VERIMAG (VERIMAG - IMAG), Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS), System architecture for reflective distributed computing environments (SARDES), Laboratoire Logiciels Systèmes Réseaux (LSR - IMAG), Université Joseph Fourier - Grenoble 1 (UJF)-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), System and Networking for Portable Objects Proved to be Safe (POPS), Laboratoire d'Informatique Fondamentale de Lille (LIFL), Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique (CNRS)-Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique (CNRS)-Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique (Inria)
Source:
10th ACM SIGOPS European Workshop https://hal.science/hal-00310150 10th ACM SIGOPS European Workshop, Sep 2002, St Emilion, France
Publisher Information:
HAL CCSD
Publication Year:
2002
Collection:
Université de Lille 3 - Sciences Humaines et Sociales: HAL
In this paper, we present THINK, our distributed systems architecture, and the research we have conducted to provide the system programmer with an architecture he can use to build efficient and secure operating systems. By specifying and implementing elementary tools that can be used by the system programmer to implement a chosen security policy, we prove that flexibility can be guaranteed in an operating system without compromising security. Our work focuses on protection against denial of service attacks which compromise the system fairness in resource multiplexing and can cause the system to stall due to resource starvation. We first briefly describing the THI NK architecture before positioning our contribution against related work. We then present the elementary tools we have specified to ensure quality of service in THI NK, before detailing the software memory isolation tool we have implemented and tested. We conclude by a concrete example of the utilisation of these tools.
