On a hardware-TLB system, the nested kernel architec-ture enforces Invariant I1 by 1) requiring explicit initial-ization of PTPs, 2) creating an explicit interface to updatethe page-table entries (PTEs), and 3) configuring all PTEsthat map PTPs as read-only. Therefore, any PTP that has notbeen explicitly initialized at boot time by the nested kernelor declared by the outer kernel via the vMMU is rejectedfrom use, enforcing Invariant I1.
how ????????
Mediation functions do not need to writeto protected memory and could be excluded from the TCBby running them with write-protections enabled.
what ?
Invariant 1. Active virtual-to-physical mappings for pro-tected data are configured read-only while the outer kernelexecutes.Invariant 2. Write-protection permissions in active virtual-to-physical mappings are enforced while the outer kernelexecutes.
Not clear
pMMU,including both memory (e.g,. PTPs) and CPU state (e.g.,WP-bit in CR0).
Do we access both memory and cpu state (control register) through pMMU ?
by enforcing lifetime kernel code integrity
what is that ?
By using the WP-bit, PerspicuOS efficiently toggleswrite-protections on transitions between the outer kernel andnested kernel without swapping address spaces or crossingtraditional hardware privilege boundaries.
Didn't really understand what the WP bit is doing here
where both the outerkernel and nested kernel operate at the same hardwareprivilege level—contrary to isolation in a microkernel whereuntrusted code operates in user-mode.
interesting
overheads
What is that ?
he system call logging facility
What is that also
Linux
Really ? I thought it wasn't monolithic.
As a result,these OS kernels define and store access control policies inmain memory which any code executing within the kernelcan modify.
weakness of the monolithic systems
nterposes on allupdates to virtual memory translations to assert protectionson physical memory
Not clear to me