Summary

In current operating systems, most instabilities and system crashes are due to driver bugs. Since drivers run in the most privileged space, bugs may not only cause crashes, but also may open security holes. A number of approaches have been taken to this problem in the past involving user level drivers, or software isolation. The Ring Cycle is different from all these because unlike other mechanisms for driver isolation, it uses x86 hardware support for enforcing the isolation, and will not involve a significant performance hit.

The goal of the Ring Cycle is to improve operating system stability and robustness through using hardware protection rings on x86 for driver isolation. Currently, most major operating systems including Windows and Linux only use 2 of the 4 x86 protection rings, and all drivers run in the most privileged ring (ring 0). The Ring Cycle is a modified Linux 2.6.7 kernel which will run runtime loadable driver modules in rings 1 and 2, and use hardware segmentation support to prevent these drivers from touching kernel symbols directly. This means that if a driver crashes, it will be severly restricted in the damage it can do.

The Ring Cycle is a research project at the University of Illinois in Champaign-Urbana at the department of Electrical and Computer Engineering. Please join our mailing list to keep up to date with the project and ask questions. For other issues please contact David Kaplan.