DoS problem still existing?
kevine at cse.unsw.edu.au
Fri May 19 03:10:40 CEST 2006
There are broadly three approaches the community is exploring (that
I'm aware of).
1. Pager-like control of kernel memory (See Andy Haerberlen's paper
with me for one description, I believe TU Dresden also has a
Diplomarbeit describing an approach along similar lines, apologies
to Dresden for not being more specific, I'm time constrained).
2. Restricting kernel memory consuming operations to the root server
where they can be controlled, the NICTA N-series APIs do this.
3. Making kernel memory and kernel data structures first class
objects in the API and providing a model of transforming between
them (no implicit allocation in the kernel at all), and then
controlling delegation of those objects. This is what I'm
exploring with the seL4 (secure embedded L4) project.
I won't debate the merits of the approaches, other than to plug option
3 (i.e. what I'm working on at the moment :-))
> -----Original Message-----
> From: l4-hackers-bounces at os.inf.tu-dresden.de
> [mailto:l4-hackers-bounces at os.inf.tu-dresden.de] On Behalf Of
> Robert Kaiser
> Sent: Friday, 19 May 2006 2:25 AM
> To: l4-hackers at os.inf.tu-dresden.de
> Subject: DoS problem still existing?
> Hello L4 Hackers,
> a long time ago (*), Jochen Liedtke described a potential
> attack against the L4 kernel by -IIRC- requesting a huge
> number of mappings,
> thereby exhausting kernel memory. Does this issue still exist
> in the current
> L4 implementations or has it been solved (How?).
> Kind Regards
> (*) see
> Robert Kaiser <rkaiser at sysgo.com>
> SYSGO AG Tel.: +49-6136-9948-0
> Am Pfaffenstein 14 Fax: +49-6136-9948-10
> 55270 Klein-Winternheim http://www.sysgo.com
> l4-hackers mailing list
> l4-hackers at os.inf.tu-dresden.de
More information about the l4-hackers