research-article

Rethinking the library OS from the top down

Authors:

Donald E. Porter,

Silas Boyd-Wickizer,

Reuben Olinsky,

Galen C. HuntAuthors Info & Claims

ACM SIGARCH Computer Architecture News, Volume 39, Issue 1

Pages 291 - 304

https://doi.org/10.1145/1961295.1950399

Published: 05 March 2011 Publication History

Abstract

This paper revisits an old approach to operating system construc-tion, the library OS, in a new context. The idea of the library OS is that the personality of the OS on which an application depends runs in the address space of the application. A small, fixed set of abstractions connects the library OS to the host OS kernel, offering the promise of better system security and more rapid independent evolution of OS components.

We describe a working prototype of a Windows 7 library OS that runs the latest releases of major applications such as Microsoft Excel, PowerPoint, and Internet Explorer. We demonstrate that desktop sharing across independent, securely isolated, library OS instances can be achieved through the pragmatic reuse of net-working protocols. Each instance has significantly lower overhead than a full VM bundled with an application: a typical application adds just 16MB of working set and 64MB of disk footprint. We contribute a new ABI below the library OS that enables application mobility. We also show that our library OS can address many of the current uses of hardware virtual machines at a fraction of the overheads. This paper describes the first working prototype of a full commercial OS redesigned as a library OS capable of running significant applications. Our experience shows that the long-promised benefits of the library OS approach better protection of system integrity and rapid system evolution are readily obtainable.

References

[1]

Amazon. Amazon Elastic Compute Cloud (EC2). Seattle, WA, 2006.

[2]

Ammons, G., Appavoo, J., Butrico, M., Da Silva, D., Grove, D., Kawachiya, K., Krieger, O., Rosenburg, B., Van Hensbergen, E. and Wisniewski, R.W. Libra: A Library OS for a JVM in a Virtualized Execution Environment. In Proceedings of the 3rd International Conference on Virtual Execution Environments, 2007.

Digital Library

[3]

Anderson, T.E. The Case for Application-Specific Operating Systems. In Proceedings of the 3rd Workshop on Workstation Operating Systems, 1992.

[4]

Appavoo, J., Auslander, M., Da Silva, D., Edelsohn, D., Krieger, O., Ostrowski, M., Rosenburg, B., Wisniewski, R.W. and Xenidis, J. Providing a Linux API on the Scalable K42 Kernel. In Proceedings of the 2003 USENIX Annual Technical Conference, 2003.

[5]

Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I. and Warfield, A. Xen and the Art of Virtualization. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, 2003.

Digital Library

[6]

Baumann, A., Barham, P., Dagand, P.-E., Harris, T., Isaacs, R., Peter, S., Roscoe, T., Schüpbach, A. and Singhania, A. The Multikernel: a new OS architecture for scalable multicore systems. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles, 2009.

Digital Library

[7]

Bhattiprolu, S., Biederman, E.W., Hallyn, S. and Lezcano, D. Virtual servers and checkpoint/restart in mainstream Linux. SIGOPS Operating Systems Review, 42 (5), 2008.

Digital Library

[8]

Bugnion, E., Devine, S., Govil, K. and Rosenblum, M. Disco: Running Commodity Operating Systems on Scalable Multiprocessors. ACM Transactions on Computer Systems, 15 (4), 1997.

Digital Library

[9]

Chen, H., Wagner, D. and Dean, D. Setuid Demystified. In Proceedings of the 11th USENIX Security Symposium, USENIX Association, 2002.

Digital Library

[10]

Cheriton, D.R. and Duda, K.J. A Caching Model of Operating System Kernel Functionality. In Proceedings of the 1st USENIX Symposium on Operating Systems Design and Implementation, 1994.

Digital Library

[11]

Douceur, J.R., Elson, J., Howell, J. and Lorch, J.R. Leveraging Legacy Code to Deploy Desktop Applications on the Web. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, 2008.

Digital Library

[12]

Eiraku, H., Shinjo, Y., Pu, C., Koh, Y. and Kato, K. Fast Networking with Socket-Outsourcing in Hosted Virtual Machine Environments. In Proceedings of the 24th ACM Symposium on Applied Computing, 2009.

Digital Library

[13]

Engler, D.R., Kaashoek, M.F. and O'Toole, J., Jr. Exokernel: an Operating System Architecture for Application-Level Resource Management. In Proceedings of the 15th ACM Symposium on Operating Systems Principles, 1995.

Digital Library

[14]

Franke, H., Russel, R. and Kirkwood, M. Fuss, Futexes and Furwocks: Fast Userlevel Locking in Linux. In Proceedings of the Ottawa Linux Symposium, 2002.

[15]

Garfinkel, T. Traps and Pitfalls: Practical Problems in System Call Interposition based Security Tools. In Proceedings of the Network and Distributed Systems Security Symposium, 2003.

[16]

Gerard Malan, R.R., David Golub, and Robert Brown. DOS as a Mach 3.0 Application. In Proceedings of the USENIX Mach Symposium, 1991.

