SIDE: Isolated and efficient execution of unmodified device drivers

Buggy device drivers are a major threat to the reliability of their host operating system. There have been myriad attempts to protect the kernel, but most of them either required driver modifications or incur substantial performance overhead. This paper describes an isolated device driver execution...

Full description

Saved in:
Bibliographic Details
Main Authors: Yifeng Sun, Tzi-cker Chiueh
Format: Conference Proceeding
Language:English
Subjects:
Context
device driver isolation
fault tolerance
Hardware
Kernel
Linux
Performance evaluation
Switches
Virtual machine monitors
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 12
container_issue
container_start_page 1
container_title
container_volume
creator Yifeng Sun
Tzi-cker Chiueh
description Buggy device drivers are a major threat to the reliability of their host operating system. There have been myriad attempts to protect the kernel, but most of them either required driver modifications or incur substantial performance overhead. This paper describes an isolated device driver execution system called SIDE (Streamlined Isolated Driver Execution), which focuses specifically on unmodified device drivers and strives to avoid changing the existing kernel code as much as possible. SIDE exploits virtual memory hardware to set up a device driver execution environment that is compatible with existing device drivers and yet is fully isolated from the kernel. SIDE is able to run an unmodified device driver for a Gigabit Ethernet NIC and the latency and throughput penalty is kept under 1% when augmented with a set of performance optimizations designed to reduce the number of protection domain crossings between an isolated device driver and the kernel.
doi_str_mv 10.1109/DSN.2013.6575348
format conference_proceeding
fullrecord <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_6575348</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6575348</ieee_id><sourcerecordid>6575348</sourcerecordid><originalsourceid>FETCH-LOGICAL-i241t-d2627ea79dcfb3dbf331991756a637189baa1ae70ead7a3b1ac2b31b4857b3a33</originalsourceid><addsrcrecordid>eNpVkDtPwzAURs1LoirdkVj8B1J8fRM_2FBboFIFQ2GuruNryahNUJJW8O-pRBembzhHZ_iEuAU1BVD-fr5-nWoFODWVrbB0Z2LirYPSWDSl1epcjDRUrkCv7cU_BngpRlChKpRz_lpM-v5TKQUKS-PcSMzWy_niQS77dksDR0lNlJxSrjM3g-RvrvdDbhvZJrlvdm3MKR-tyIdcs4xdPnDX34irRNueJ6cdi4-nxfvspVi9PS9nj6si6xKGImqjLZP1sU4BY0iI4D3YypBBC84HIiC2iilawgBU64AQSlfZgIQ4Fnd_3czMm68u76j72ZwuwV9Ko0-k</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>SIDE: Isolated and efficient execution of unmodified device drivers</title><source>IEEE Xplore All Conference Series</source><creator>Yifeng Sun ; Tzi-cker Chiueh</creator><creatorcontrib>Yifeng Sun ; Tzi-cker Chiueh</creatorcontrib><description>Buggy device drivers are a major threat to the reliability of their host operating system. There have been myriad attempts to protect the kernel, but most of them either required driver modifications or incur substantial performance overhead. This paper describes an isolated device driver execution system called SIDE (Streamlined Isolated Driver Execution), which focuses specifically on unmodified device drivers and strives to avoid changing the existing kernel code as much as possible. SIDE exploits virtual memory hardware to set up a device driver execution environment that is compatible with existing device drivers and yet is fully isolated from the kernel. SIDE is able to run an unmodified device driver for a Gigabit Ethernet NIC and the latency and throughput penalty is kept under 1% when augmented with a set of performance optimizations designed to reduce the number of protection domain crossings between an isolated device driver and the kernel.</description><identifier>ISSN: 1530-0889</identifier><identifier>ISBN: 9781467364713</identifier><identifier>ISBN: 1467364711</identifier><identifier>EISSN: 2158-3927</identifier><identifier>EISBN: 9781467364720</identifier><identifier>EISBN: 146736472X</identifier><identifier>DOI: 10.1109/DSN.2013.6575348</identifier><language>eng</language><publisher>IEEE</publisher><subject>Context ; device driver isolation ; fault tolerance ; Hardware ; Kernel ; Linux ; Performance evaluation ; Switches ; Virtual machine monitors</subject><ispartof>2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2013, p.1-12</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6575348$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54555,54920,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6575348$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Yifeng Sun</creatorcontrib><creatorcontrib>Tzi-cker Chiueh</creatorcontrib><title>SIDE: Isolated and efficient execution of unmodified device drivers</title><title>2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)</title><addtitle>DSN</addtitle><description>Buggy device drivers are a major threat to the reliability of their host operating system. There have been myriad attempts to protect the kernel, but most of them either required driver modifications or incur substantial performance overhead. This paper describes an isolated device driver execution system called SIDE (Streamlined Isolated Driver Execution), which focuses specifically on unmodified device drivers and strives to avoid changing the existing kernel code as much as possible. SIDE exploits virtual memory hardware to set up a device driver execution environment that is compatible with existing device drivers and yet is fully isolated from the kernel. SIDE is able to run an unmodified device driver for a Gigabit Ethernet NIC and the latency and throughput penalty is kept under 1% when augmented with a set of performance optimizations designed to reduce the number of protection domain crossings between an isolated device driver and the kernel.