Printer-Friendly
Version
|
Next: Protected Procedure Calls
Up: 12-mungi
Previous: Mungi Security
Subsections
- Threads execute inside a protection domain (PD)
- A protection domain is defined as a set of capabilities
- Capabilities and protection domains are user-level objects
- Thread may or may not have control over its PD
- supports user-controlled confinement
|
- Unit of protection is the memory object
- contiguous page range
- associated with a set of password capabilities
- Unit of execution is the thread
- kernel-scheduled
- execute in an active protection domain (APD)
- associated with a (user-level) TCB object (UTCB)
- thread control is via access to UTCB
- An APD consists of (caps for) an array of Clists
- A Clist is an object consisting of an array of caps
- APD itself is in kernel space
- Caps confer sets of rights, combination of:
- read, write, execute,
delete, enquire, PDX
- Note: All capability presentation is implicit
- A thread can be started in an existing APD or a new one
- New APD is instantiated from a template
- called the protection domain object (PDO)
- system-defined structure
- consists of an array of clist capabilities,
- access restricted to trusted management code
- PDO creation requires special privileges
- Thread can also change APD temporarily
- called protection-domain extension, PDX
- requires PDX cap
- serves as protected-procedure call mechanism
Next: Protected Procedure Calls
Up: 12-mungi
Previous: Mungi Security
Gernot Heiser
2002-10-24
|