Download PDFOpen PDF in browser

User Space Privileged Function Calls

EasyChair Preprint no. 8870

15 pagesDate: September 23, 2022


The operating system's traditional design controls and manages all system resources, which comes at the cost of performance and scalability overhead. The scalability overhead results from the kernel's internal metadata structures and locks primarily designed for sequential access. Additionally, implementing software services and resource management requires compliance with the strict kernel abstractions and programming paradigms that can result in semantic bugs. Although plausible, decoupling from the strict kernel control path and code stack comes at the penalty of losing a higher trust entity to enforce protection separation and protection of user code and data. This paper offers a hardware-assisted method to run confined user-space functions at a higher privilege level. Our method allows the implementation of fined-grained user-level services and protocols without modifying the operating system's protection scheme. This is done by introducing two high-level instructions to the x86 ISA. Our simulation shows that user-level functions that leverage our instructions run in the same order as standard function calls, while the real benefit lies in the flexibility and ability to decouple the protected code from the kernel limitations.

Keyphrases: Operating System, privilege separation, protection rings, user-space protection

BibTeX entry
BibTeX does not have the right entry for preprints. This is a hack for producing the correct reference:
  author = {Nafiseh Moti and Reza Salkhordeh and André Brinkmann},
  title = {User Space Privileged Function Calls},
  howpublished = {EasyChair Preprint no. 8870},

  year = {EasyChair, 2022}}
Download PDFOpen PDF in browser