SIDE: Isolated and efficient execution of unmodified device drivers

Buggy device drivers are a major threat to the reliability of their host operating system. There have been myriad attempts to protect the kernel, but most of them either required driver modifications or incur substantial performance overhead. This paper describes an isolated device driver execution...

Full description

Saved in:
Bibliographic Details
Main Authors: Yifeng Sun, Tzi-cker Chiueh
Format: Conference Proceeding
Language:English
Subjects:
Context
device driver isolation
fault tolerance
Hardware
Kernel
Linux
Performance evaluation
Switches
Virtual machine monitors
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Buggy device drivers are a major threat to the reliability of their host operating system. There have been myriad attempts to protect the kernel, but most of them either required driver modifications or incur substantial performance overhead. This paper describes an isolated device driver execution system called SIDE (Streamlined Isolated Driver Execution), which focuses specifically on unmodified device drivers and strives to avoid changing the existing kernel code as much as possible. SIDE exploits virtual memory hardware to set up a device driver execution environment that is compatible with existing device drivers and yet is fully isolated from the kernel. SIDE is able to run an unmodified device driver for a Gigabit Ethernet NIC and the latency and throughput penalty is kept under 1% when augmented with a set of performance optimizations designed to reduce the number of protection domain crossings between an isolated device driver and the kernel.
ISSN:1530-0889
2158-3927
DOI:10.1109/DSN.2013.6575348