Operating system-style protections for language-based systems
Wallach, Dan S.
Doctor of Philosophy
Process-based separation has long been the prevalent model for providing security and isolation to protection domains in computer systems. However, the recent rise of component-based systems, which execute multiple plug-ins in the same process, has exposed a weakness of processes. At the same time, the recent spate of vulnerabilities in software has revealed the usefulness of language-based schemes to supplement the protections offered by processes. I propose a language-based protection model to replace processes as the basis for providing security and isolation. In this thesis, I present three different language-based mechanisms which add particular operating system-style protection semantics to the language. Soft termination provides a mechanism for guaranteed, safe termination of a task without interfering with other modules. Garbage collector memory accounting provides an accurate accounting of the memory used by each individual task running in the language-based system. Soft boundaries is a set of static analyses to verify that a specified task separation policy is followed by a particular codebase. These mechanisms provide the security and isolation that process-based separation provides, while tackling the problems of component-based architectures and malicious code head-on.