article

Free access

The operating system kernel as a secure programmable machine

Authors:

Dawson R. Engler,

M. Frans Kaashoek,

James W. O'Toole, Jr.Authors Info & Claims

ACM SIGOPS Operating Systems Review, Volume 29, Issue 1

Pages 78 - 82

https://doi.org/10.1145/202453.202474

Published: 11 January 1995 Publication History

Abstract

To provide modularity and performance, operating system kernels should have only minimal embedded functionality. Today's operating systems are large, inefficient and, most importantly, inflexible. In our view, most operating system performance and flexibility problems can be eliminated simply by pushing the operating system interface lower. Our goal is to put abstractions traditionally implemented by the kernel out into user-space, where user-level libraries and servers abstract the exposed hardware resources. To achieve this goal, we have defined a new operating system structure, exokernel, that safely exports the resources defined by the underlying hardware. To enable applications to benefit from full hardware functionality and performance, they are allowed to download additions to the supervisor-mode execution environment. To guarantee that these extensions are safe, techniques such as code inspection, inlined cross-domain procedure calls, and secure languages are used. To test and evaluate exokernels and their customization techniques a prototype exokernel, Aegis, is being developed.

References

[1]

[1] M. Accetta, R. Baron, W. Bolosky, D. Golub, R. Rashid, A. Tevanian, and M. Young. Mach: a new kernel foundation for UNIX development. Proc. Summer 1986 USENIX Conference, pages 93-112, July 1986.

[2]

[2] T.E. Anderson. The case for application-specific operating systems. In Third Workshop on Workstation Operating Systems, pages 92-94, 1992.

[3]

[3] T.E. Anderson, H.M. Levy, B.N. Bershad, and E.D. Lazowska. The interaction of architecture and operating system design. In Proc. Fourth International Conference on ASPLOS, 1991.

Digital Library

[4]

[4] A.W. Appel and K. Li. Virtual memory primitives for user programs. In Proc. Fourth International Conference on ASPLOS, pages 96-107, Santa Clara, CA, April 1991.

Digital Library

[5]

[5] B.N. Bershad, C. Chambers, S. Eggers, C. Maeda, D. Mc-Namee, P. Pardyak, S. Savage, and E. Sirer. Spin - an extensible microkernel for application-specific operating system services. TR 94-03-03, Univ. of Washington, February 1994.

[6]

[6] M.A. Blumrich, K. Li, R. Alpert, C. Dubnicki, E.W. Felten, and J. Sandberg. Virtual memory mapped network interface for the SHRIMP multicomputer. The 21st Annual International Symposium on Computer Architecture, pages 142-153, April 1994.

Digital Library

[7]

[7] J. Bradley Chen and Brian N. Bershad. The impact of operating system structure on memory system performance. Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles, 1993.

Digital Library

[8]

[8] D. Cheriton and K. Duda. A caching model of operating system kernel functionality. Proceedings of the Sixth SIGOPS European Workshop, September 1994.

Digital Library

[9]

[9] R. J. Creasy. The origin of the VM/370 time-sharing system. IBM J. Research and Development, 25(5):483-490, September 1981.

Digital Library

[10]

[10] H. Custer. Inside Windows/NT. Microsoft Press, Redmond, WA, 1993.

Digital Library

[11]

[11] P. Deutsch and C.A. Grant. A flexible measurement tool for software systems. Information Processing 71, 1971.

[12]

[12] D.R. Engler and T.A. Proebsting. DCG: An efficient, retargetable dynamic code generation system. Proceedings of ASPLOS-VI, pages 263-272, October 1994.

Digital Library

[13]

[13] Per Brinch Hansen. The nucleus of a multiprogramming system. Communications of the ACM, 13(4):238-241, April 1970.

Digital Library

[14]

[14] J.H. Hartman, A.B. Montz, David Mosberger, S.W. O'Malley, L.L. Peterson, and T.A. Proebsting. Scout: A conununication-oriented operating system. Technical Report TR 94-20, University of Arizona, Tucson, AZ, June 1994.

[15]

[15] Kieran Harty and David R. Cheriton. Application-controlled physical memory using external page-cache management. Proc. of the Fifth Conf. on Architectural Support for Programming languages and Operating Systems , pages 187-199, October 1992.

Digital Library

[16]

[16] D. Hildebrand. An architectural overview of QNX. Proc. Usenix Workshop on Micro-kernels and Other Kernel Architectures , April 1992.

Digital Library

[17]

[17] D.H.R. Huxtable and M.T. Warwick. Dynamic supervisors -- their design and construction. Proceedings of the First ACM Symposium on Operating Systems Principles, 1967.

