Abstract
Describes object-based runtime support for efficient access to protected objects, i.e. objects belonging to server programs that export protected services to untrusted clients. Modern operating systems use hardware-based protection domains to protect a server's objects; clients can access those objects only through cross-domain remote procedure calls (RPC) to methods that execute within the server's domain. Unfortunately, exclusive use of RPC compromises performance in exchange for protection. We show how to provide safe and efficient access to server data by client read-sharing of some server objects and methods. Local client calls to read-only methods execute directly in shared memory, without the cost of protection crossing. We introduce a version-based mechanism to synchronize the readers with write-methods executing in the server domain. Object-based proxies hide the use of shared memory from client programs. Measurements of a simple application demonstrate that our techniques can deliver performance close to an unprotected implementation, but with the modularity and server protection of traditional RPC.