[17]

Gupta, D., Lee, S., Vrable, M., Savage, S., Snoeren, A.C., Varghese, G., Voelker, G.M. and Vahdat, A. Difference Engine: Harnessing Memory Redundancy in Virtual Machines. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, 2008.

Digital Library

[18]

Helander, J., Unix under Mach: The Lites Server. Helsinki University of Technology, Helsinki, 1994.

[19]

Howell, J., Hunt, G.C., Molnar, D. and Porter, D.E., Living Dangerously: A Survey of Software Download Practices. MSR-TR-2010--51, Microsoft Research, 2010.

[20]

Keetch, T., Escaping from Protected Mode Internet Explorer -- Evaluating a potential security boundary. Verizon Business, London, UK, 2010.

[21]

Leslie, I., McAuley, D., Black, R., Roscoe, T., Barham, P., Evers, D., Fairbairns, R. and Hyden, E. The Design and Implementation of an Operating System to Support Distributed Multimedia Applications. IEEE Journal on Selected Areas In Communications, 14 (7), 1996.

Digital Library

[22]

Litzkow, M., Tannenbaum, T., Basney, J. and Livny, M., Checkpoint and Migration of UNIX Processes in the Condor Distributed Processing System. University of Wisconsin-Madison, 1997.

[23]

Loscocco, P. and Smalley, S. Integrating flexible support for security policies into the Linux operating system. In Proceedings of the 2001 USENIX Annual Technical Conference, 2001.

Digital Library

[24]

Love, R. Get on the D-BUS. Linux Journal, 2005.

Digital Library

[25]

Microsoft. Internet Information Services 7.5. Redmond, WA, 2009.

[26]

Microsoft. Microsoft Application Virtualization (App-V). Redmond, WA, 2006.

[27]

Microsoft Performance Tuning Guidelines for Windows Server 2008 R2, Redmond, WA, 2009.

[28]

Microsoft, Remote Desktop Protocol: Basic Connectivity and Graphics Remoting Specification. Redmond, WA, 2010.

[29]

Price, D. and Tucker, A. Solaris zones: operating system support for server consolidation. In Proceedings of the Large Installation Systems Administration Conference, 2004.

[30]

Roscoe, T., Elphinstone, K. and Heiser, G. Hype and virtue. In Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems, 2007.

Digital Library

[31]

Sapuntzakis, C., Brumley, D., Chandra, R., Zeldovich, N., Chow, J., Lam, M.S. and Rosenblum, M. Virtual Appliances for Deploying and Maintaining Software. In Proceedings of the Large Installation Systems Administration Conference, 2003.

Digital Library

[32]

Soltesz, S., Pötzl, H., Fiuczynski, M.E., Bavier, A. and Peterson, L. Container-based Operating System Virtualization: A Scalable, High-Performance Alternative to Hypervisors. In Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007, ACM, 2007.

Digital Library

[33]

Spear, M.F., Roeder, T., Hodson, O., Hunt, G.C. and Levi, S., Solving the Starting Problem: Device Drivers as Self-Describing Artifacts. In Proceedings of the EuroSys 2006 Conference, Leuven, Belgium, 2006.

Digital Library

[34]

Stokely, M. and Lee, C. The FreeBSD Handbook 3rd Edition, Vol. 1: User's Guide. FreeBSD Mall, Inc., Brentwood, CA, 2003.

Digital Library

[35]

Sugerman, J., Venkitachalam, G. and Lim, B.-H. Virtualizing I/O Devices on VMware Workstations Hosted Virtual Machine Monitor. In Proceedings of the 2001 USENIX Annual Technical Conference, 2001.

Digital Library

[36]

Torre, C. Mark Russinovich: Inside Windows 7. Channel 9, Redmond, WA, January, 2009.

[37]

VMWare. ThinApp. Palo Alto, CA, 2008.

[38]

Waldspurger, C.A. Memory Resource Management in VMware ESX Server. In Proceedings of the 5th USENIX Symposium on Operating Systems Design and Implementation, 2002.

Digital Library

[39]

Whitaker, A., Shaw, M. and Gribble, S.D. Scale and Performance in the Denali Isolation Kernel. In Proceedings of the 5th USENIX Symposium on Operating Systems Design and Implementation, 2002.

Digital Library

[40]

Yee, B., Sehr, D., Dardyk, G., Chen, J.B., Muth, R., Orm, T., Okasaka, S., Narula, N., Fullagar, N. and Inc, G. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In Proceedings of the 30th IEEE Symposium on Security and Privacy, 2009.

Digital Library

[41]

Zeldovich, N., Boyd-Wickizer, S., Kohler, E. and Mazières, D. Making information flow explicit in HiStar. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, 2006.

