Information Technology Reference
In-Depth Information
controls | to prevent certain applications without a \need to know" from
accessing sensitive information, such as the smartphone's location or the
list of frequently called telephone numbers.
Operating system support for application-layer sandboxing. In-
creasingly, many applications are becoming mini-operating systems in
their own right, capable of safely executing third party software to ex-
tend and improve the user experience. Scripts embedded in web pages
have become increasingly sophisticated; web browsers need to be able to
eciently and completely isolate these scripts so that they cannot steal the
user's data or corrupt the browser. Other applications such as databases
and desktop publishing systems are also moving in the direction of need-
ing application-layer sandboxing. Google's NativeClient and Microsoft's
AppDomains are two example systems that provide general-purpose safe
execution of third party code at the user-level.
Hardware support for virtualization. Virtual machines provide an
extra layer of protection beneath the operating system. Even if a malicious
process run by a guest operating system on a virtual machine is able to
corrupt the kernel, its impact will be limited to just that virtual machine.
Below the virtual machine interface, the host operating system needs to
provide isolation between different virtual machines; this is much easier in
practice because the virtual machine interface is much simpler than the
operating system kernel's system call interface. For example, in a data
center, virtual machines provide users the flexibility to run any application,
without compromising the data center operation.
For this to be practical, processor architectures are being re-designed to
reduce the cost of running a virtual machine. For example, on some new
processors, guest operating systems can directly handle their own system
calls, interrupts and exceptions, without those events needing to be me-
diated by the host operating system implementing the virtual machine.
Likewise, I/O devices are being re-designed to do direct transfers to and
from the guest operating system, without the need to go through the host
kernel.
Exercises
For convenience, the exercises from the body of the chapter are repeated here.
1. We mentioned that for the \Hello world" program, the kernel must copy
the string from the user program into the screen memory. Why must the
screen's buer memory be protected? Explain what might happen if a
(malicious) application could alter any pixel on the screen, not just those
within its own window.
