Hard-Object: Enforcing Object Interfaces Using Code-Range Data Protection

Daniel Wilkerson and David Alexander Molnar and Matthew Harren and John D. Kubiatowicz

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2009-97

July 8, 2009

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-97.pdf

We show how to utilize code-range data protection to enforce the private access specifiers of Object Oriented classes at runtime. We exploit the fact that code and data are often organized into modules exporting specified interfaces, even in non-Object-Oriented languages. We enforce at runtime the integrity and simplistic privacy of the module: its state cannot be written nor read other than through its interface. We provide module integrity even to non-memory-safe languages such as C and C++, without requiring automatic memory management. This is not best-effort protection: when used properly, we comprehensively guarantee that one software module cannot violate the integrity of another. That is, we make software objects hard.

Our extensions are simple, modest, and provide the guarantee we claim. We give simulation measurements to show the performance overhead is low. We show how most software can be compiled to take advantage of these extensions with modest and partially automatable modification.

BibTeX citation:

@techreport{Wilkerson:EECS-2009-97,
    Author= {Wilkerson, Daniel and Molnar, David Alexander and Harren, Matthew and Kubiatowicz, John D.},
    Title= {Hard-Object: Enforcing Object Interfaces Using Code-Range Data Protection},
    Year= {2009},
    Month= {Jul},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-97.html},
    Number= {UCB/EECS-2009-97},
    Abstract= {We show how to utilize code-range data protection to enforce the private access specifiers of Object Oriented classes at runtime. We exploit the fact that code and data are often organized into modules exporting specified interfaces, even in non-Object-Oriented languages. We enforce at runtime the integrity and simplistic privacy of the module: its state cannot be written nor read other than through its interface. We provide module integrity even to non-memory-safe languages such as C and C++, without requiring automatic memory management. This is not best-effort protection: when used properly, we comprehensively guarantee that one software module cannot violate the integrity of another. That is, we make software objects hard.

Our extensions are simple, modest, and provide the guarantee we claim. We give simulation measurements to show
the performance overhead is low. We show how most software can be compiled to take advantage of these extensions with modest and partially automatable modification.},
}

EndNote citation:

%0 Report
%A Wilkerson, Daniel 
%A Molnar, David Alexander 
%A Harren, Matthew 
%A Kubiatowicz, John D. 
%T Hard-Object: Enforcing Object Interfaces Using Code-Range Data Protection
%I EECS Department, University of California, Berkeley
%D 2009
%8 July 8
%@ UCB/EECS-2009-97
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-97.html
%F Wilkerson:EECS-2009-97