LWC on Dune
2016 - PhD fellowship, EPFL
LWC on Dune: bringing light-weight contexts to Dune
At the begining of my PhD, in 2016, I implemented Light-weight-contexts, i.e., a sub-process compartmentalization, inside Dune, a process-virtualization project.
The advantage of this approach was that, unlike the original LWC, it didn’t require to modify the Operating system.
This was a few months worth of work, quite fun, and allowed me to learn how Intel VT-x works (it is also one of the numerous times where I had to write code to manipulate page-tables and vmas, eventually leading to my C-Stem library).
Abstract
We believe programmers would greatly benefit from an OS abstraction for memory isolation within a process. We further argue that leveraging recent architecture’s hardware support for virtualizaiton would, unlike previous attempts, yield a solution that is both safe and maintainable. Hardware support for virtualization provides direct access to hardware features, such as ring protection mechanism and page tables, required to provide such an abstraction, while providing flexibility in terms of the implementation’s specifics. We improve upon previous solutions by both relying on hardware mechanisms to enforce memory isolation and being completely decoupled from an existing kernel.