DoS problem still existing?

Kevin Elphinstone kevine at
Fri May 19 03:10:40 CEST 2006

There are broadly three approaches the community is exploring (that
I'm aware of).

1. Pager-like control of kernel memory (See Andy Haerberlen's paper
   with me for one description, I believe TU Dresden also has a
   Diplomarbeit describing an approach along similar lines, apologies
   to Dresden for not being more specific, I'm time constrained).

2. Restricting kernel memory consuming operations to the root server
   where they can be controlled, the NICTA N-series APIs do this.

3.  Making kernel memory and kernel data structures first class
    objects in the API and providing a model of transforming between
    them (no implicit allocation in the kernel at all), and then
    controlling delegation of those objects. This is what I'm
    exploring with the seL4 (secure embedded L4) project.

I won't debate the merits of the approaches, other than to plug option
3 (i.e. what I'm working on at the moment :-))


	- Kevin

> -----Original Message-----
> From: l4-hackers-bounces at 
> [mailto:l4-hackers-bounces at] On Behalf Of 
> Robert Kaiser
> Sent: Friday, 19 May 2006 2:25 AM
> To: l4-hackers at
> Subject: DoS problem still existing?
> Hello L4 Hackers,
> a long time ago (*), Jochen Liedtke described a potential 
> denial-of-service 
> attack against the L4 kernel by -IIRC- requesting a huge 
> number of mappings, 
> thereby exhausting kernel memory. Does this issue still exist 
> in the current 
> L4 implementations or has it been solved (How?).
> Kind Regards
> Rob
> (*) see 
> -- 
> Robert Kaiser <rkaiser at>
> SYSGO AG     Tel.: +49-6136-9948-0
> Am Pfaffenstein 14   Fax: +49-6136-9948-10
> 55270 Klein-Winternheim
> _______________________________________________
> l4-hackers mailing list
> l4-hackers at

More information about the l4-hackers mailing list