Digital Library

[18]

[18] G. Kiczales, J. Lamping, C. Maeda, D. Keppel, and D. McNamee. The need for customizable operating systems. In Fourth Workshop on Workstation Operating Systems , pages 165-170, October 1993.

[19]

[19] J. Kuskin et al. The Stanford FLASH multiprocessor. The 21st Annual International Symposium on Computer Architecture, pages 302-313, April 1994.

Digital Library

[20]

[20] B.W. Lampson. On reliable and extendable operating systems. State of the Art -Report, 1, 1971.

[21]

[21] B.W. Lampson and H.E. Sturgis. Reflections on an operating system design. Communications of the ACM, 19(5):251-265, May 1976.

Digital Library

[22]

[22] H. Massalin. Synthesis: an efficient implementation of fundamental operating system services. PhD thesis, Columbia University, 1992.

Digital Library

[23]

[23] S.J. Mullender, G. van Rossum, A.S. Tanenbaum, R. van Renesse, and H. van Staveren. Amoeba: a distributed operating system for the 1990s. IEEE Computer, 23(5):44- 53, May 1990.

Digital Library

[24]

[24] A.C. Myers. Resolving the integrity/performance conflict. In Fourth Workshop on Workstation Operating Systems, pages 156-160, October 1993.

[25]

[25] David Nagle, Richard Uhlig, Tim Stanley, Stuart Sechrest, Trevor Mudge, and Richard Brown. Design tradeoffs for software-managed TLBs. 20th Annual International Symposium on Computer Architecture, pages 27-38, 1993.

Digital Library

[26]

[26] R.F. Rashid and G. Robertson. Accent: A communication oriented network operating system kernel. Proceedings of the Eighth ACM Symposium on Operating Systems Principles , pages 64-75, December 1981.

Digital Library

[27]

[27] D.D. Redell, Y.K. Dalal, T.R. Horsley, H.C. Lauer, W.C. Lynch, P.R. McJones, H.G. Murray, and S.C. Purcell. Pilot: An operating system for a personal computer. Communications of the ACM, 23(2):81-92, February 1980.

Digital Library

[28]

[28] M. Rozier, V, Abrossimov, F. Armand, I. Boule, M. Gien, M. Guillemont, F. Herrmann, C. Kaiser, S. Langlois, P. Leonard, and W. Neuhauser. Chorus distributed operating system: Computing Systems, 1(4):305-370, 1988.

[29]

[29] M. Stonebraker. Operating system support for database management. CACM, 24(7):412-418, July 1981.

Digital Library

[30]

[30] A.S. Tanenbaum, R. van Renesse, H. van Staveren, G. Sharp, S.J. Mullender, A. Jansen, and G. van Rossum. Experiences with the Amoeba distributed operating system. Communications of the ACM, 33(12):46-63, December 1990.

Digital Library

[31]

[31] Chandramohan A. Thekkath and Henry M. Levy. Hard-ware and software support for efficient exception handling. In Sixth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS- VI), 1994.

Digital Library

[32]

[32] R. Wahbe, S. Lucco, T. Anderson, and S. Graham. Efficient software-based fault isolation. Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles , pages 203-216, 1993.

Digital Library

[33]

[33] B.A. Wichmann. A modular operating system. Proc. IFIP Cong. 1968, 1968.

[34]

[34] W. Wulf, E L. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, and F. Pollack. HYDRA: The kernel of a multiprocessing operating system. Communications of the ACM, 17(6):337-345, July 1974.

Digital Library

Cited By

Novković BGolub M(2023)Improving monolithic kernel security and robustness through intra-kernel sandboxingComputers & Security10.1016/j.cose.2023.103104127(103104)Online publication date: Apr-2023
https://doi.org/10.1016/j.cose.2023.103104
Greenhorn S(2020)Toward a Secure Platform for Brain-Connected Devices—Issues and Current SolutionsIEEE Transactions on Technology and Society10.1109/TTS.2020.30059671:3(161-172)Online publication date: Sep-2020
https://doi.org/10.1109/TTS.2020.3005967
Thompson WKarne RWijesinha AChang H(2017)Interoperable SQLite for a Bare PCBeyond Databases, Architectures and Structures. Towards Efficient Solutions for Data Analysis and Knowledge Representation10.1007/978-3-319-58274-0_15(177-188)Online publication date: 27-Apr-2017
https://doi.org/10.1007/978-3-319-58274-0_15
Show More Cited By