Digital Library

Cited By

Parola FQi SNarappa ARamakrishnan KRisso F(2024)SURE: Secure Unikernels Make Serverless Computing Rapid and EfficientProceedings of the 2024 ACM Symposium on Cloud Computing10.1145/3698038.3698558(668-688)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3698038.3698558
Mehrab ANikolaev RRavindran BBromberg YKermarrec AKozyrakis C(2022)KiteProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519586(384-401)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1145/3492321.3519586
Nikolaev RSung MRavindran BNagarakatte SBaumann AKasikci B(2020)LibrettOSProceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments10.1145/3381052.3381316(114-128)Online publication date: 17-Mar-2020
https://dl.acm.org/doi/10.1145/3381052.3381316
Show More Cited By

Index Terms

Rethinking the library OS from the top down
1. Software and its engineering
  1. Software creation and management
    1. Designing software
  2. Software organization and properties
    1. Contextual software domains
      1. Operating systems

Recommendations

How to design a library OS for practical containers?
VEE 2021: Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

Container engines with operating-system virtualization have been widely used and now offer extensions to replace core functionalities that are derived from the host kernel. Because such extensions with an alternate kernel, which is often implemented in ...
Rethinking the library OS from the top down
ASPLOS XVI: Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems

This paper revisits an old approach to operating system construc-tion, the library OS, in a new context. The idea of the library OS is that the personality of the OS on which an application depends runs in the address space of the application. A small, ...
Rethinking the library OS from the top down
ASPLOS '11

This paper revisits an old approach to operating system construc-tion, the library OS, in a new context. The idea of the library OS is that the personality of the OS on which an application depends runs in the address space of the application. A small, ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGARCH Computer Architecture News

ACM SIGARCH Computer Architecture News Volume 39, Issue 1

ASPLOS '11

March 2011

407 pages

ISSN:0163-5964

DOI:10.1145/1961295

Issue’s Table of Contents

ASPLOS XVI: Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
March 2011
432 pages
ISBN:9781450302661
DOI:10.1145/1950365
General Chair:
Rajiv Gupta
University of California, Riverside
,
Program Chair:
Todd C. Mowry
Carnegie Mellon University

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 March 2011

Published in SIGARCH Volume 39, Issue 1

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

163
Total Citations
View Citations
3,815
Total Downloads

Downloads (Last 12 months)176
Downloads (Last 6 weeks)15

Reflects downloads up to 10 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Parola FQi SNarappa ARamakrishnan KRisso F(2024)SURE: Secure Unikernels Make Serverless Computing Rapid and EfficientProceedings of the 2024 ACM Symposium on Cloud Computing10.1145/3698038.3698558(668-688)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3698038.3698558
Mehrab ANikolaev RRavindran BBromberg YKermarrec AKozyrakis C(2022)KiteProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519586(384-401)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1145/3492321.3519586
Nikolaev RSung MRavindran BNagarakatte SBaumann AKasikci B(2020)LibrettOSProceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments10.1145/3381052.3381316(114-128)Online publication date: 17-Mar-2020
https://dl.acm.org/doi/10.1145/3381052.3381316
Shen YTian HChen YChen KWang RXu YXia YYan SLarus JCeze LStrauss K(2020)OcclumProceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3373376.3378469(955-970)Online publication date: 9-Mar-2020
https://dl.acm.org/doi/10.1145/3373376.3378469
Compastié MBadonnel RFestor OHe R(2020)From virtualization security issues to cloud protection opportunitiesComputers and Security10.1016/j.cose.2020.10190597:COnline publication date: 1-Oct-2020
https://dl.acm.org/doi/10.1016/j.cose.2020.101905
Zhang DWang GXu WGao K(2019)SGXPy: Protecting Integrity of Python Applications with Intel SGX2019 26th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC48747.2019.00063(418-425)Online publication date: Dec-2019
https://doi.org/10.1109/APSEC48747.2019.00063
Compastié MBadonnel RFestor OHe RKassi-Lahlou M(2018)Unikernel-based approach for software-defined security in cloud infrastructuresNOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS.2018.8406155(1-7)Online publication date: 23-Apr-2018
https://dl.acm.org/doi/10.1109/NOMS.2018.8406155
Vasudevan AChaki SManiatis PJia LDatta A(2016)ÜbersparkProceedings of the 25th USENIX Conference on Security Symposium10.5555/3241094.3241102(87-104)Online publication date: 10-Aug-2016
https://dl.acm.org/doi/10.5555/3241094.3241102
Qiang WZhang KJin H(2016)Reducing TCB of Linux Kernel Using User-Space Device DriverAlgorithms and Architectures for Parallel Processing10.1007/978-3-319-49583-5_45(572-585)Online publication date: 25-Nov-2016
https://doi.org/10.1007/978-3-319-49583-5_45
Bruns FKuschnerus DBilgic AShin SMaldonado J(2013)Virtualization for safety-critical, deeply-embedded devicesProceedings of the 28th Annual ACM Symposium on Applied Computing10.1145/2480362.2480640(1485-1492)Online publication date: 18-Mar-2013
https://dl.acm.org/doi/10.1145/2480362.2480640
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents