[kaffe] [RFC]: Privilege Separated JIT

John Richard Moser nigelenki at comcast.net
Tue Dec 5 20:07:18 PST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am looking for peer review on a paper I need to polish off, which I
have just written.  I will be cross-posting this to mono's devel list as
well; but I have written separate e-mails to avoid noise back and forth.
 This paper is stored on my personal Web server currently, at the below
address.

  http://bluefox.kicks-ass.org/stuff/bluefox/misc/vm_twoproc.html

Brief summary:  Kaffe, Mono, and other systems may execute native code
to accomplish certain tasks.  For example, Kaffe's classpath may supply
some functions using standard libraries like libxml2 or libpng; and C#
allows for interoperability service to call native libraries directly,
escaping managed mode code and potentially entering vulnerable code.
The process described allows the JIT code to be generated and run in a
separate process; the main process is executed without runtime code
generation, and can be given security restrictions to protect against a
diverse set of exploit methods, enhancing security guarantees.


- -----------------------------------------------------------------------
Abstract

In this paper we present some new ideas for improving the state of the
art in Just-in-Time (JIT) compilation. The ideas presented include (1)
executing the JIT and generated code in a less restricted security
context than the main process; (2) synchronizing the state of memory
between the two processes with dynamic address translation; and (3)
retaining full compatibility with existing systems and APIs such as not
to neccessitate the introduction of new system interfaces.
- -----------------------------------------------------------------------


- --
    We will enslave their women, eat their children and rape their
    cattle!
                  -- Bosc, Evil alien overlord from the fifth dimension
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBRXY+hQs1xW0HCTEFAQIncA//bYRAtfwzMyMXKARdzHgnVUeOZM36BysL
HbsSQkhTrGexNDYM5QsbTxsHiSC8MKbnmFcHxMSZE3b3eCVpIymmvoK2bAiC59zm
NZDltOa7+lfNQCIFsNWxCDduvXWwvI2MzopBY42e4LYxJnQ0jnx6UBg9FJ+3hyeZ
bQx/sc1hzHbxDYOBJcFf+0To8mwIbS/0nN0ReaseHmKQNgd9f7CMmDZ8RFphCbKe
W4jHCyDBpSqJe7BhFVeJ+V6JuvNQIfmOyLzkAAojzjGhoGuneRFoG0xi4shNZS4C
hnW8h/qJO7gOJpVPzNAisv053RCUmhJLkGtAPDfayocwqf0IzbsFVG6Fn+vROXfG
/zvXdoqLLZn4BD/+gOTgUz9hKHm1AnALcO4g76iaI8Hg+xbHCQHI1qgoC7F7SEpa
jMGRKKMsHpj7tii69vLjYKSip+2u2oUKY6SIuoOQvxzYkFyGes4lDA9TdpkdvT9R
uDm0XC1+D+n78RzfN/xJnGOOIl+nWi5F7wBgwbJfVMNzY/TtsugMBxY8ws8zw1SC
hMvdbBrO6k7uzPqxi+ebtt+1R/rQqxeiVxVjHI60AAVP/B0DN4mBq8smiSR0KFwL
AtH0hgzGbLGjJuhQ3xdTXVu/6eqou/JB1bdXld4OuzYqH1EO7wvMKKG1hJiMO5c7
dgWLZIgq8mw=
=NVO8
-----END PGP SIGNATURE-----

More information about the kaffe mailing list