Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

One-Bit Branch Prediction for Processors with Fixed Prediction Mechanism

IP.com Disclosure Number: IPCOM000116621D
Original Publication Date: 1995-Oct-01
Included in the Prior Art Database: 2005-Mar-31
Document File: 2 page(s) / 40K

Publishing Venue

IBM

Related People

Breternitz Jr, M: AUTHOR

Abstract

Many UNIX* applications are written using a two process model to provide address protection. In this model, a trusted program is given full addressability to critical data objects (such as a data base) and acts as a "server" to a untrusted "client" processes. The client process gains access to the critical data only indirectly by sending requests and receiving replies from the "server" process. This permits each request to be validated by the server. This multi-process implementation does restrict data access to trusted code, but incurs significant communication and process switching overhead.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 78% of the total text.

One-Bit Branch Prediction for Processors with Fixed Prediction Mechanism

      Many UNIX* applications are written using a two process model
to provide address protection.  In this model, a trusted program is
given full addressability to critical data objects (such as a data
base) and acts as a "server" to a untrusted "client" processes.  The
client process gains access to the critical data only indirectly by
sending requests and receiving replies from the "server" process.
This permits each request to be validated by the server.  This
multi-process implementation does restrict data access to trusted
code,
but incurs significant communication and process switching overhead.

      The process switch and interprocess communication can be
avoided while still maintaining protection.  This can be done by
registering text address range as trusted rather than an entire
process as trusted.  System services can be provided that grant and
remove addressability to sensitive data.  The system services that
grant addressability verify that control is being returned to a
trusted section of code.  The trusted section of code always removes
addressability before returning to the untrusted code section.  The
trusted code section could exist as a prebuilt subroutine library.

      Enforcing protection on address ranges rather than processes
permits the trusted and non-trusted code segments to run alternately
on the same process thread avoiding communication and process
...