Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Cooperation of Mutually Suspicious Subsystems in a Computer Utility

Michael D. Schroeder

Abstract

This thesis describes practical protection mechanisms that allow mutually suspicious subsystems to cooperate in a single computation and still be protected from one another. The mechanisms are based on the division of a computation into independent domains of access privilege, each of which may encapsulate a protected subsystem. The central component of the mechanisms is a hardware processor that automatically enforces the access constraints associated with a multidomain computation implemented as a single execution point in a segmented virtual memory. This processor allows a standard interprocedure call with arguments to change the domain of execution of the computation. Arguments are automatically communicated on cross-domain calls – even between domains that normally have no access capabilities in common. The processor, when supported by a suitable software system which is also discussed, provides the protection basis for a computer utility in which users may encapsulate independently compiled programs an

Details

Publication typePhdThesis
URLhttp://publications.csail.mit.edu/lcs/pubs/pdf/MIT-LCS-TR-104.pdf
> Publications > Cooperation of Mutually Suspicious Subsystems in a Computer Utility