Protection is a software issue

Abstract

Modern operating systems are strongly dependent on software mechanisms to protect system resources from users. This is true despite the fact that the promoters of these systems imply that their reliability and integrity derive solely from the use of a core set of protected hardware mechanisms, such as address spaces and protected supervisor mode. While typical microprocessors provide cheap and effective hardware mechanisms to protect the load word/store word interface, operating systems are forced to abstract and virtualize this interface to export a far richer set, of resources such as files, sockets, threads, and consoles. The access semantics for these resources are almost always protected by software checks and not hardware. Processor architectures simply do not provide enough fine-grained control over access to shared system resources to ensure that a program only accesses the resources to which it is allowed. Our position is that software protection mechanisms are not only necessary, but have inherent advantages over hardware for enforcing the protection requirements of an operating system. Software is flexible, explicit, precise, and in many cases, open to incredible optimizations. By contrast, hardware mechanisms are rigid, implicit, imprecise, and unoptimizable.