Journal of KIISE:Computer Systems and Theory (한국정보과학회논문지:시스템및이론)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Design and Implementation of Kernel Resource Management Scheme

커널 자원 관리 기법 설계 및 구현

  • Published : 2009.06.15
Download PDF
⟨ Previous Next ⟩

Abstract

Module is an object file that can be loaded into operating system dynamically and has complete privileged access to all resources in kernel. Therefore trivial misuses in a module may cause critical system halts or deadlock situations. In this paper, we propose Kernel Resource Protector(KRP) scheme to reduce the various problems caused by module. KRP provides protections of a variety of kernel resources such as memory, major number and work queue resource. We implement the scheme onto linux kernel 2.6.18, and experimental results show that our scheme can protect kernel resources effectively.

모듈은 동적으로 커널에 적재 가능한 오브젝트 파일로써 적재된 이후에는 커널의 권한으로 모든 자원에 대해 완벽한 접근 권한을 가진다. 따라서 잘못 작성된 모듈이나 혹은 정상적으로 작성된 모듈이라 할지라도 운영체제의 상황에 따라 비정상 수행되는 경우 시스템 전체의 안정성과 신뢰성에 치명적인 영향을 끼친다. 따라서 본 논문에서는 모듈이 발생시킬 수 있는 다양한 자원관련 문제를 해결하기 위해 커널 자원 보호자를 설계하였다. 커널 자원 보호자는 메모리, 주 번호, 워크 큐 등 운영체제가 관리하는 다양한 자원에 대한 보호를 제공한다. 제안된 기법은 리눅스 2.6.18에 실제 구현되었으며, 실험을 통해 본 논문에서 제안한 커널 자원 관리가 커널 자원을 효율적으로 보호하고 있음을 보였다.

Keywords

References

  1. W. Stalling, Operating Systems: Internals and Design Principle, 5th ed., Pearson Prentice Hall, 2004.
  2. J. Liedtke, "On Microkernel Construction," ACM SIGOPS Operating Systems Review, Vol.29, Issue. 5, pp. 237-250, 1995.
  3. D. P. Bovet and M. Cesati, Understanding the Linux Kernel, 3rd ed., O'Reilly, 2005.
  4. M. M. Swift, B. N. Bershad and H. M. Levy, "Improving the reliability of Commodity Operating System," Proceedings of the 19th ACM Symposium on Operating Systems Principles(SOSP), pp. 207-222, October 2003.
  5. B. N. Bershad, S. Savage, P. Pardyak, D. Becker, M. Fiuczynski, E. G. Sirer, "Protections is a Software Issue," Proceedings of the Fifth Workshop on Hot Topics in Operating Systems (HotOSV), pp. 62-65, 1995.
  6. Lin Tan, Ellick M. Chan, Reza Farivar, Nevedita Mallick, Jeffrey C. Carlyle, Francis M. David, Roy H. Campbell, "iKernel: Isolating Buggy and Malicious Device Drivers Using Hardware Virtualization Support," Third IEEE International Symposium on Dependable, Autonomic and Secure Computing, pp. 134-142, 2007.
  7. J. LeVasseur, V. Uhlig, J. Stoess, S. Gotz, "Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines," In Proceedings of the 6th conference on Symposium on Operating Systems Design and Implementation, pp. 17-30, 2004.
  8. Richard Ta-Min, Lionel Litty, David Lie, "Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable," In Proceedings of the 7th symposium on Operating Systems Design and Implementation, pp. 279-292, 2006.
  9. J. Liedtke, "On Microkernel Construction," ACM SIGOPS Operating Systems Review, Vol.29, Issue. 5, pp. 237-250, 1995. https://doi.org/10.1145/224057.224075
  10. Roy H. Campbell, Nayeem Islam, Ralph Johnson, Panos Kougiouris, Peter Madany, "Choices, Frameworks and Refinement," In Proceedings of the International Workshop on Object Orientation in Operating Systems, pp. 9-15, 1991.
  11. G. Hunt et. al., "An Overview of Singularity Project," Microsoft Research Technical Report, http://research.microsoft.com/research/pubs/view.aspx?msr_tr_id=MSR-TR-2005-135, 2005.
  12. B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers, S. Eggers, "Extensibility, safety and performance in the SPIN operating system," In Proceedings of the fifteenth ACM symposium on Operating systems Principles, pp. 267-283, 1995.
  13. M. M. Swift, B. N. Bershad, and H. M. Levy, "Improving the reliability of commodity operating systems," In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 207-222, 2003.
  14. U. Erlingsson, M. Abadi, M. Vrable, "XFI: Software Guards for System Address Spaces," In Proceedings of the 7th Operating System Design and Implementation, pp. 75-88, 2006.
  15. D. A. Kaplan, "RingCycle: A Hardware based approach to driver isolation," http://www.acm.uiuc.edu/projects/RingCycle/browser/RingCycle.pdf, 2006.
  16. M. Abadi, M. Budiu, U. Erlingsson, J. Ligatti, "Control-flow integrity: Principles, implementations, and applications," In Proceedings of the 12th ACM conference on Computer and communications security, pp. 340-353, 2005.
  17. Feng Qin, Joseph Tucek, Jagadeesan Sundaresan, Yuanyuan Zhou, "Rx: Treating Bugs As Allergies - A Safe Method to Survice Software Failures," In Proceedings of the 20th ACM Symposium on Operating Systems Principles, pp. 235-248, 2005.
  18. S. McCamant and G. Morrisett, "Evaluating SFI for a CISC architecture," In Proceedings of the 15th conference on USENIX Security Symposium, pp. 209-224, 2006.
  19. Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham, "Efficient software-based fault isolation," In Proceedings of the 14th ACM Symposium on Operating Systems Principles, pp. 203-216, 1994.
  20. Jongmoo Choi, Seungjae Baek, Sung Y. Shin, "Design and Implementation of a Kernel Resource Protector for Robustness of Linux Module Programming," The 21st Annual ACM Symposium on Applied Computing, pp. 1477-1481, 2006.