关键词：体系结构；计算机安全；存储设备
摘 要：The objective of this project was the development of secure execution environments for applications that use third party software components developed by a variety of vendors, and restrict how code shares the application memory space, and provide isolation within the application space. A hardware-software approach was taken to provide fine grained memory access protection by placing each software component or package in a hardware wrapper which enforces limits on the resources accessed by these software packages, and thus helps detect an attack and enables recovery from an attack. Current computing platforms were augmented with hardware that enforces limits on resources accessed by the software packages these hardware wrappers constrain the damage that can be done by a malicious software package and maintain a stable system through recovery mechanisms. Extensive experiments, which revealed modest performance overhead, conducted on a full system simulation infrastructure demonstrated that fine grained memory protection using the concept of wrappers is both practical and effective.