</description><subject>Context</subject><subject>device driver isolation</subject><subject>fault tolerance</subject><subject>Hardware</subject><subject>Kernel</subject><subject>Linux</subject><subject>Performance evaluation</subject><subject>Switches</subject><subject>Virtual machine monitors</subject><issn>1530-0889</issn><issn>2158-3927</issn><isbn>9781467364713</isbn><isbn>1467364711</isbn><isbn>9781467364720</isbn><isbn>146736472X</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2013</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNpVkDtPwzAURs1LoirdkVj8B1J8fRM_2FBboFIFQ2GuruNryahNUJJW8O-pRBembzhHZ_iEuAU1BVD-fr5-nWoFODWVrbB0Z2LirYPSWDSl1epcjDRUrkCv7cU_BngpRlChKpRz_lpM-v5TKQUKS-PcSMzWy_niQS77dksDR0lNlJxSrjM3g-RvrvdDbhvZJrlvdm3MKR-tyIdcs4xdPnDX34irRNueJ6cdi4-nxfvspVi9PS9nj6si6xKGImqjLZP1sU4BY0iI4D3YypBBC84HIiC2iilawgBU64AQSlfZgIQ4Fnd_3czMm68u76j72ZwuwV9Ko0-k</recordid><startdate>201306</startdate><enddate>201306</enddate><creator>Yifeng Sun</creator><creator>Tzi-cker Chiueh</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>201306</creationdate><title>SIDE: Isolated and efficient execution of unmodified device drivers</title><author>Yifeng Sun ; Tzi-cker Chiueh</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i241t-d2627ea79dcfb3dbf331991756a637189baa1ae70ead7a3b1ac2b31b4857b3a33</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2013</creationdate><topic>Context</topic><topic>device driver isolation</topic><topic>fault tolerance</topic><topic>Hardware</topic><topic>Kernel</topic><topic>Linux</topic><topic>Performance evaluation</topic><topic>Switches</topic><topic>Virtual machine monitors</topic><toplevel>online_resources</toplevel><creatorcontrib>Yifeng Sun</creatorcontrib><creatorcontrib>Tzi-cker Chiueh</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEL</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Yifeng Sun</au><au>Tzi-cker Chiueh</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>SIDE: Isolated and efficient execution of unmodified device drivers</atitle><btitle>2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)</btitle><stitle>DSN</stitle><date>2013-06</date><risdate>2013</risdate><spage>1</spage><epage>12</epage><pages>1-12</pages><issn>1530-0889</issn><eissn>2158-3927</eissn><isbn>9781467364713</isbn><isbn>1467364711</isbn><eisbn>9781467364720</eisbn><eisbn>146736472X</eisbn><abstract>Buggy device drivers are a major threat to the reliability of their host operating system. There have been myriad attempts to protect the kernel, but most of them either required driver modifications or incur substantial performance overhead. This paper describes an isolated device driver execution system called SIDE (Streamlined Isolated Driver Execution), which focuses specifically on unmodified device drivers and strives to avoid changing the existing kernel code as much as possible. SIDE exploits virtual memory hardware to set up a device driver execution environment that is compatible with existing device drivers and yet is fully isolated from the kernel. SIDE is able to run an unmodified device driver for a Gigabit Ethernet NIC and the latency and throughput penalty is kept under 1% when augmented with a set of performance optimizations designed to reduce the number of protection domain crossings between an isolated device driver and the kernel.</abstract><pub>IEEE</pub><doi>10.1109/DSN.2013.6575348</doi><tpages>12</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1530-0889
ispartof 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2013, p.1-12
issn 1530-0889
2158-3927
language eng
recordid cdi_ieee_primary_6575348
source IEEE Xplore All Conference Series
subjects Context
device driver isolation
fault tolerance
Hardware
Kernel
Linux
Performance evaluation
Switches
Virtual machine monitors
title SIDE: Isolated and efficient execution of unmodified device drivers
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-02T11%3A05%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=SIDE:%20Isolated%20and%20efficient%20execution%20of%20unmodified%20device%20drivers&rft.btitle=2013%2043rd%20Annual%20IEEE/IFIP%20International%20Conference%20on%20Dependable%20Systems%20and%20Networks%20(DSN)&rft.au=Yifeng%20Sun&rft.date=2013-06&rft.spage=1&rft.epage=12&rft.pages=1-12&rft.issn=1530-0889&rft.eissn=2158-3927&rft.isbn=9781467364713&rft.isbn_list=1467364711&rft_id=info:doi/10.1109/DSN.2013.6575348&rft.eisbn=9781467364720&rft.eisbn_list=146736472X&rft_dat=%3Cieee_CHZPO%3E6575348%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i241t-d2627ea79dcfb3dbf331991756a637189baa1ae70ead7a3b1ac2b31b4857b3a33%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=6575348&rfr_iscdi=true