With reference to sensor node architectures, we consider the problem of supporting forms of memory protection through a hardware/compiler approach that takes advantage of a low-cost protection circuitry inside the mic...With reference to sensor node architectures, we consider the problem of supporting forms of memory protection through a hardware/compiler approach that takes advantage of a low-cost protection circuitry inside the microcontroller, interposed between the processor and the storage devices. Our design effort complies with the stringent limitations existing in these architectures in terms of hardware complexity, available storage and energy consumption. Rather that precluding deliberately harmful programs from producing their effects, our solution is aimed at limiting the spread of programming errors outside the memory scope of the running program. The discussion evaluates the resulting protection environment from a number of salient viewpoints that include the implementation of common protection paradigms, efficiency in the distribution and revocation of access privileges, and the lack of a privileged (kernel) mode.展开更多
With reference to a protection model featuring processes, objects and domains, we consider the salient aspects of the protection problem, domain representation and access right segregation in memory. We propose a solu...With reference to a protection model featuring processes, objects and domains, we consider the salient aspects of the protection problem, domain representation and access right segregation in memory. We propose a solution based on protected references, each consisting of the identifier of an object and the specification of a collection of access rights for this object. The protection system associates an encryption key with each object and each domain. A protected reference for a given object is always part of a domain, and is stored in memory in the ciphertext form that results from application of a double encryption using both the object key and the domain key.展开更多
文摘With reference to sensor node architectures, we consider the problem of supporting forms of memory protection through a hardware/compiler approach that takes advantage of a low-cost protection circuitry inside the microcontroller, interposed between the processor and the storage devices. Our design effort complies with the stringent limitations existing in these architectures in terms of hardware complexity, available storage and energy consumption. Rather that precluding deliberately harmful programs from producing their effects, our solution is aimed at limiting the spread of programming errors outside the memory scope of the running program. The discussion evaluates the resulting protection environment from a number of salient viewpoints that include the implementation of common protection paradigms, efficiency in the distribution and revocation of access privileges, and the lack of a privileged (kernel) mode.
文摘With reference to a protection model featuring processes, objects and domains, we consider the salient aspects of the protection problem, domain representation and access right segregation in memory. We propose a solution based on protected references, each consisting of the identifier of an object and the specification of a collection of access rights for this object. The protection system associates an encryption key with each object and each domain. A protected reference for a given object is always part of a domain, and is stored in memory in the ciphertext form that results from application of a double encryption using both the object key and the domain key.