Faculty Advisor
Tzi-cker Chiueh

Grant
$21,000 on 12/1/98

Intra-Address Space Protection Using Segmentation Hardware
Although a number of approaches have been proposed to provide intra-address space protection, such as software fault isolation, extensions written in type-safe language or interpreter language and proof-carrying code, there is no clear winner that addresses all the following issues: flexibility in specifying extensions, run-time performance overhead, and practical usability. One commonality among all the above approaches is the use of software-only techniques to create protection domains within an address space, based on the assumption that hardware-based protection mechanisms are only applicable to inter-address space protection. In contrast, this work proposed an intra-address space protection mechanism using the segmentation check hardware in the Intel x86 architecture that is efficient in terms of its run-time overhead, allows maximum flexibility in programming extensions, and does not add any extra complexity to the deployment of extensions. Although the proposed mechanism is geared towards a particular processor architecture, the fact that the architecture in question dominates more than 90% of the world's desktop market computer market ensures that it have wide applicability and thus large impact.

Current Status as of 02/99 
The first prototype of the proposed intra-address-space protection mechanism is operational, and we are currently working on applying this mechanism to build a safe and fast execution engine for CGI scripts.

Website:
https://www.ecsl.cs.sunysb.edu/extension.html