Trustworthy Systems

Protection domain extensions in Mungi


Jerry Vochteloo, Kevin Elphinstone, Stephen Russell and Gernot Heiser

    School of Computer Science and Engineering
    Sydney 2052, Australia


The Mungi single address space operating system provides a protected procedure call mechanism named protection domain extension (PDX). The PDX call executes in a protection domain which is the union of (a subset of) the caller's domain, and a fixed domain associated with the procedure. On return, the caller's original protection domain is re-established. Extensive caching of validation data allows amortisation of setup costs over a possibly large number of invocations. The PDX mechanism forms the basis for object support in Mungi, particularly encapsulation. It is also used for accessing devices, and to implement user-level page fault handlers and other services.

BibTeX Entry

    address          = {Seattle, WA, USA},
    author           = {Jerry Vochteloo and Kevin Elphinstone and Stephen Russell and Gernot Heiser},
    booktitle        = {Proceedings of the 5th IEEE International Workshop on Object Orientation in Operating Systems
    month            = oct,
    pages            = {161--165},
    paperurl         = {},
    title            = {Protection Domain Extensions in {Mungi}},
    year             = {1996}