Curtis Yarvin, Richard Bukowski, and Thomas Anderson
Computer Science Division
University of California at Berkeley
Our approach is to use _anonymity_ instead of hardware page tables for protection. Logically independent memory segments are placed at random locations in the same address space and protection domain. With 64-bit virtual addresses, it is unlikely that a process will be able to locate any other segment by accidental or malicious memory probes; it is impossible to corrupt a segment without knowing its location. The benefit is that a cross-domain RPC need not involve a hardware context switch. Measurements of our prototype implementation show that a round-trip null RPC takes only 7.7us on an Intel 486-33.
To Become a USENIX Member, please see our Membership Information.