Mondriaan Memory Protection

Emmett Witchel (UT Austin) and Krste Asanovic

The need for flexible, efficient, fine-grained memory protection and sharing has been neglected in modern computing systems. Mondriaan memory protection (MMP) is a fine-grained protection scheme that allows multiple protection domains to flexibly share memory and export protected services. In contrast to earlier page-based systems, MMP allows arbitrary permissions control at the granularity of individual words. We use a compressed permissions table to reduce space overheads and employ two levels of permissions caching to reduce run-time overheads.

We implement the MMP hardware in a simulator and modify a version of the Linux 2.4.19 operating system to use it. Linux loads its device drivers as kernel module extensions, and MMP enforces the module boundaries, only allowing the device drivers access to the memory they need to function. The memory isolation provided by MMP increases Linux's resistance to programmer error, and exposed two kernel bugs in common, heavily-tested drivers. Experiments with several benchmarks where MMP was used extensively indicate the space taken by the MMP data structures is less than 11% of the memory used by the kernel, and the kernel's runtime, according to a simple performance model, increases less than 12% (relative to an unmodified kernel).

Note: In our first publication we spelled Mondrian with a single "a", whereas in subsequent publications we adopted the Dutch spelling, Mondriaan.

Publications

[1] "Mondrian Memory Protection", Emmett Witchel, Josh Cates, and Krste Asanovic, Tenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-X) , San Jose, CA, October 2002. (PDF paper, PPT slides, PDF slides)
[2] "Hardware Works, Software Doesn't: Enforcing Modularity with Mondriaan Memory Protection", Emmett Witchel and Krste Asanovic, 9th Workshop on Hot Topics in Operating Systems (HotOS-IX), Lihue, HI, May 2003. (PDF paper, PDF slides, PPT slides)
[3] "Mondriaan Memory Protection", Emmett Witchel, Ph.D. dissertation, Massachusetts Institute of Technology, January, 2004. (PDF paper)
[4] "Mondrix: Memory Isolation for Linux using Mondriaan Memory Protection", Emmett Witchel, Junghwan Rhee, and Krste Asanovic, 20th ACM Symposium on Operating Systems Principles (SOSP-20), Brighton, UK, October 2005. (PDF paper)

Funding

We gratefully thank the past and present sponsors of this work, including NSF, DARPA, and Intel.