Index Terms

The operating system kernel as a secure programmable machine

Recommendations

The operating system kernel as a secure programmable machine
EW 6: Proceedings of the 6th workshop on ACM SIGOPS European workshop: Matching operating systems to application needs

Operating systems should provide only minimal embedded kernel functionality. Exokernels achieve this minimalist goal by presenting to applications the features supported by the underlying hardware resources. Applications customize the operating system ...
THE LINUX OPERATING SYSTEM: AN INTRODUCTION
An Object-Oriented Nano-Kernel for Operating System Hardware Support
IWOOOS '95: Proceedings of the 4th International Workshop on Object-Orientation in Operating Systems

Abstract: The nano-kernel in the /spl mu/Choices operating system provides hardware support for the operating system. The nano-kernel is a single, modular subsystem that encapsulates the hardware and presents an idealized machine architecture to the ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGOPS Operating Systems Review

ACM SIGOPS Operating Systems Review Volume 29, Issue 1

Jan. 1995

94 pages

ISSN:0163-5980

DOI:10.1145/202453

Editor:
William M. Waite
Univ. of Colorado, Boulder

Issue’s Table of Contents

Copyright © 1995 Copyright is held by the owner/author(s).

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 January 1995

Published in SIGOPS Volume 29, Issue 1

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
332
Total Downloads

Downloads (Last 12 months)169
Downloads (Last 6 weeks)22

Reflects downloads up to 13 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Novković BGolub M(2023)Improving monolithic kernel security and robustness through intra-kernel sandboxingComputers & Security10.1016/j.cose.2023.103104127(103104)Online publication date: Apr-2023
https://doi.org/10.1016/j.cose.2023.103104
Greenhorn S(2020)Toward a Secure Platform for Brain-Connected Devices—Issues and Current SolutionsIEEE Transactions on Technology and Society10.1109/TTS.2020.30059671:3(161-172)Online publication date: Sep-2020
https://doi.org/10.1109/TTS.2020.3005967
Thompson WKarne RWijesinha AChang H(2017)Interoperable SQLite for a Bare PCBeyond Databases, Architectures and Structures. Towards Efficient Solutions for Data Analysis and Knowledge Representation10.1007/978-3-319-58274-0_15(177-188)Online publication date: 27-Apr-2017
https://doi.org/10.1007/978-3-319-58274-0_15
Peng IMarkidis SLaure EKestor GGioiosa R(2016)Idle Period Propagation in Message-Passing Applications2016 IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems (HPCC/SmartCity/DSS)10.1109/HPCC-SmartCity-DSS.2016.0134(937-944)Online publication date: Dec-2016
https://doi.org/10.1109/HPCC-SmartCity-DSS.2016.0134
Morari AGioiosa RWisniewski RCazorla FValero M(2011)A Quantitative Analysis of OS NoiseProceedings of the 2011 IEEE International Parallel & Distributed Processing Symposium10.1109/IPDPS.2011.84(852-863)Online publication date: 16-May-2011
https://dl.acm.org/doi/10.1109/IPDPS.2011.84
Gioiosa RMcKee SValero M(2010)Designing OS for HPC ApplicationsProceedings of the 2010 IEEE International Conference on Cluster Computing10.1109/CLUSTER.2010.16(78-87)Online publication date: 20-Sep-2010
https://dl.acm.org/doi/10.1109/CLUSTER.2010.16
Nollet VVerkest DCorporaal H(2010)A Safari Through the MPSoC Run-Time Management JungleJournal of Signal Processing Systems10.1007/s11265-008-0305-460:2(251-268)Online publication date: 1-Aug-2010
https://dl.acm.org/doi/10.1007/s11265-008-0305-4
Detmold HFalkner KMunro DOlds TZakarevicius A(2006)Evolving System Services to Meet Application RequirementsProceedings of the 39th Annual Hawaii International Conference on System Sciences - Volume 0910.1109/HICSS.2006.164Online publication date: 4-Jan-2006
https://dl.acm.org/doi/10.1109/HICSS.2006.164
Strumpen VRamkumar BCasavant TReddy S(2005)Perspectives for high performance computing in workstation networksHigh-Performance Computing and Networking10.1007/3-540-61142-8_640(880-889)Online publication date: 18-Aug-2005
https://doi.org/10.1007/3-540-61142-8_640
Kuacharoen PAkgul TMooney VMadisetti V(2001)Adaptability, extensibility and flexibility in real-time operating systemsProceedings Euromicro Symposium on Digital Systems Design10.1109/DSD.2001.952348(400-405)Online publication date: 2001
https://doi.org/10.1109/DSD.2001.952348
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents