPU utilization tends to be lower when: a. There are more processes in memory. b. There are fewer processes
More informationRuntime Defenses against Memory Corruption
CS 380S Runtime Defenses against Memory Corruption Vitaly Shmatikov slide 1 Reading Assignment Cowan et al. Buffer overflows: Attacks and defenses for the vulnerability of the decade (DISCEX 2000). Avijit,
More informationMemory management. Knut Omang Ifi/Oracle 10 Oct, 2012
Memory management Knut Omang Ifi/Oracle 1 Oct, 212 (with slides from V. Goebel, C. Griwodz (Ifi/UiO), P. Halvorsen (Ifi/UiO), K. Li (Princeton), A. Tanenbaum (VU Amsterdam), and M. van Steen (VU Amsterdam))
More informationISOLATION DEFENSES GRAD SEC OCT
ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted environment Setting Possibly with multiple tenants OS: users / processes Browser: webpages / browser extensions Cloud:
More informationThe Operating System. Chapter 6
The Operating System Machine Level Chapter 6 1 Contemporary Multilevel Machines A six-level l computer. The support method for each level is indicated below it.2 Operating System Machine a) Operating System
More informationCS6401- Operating System UNIT-III STORAGE MANAGEMENT
UNIT-III STORAGE MANAGEMENT Memory Management: Background In general, to rum a program, it must be brought into memory. Input queue collection of processes on the disk that are waiting to be brought into
More informationLecture 4: Memory Management & The Programming Interface
CS 422/522 Design & Implementation of Operating Systems Lecture 4: Memory Management & The Programming Interface Zhong Shao Dept. of Computer Science Yale University Acknowledgement: some slides are taken
More informationCPE300: Digital System Architecture and Design
CPE300: Digital System Architecture and Design Fall 2011 MW 17:30-18:45 CBC C316 Virtual Memory 11282011 http://www.egr.unlv.edu/~b1morris/cpe300/ 2 Outline Review Cache Virtual Memory Projects 3 Memory
More informationLecture 20: Virtual Memory, Protection and Paging. Multi-Level Caches
S 09 L20-1 18-447 Lecture 20: Virtual Memory, Protection and Paging James C. Hoe Dept of ECE, CMU April 8, 2009 Announcements: Best class ever, next Monday Handouts: H14 HW#4 (on Blackboard), due 4/22/09
More informationUC Berkeley CS61C : Machine Structures
inst.eecs.berkeley.edu/~cs61c UC Berkeley CS61C : Machine Structures Lecture 35 Virtual Memory II 2007-04-16 Lecturer SOE Dan Garcia www.cs.berkeley.edu/~ddgarcia Hardware repair?! This technology allows
More informationComputer Fundamentals : Pradeep K. Sinha& Priti Sinha
Computer Fundamentals Pradeep K. Sinha Priti Sinha Chapter 14 Operating Systems Slide 1/74 Learning Objectives In this chapter you will learn about: Definition and need for operating system Main functions
More informationCS 471 Operating Systems. Yue Cheng. George Mason University Fall 2017
CS 471 Operating Systems Yue Cheng George Mason University Fall 2017 Review: Segmentation 2 Virtual Memory Accesses o Approaches: Static Relocation Dynamic Relocation Base Base-and-Bounds Segmentation
More informationmywbut.com UNIX Operating System
UNIX Operating System 1 Lecture Notes Overview Unlike many operating systems, UNIX is not limited to specific computers using a particular microprocessor as a CPU. Instead, UNIX systems run on all sizes
More informationOperating Systems. Memory Management. Lecture 9 Michael O Boyle
Operating Systems Memory Management Lecture 9 Michael O Boyle 1 Memory Management Background Logical/Virtual Address Space vs Physical Address Space Swapping Contiguous Memory Allocation Segmentation Goals
More informationARMlock: Hardware-based Fault Isolation for ARM
ARMlock: Hardware-based Fault Isolation for ARM Yajin Zhou, Xiaoguang Wang, Yue Chen, and Zhi Wang North Carolina State University Xi an Jiaotong University Florida State University Software is Complicated
More informationReview. Manage memory to disk? Treat as cache. Lecture #26 Virtual Memory II & I/O Intro
CS61C L26 Virtual Memory II (1) inst.eecs.berkeley.edu/~cs61c CS61C : Machine Structures Lecture #26 Virtual Memory II & I/O Intro 2007-8-8 Scott Beamer, Instructor Apple Releases new imac Review Manage
More informationCS Operating Systems
CS 4500 - Operating Systems Module 9: Memory Management - Part 1 Stanley Wileman Department of Computer Science University of Nebraska at Omaha Omaha, NE 68182-0500, USA June 9, 2017 In This Module...
More informationCS Operating Systems
CS 4500 - Operating Systems Module 9: Memory Management - Part 1 Stanley Wileman Department of Computer Science University of Nebraska at Omaha Omaha, NE 68182-0500, USA June 9, 2017 In This Module...
More informationLecture 13: Address Translation
CS 422/522 Design & Implementation of Operating Systems Lecture 13: Translation Zhong Shao Dept. of Computer Science Yale University Acknowledgement: some slides are taken from previous versions of the
More informationLecture Notes for 04/04/06: UNTRUSTED CODE Fatima Zarinni.
Lecture Notes for 04/04/06 UNTRUSTED CODE Fatima Zarinni. Last class we started to talk about the different System Solutions for Stack Overflow. We are going to continue the subject. Stages of Stack Overflow
More informationOperating Systems. 09. Memory Management Part 1. Paul Krzyzanowski. Rutgers University. Spring 2015
Operating Systems 09. Memory Management Part 1 Paul Krzyzanowski Rutgers University Spring 2015 March 9, 2015 2014-2015 Paul Krzyzanowski 1 CPU Access to Memory The CPU reads instructions and reads/write
More informationCOMPUTER SCIENCE 4500 OPERATING SYSTEMS
Last update: 3/28/2017 COMPUTER SCIENCE 4500 OPERATING SYSTEMS 2017 Stanley Wileman Module 9: Memory Management Part 1 In This Module 2! Memory management functions! Types of memory and typical uses! Simple
More informationOS Extensibility: Spin, Exo-kernel and L4
OS Extensibility: Spin, Exo-kernel and L4 Extensibility Problem: How? Add code to OS how to preserve isolation? without killing performance? What abstractions? General principle: mechanisms in OS, policies
More informationComputer System Overview
Computer System Overview Introduction A computer system consists of hardware system programs application programs 2 Operating System Provides a set of services to system users (collection of service programs)
More informationVirtual Memory. CSCI 315 Operating Systems Design Department of Computer Science
Virtual Memory CSCI 315 Operating Systems Design Department of Computer Science Notice: The slides for this lecture have been largely based on those from an earlier edition of the course text Operating
More informationAnnouncement. Exercise #2 will be out today. Due date is next Monday
Announcement Exercise #2 will be out today Due date is next Monday Major OS Developments 2 Evolution of Operating Systems Generations include: Serial Processing Simple Batch Systems Multiprogrammed Batch
More informationCS399 New Beginnings. Jonathan Walpole
CS399 New Beginnings Jonathan Walpole Memory Management Memory Management Memory a linear array of bytes - Holds O.S. and programs (processes) - Each cell (byte) is named by a unique memory address Recall,
More information198:231 Intro to Computer Organization. 198:231 Introduction to Computer Organization Lecture 14
98:23 Intro to Computer Organization Lecture 4 Virtual Memory 98:23 Introduction to Computer Organization Lecture 4 Instructor: Nicole Hynes nicole.hynes@rutgers.edu Credits: Several slides courtesy of
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More information