Mondriaan Memory Protection

Emmett Witchel (UT Austin) and Krste Asanovic (The SCALE Group )

The need for flexible, efficient, fine-grained memory protection and sharing has been neglected in modern computing systems. Mondriaan memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier page-based systems, MMP allows arbitrary permissions control at the granularity of individual words. We use a compressed permissions table to reduce space overheads and employ two levels of permissions caching to reduce run-time overheads.

We implement the MMP hardware in a simulator and modify a version of the Linux 2.4.19 operating system to use it. Linux loads its device drivers as kernel module extensions, and MMP enforces the module boundaries, only allowing the device drivers access to the memory they need to function. The memory isolation provided by MMP increases Linux's resistance to programmer error, and exposed two kernel bugs in common, heavily-tested drivers. Experiments with several benchmarks where MMP was used extensively indicate the space taken by the MMP data structures is less than 11% of the memory used by the kernel, and the kernel's runtime, according to a simple performance model, increases less than 12% (relative to an unmodified kernel).

Note: In our first publication we spelled Mondrian with a single "a", whereas in subsequent publications we adopted the Dutch spelling, Mondriaan.

Publications

[1]		Emmett Witchel, Josh Cates, Krste Asanovìc Mondrian Memory Protection, [pdf] ASPLOS '02 (slides ppt pdf)

[2]		Emmett Witchel and Krste Asanovìc, Hardware Works, Software Doesn't: Enforcing Modularity with Mondriaan Memory Protection (PDF paper, PDF slides, PPT slides ) Ninth Workshop on Hot Topics in Operating Systems (HotOS '03) Lihue, Hawaii, May 2003.

[3]		Emmett Witchel Mondriaan Memory Protection [pdf] Ph.D. dissertation, Massachusetts Institute of Technology, January, 2004. Honorable Mention, ACM Doctoral Disseration Award Winner, MIT George M. Sprowls award for outstanding doctoral dissertation from the Department of Electrical Engineering and Computer Science.

[4]		Emmett Witchel, Junghwan Rhee, and Krste Asanovìc Mondrix: Memory Isolation for Linux using Mondriaan Memory Protection [pdf] SOSP '05 (slides ppt pdf)

Funding

We gratefully thank the past and present sponsors of this work, including NSF, DARPA, and Intel.