2002 Mondrian

References:

  • E. Witchel, J. Cates, and K. Asanovi´c. Mondrian memory protection. In Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 304–316, Oct 2002.

MMP: Mondrian memory protection.

In constrast to earlier page-based systems, MMP allows arbitrary permissions control at granularity of individual words.

  • a compressed permissions table to reduce space overheads
  • employ two levels of permissions caching to reduce run-time overheads

Evaluation: zero-copy networking underneath the standard read system call interface, where packet payload fragements are connected together by the translation system to avoid data copying.

  • Saves 52% of the memory references used by a traditional copying network stack.

Motivation

Figure 1: A visual depiction of multiple memory protection domains within a single shared address space

More

Created Jun 2, 2022 // Last Updated Jun 2, 2022

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?