reflections on an operating system design butler w
play

Reflections on an Operating System Design Butler W. Lampson and - PowerPoint PPT Presentation

Introduction Kernel User Evaluation Reflections on an Operating System Design Butler W. Lampson and Howard E. Sturgis Presented by Neal H. Walfield Introduction Kernel User Evaluation Cal System General purpose OS 200 users


  1. Introduction Kernel User Evaluation Reflections on an Operating System Design Butler W. Lampson and Howard E. Sturgis Presented by Neal H. Walfield

  2. Introduction Kernel User Evaluation Cal System ◮ General purpose OS ◮ 200 users ◮ Classes of Applications ◮ Editing ◮ “Typical Fortran batch jobs” ◮ Large batch jobs ◮ Legacy support

  3. Introduction Kernel User Evaluation Structure ◮ Capabilities ◮ Objects ◮ Domains ◮ Layers ◮ Abstract machine / New architecture / Virtual Machine ◮ Unprivileged ◮ No reliance on later layers ◮ Explicit accounting

  4. Introduction Kernel User Evaluation Isolation ◮ Domains ◮ Protection from others ◮ Confined ◮ Controlled breaching via messaging

  5. Introduction Kernel User Evaluation First Protection Layer ◮ Microkernel ◮ 8 objects ◮ No reliance on disk

  6. Introduction Kernel User Evaluation Kernel Objects ◮ Kernel files - Mach Memory Object ◮ Event channels - Inter-process signalling (fixed size queue) ◮ Allocation blocks - Memory and CPU quota ◮ C-lists ◮ Capabilities ◮ Labels - Names a domain ◮ Processes - Hierarchy of domains ◮ Operations - Authority to invoke a domain

  7. Introduction Kernel User Evaluation Capabilities ◮ Name objects ◮ Data: < type , rights , value > ◮ value : object pointer or word ◮ As object pointer: < unique name , index > ◮ Indexes Master Object Table (MOT) ◮ Name stored in MOT entry ◮ O(1) revoke ◮ O(1) relocation

  8. Introduction Kernel User Evaluation Processes ◮ Virtual machine ◮ Contain tree of domains ◮ Call stack - no reply capability

  9. Introduction Kernel User Evaluation Operations ◮ Realize user-objects ◮ Sealed closures ◮ Authority to transfer control to another domain

  10. Introduction Kernel User Evaluation Extensibility ◮ Invalid operations return abnormal ly ◮ Kernel chains to next level in operation ◮ Cost of abstraction is zero ◮ Not for overriding functionality

  11. Introduction Kernel User Evaluation Disk Files ◮ Extend kernel files to support paging ◮ Invocation only goes to disk file when kernel file returns abnormally

  12. Introduction Kernel User Evaluation Directories ◮ Symbolic name to user capability ◮ Access control lists ◮ Directory is trusted by user?

  13. Introduction Kernel User Evaluation Accountability ◮ Reduction in sharing ◮ Difficult to attribute, e.g., automatic ◮ Lots of unnecessary paging

  14. Introduction Kernel User Evaluation Object Paging ◮ Kernel objects not paged: ◮ No reliance on disk (transparent paging) ◮ Data integrity 1 (user pagers) ◮ Kernel resources are sparse 1 User-level checkpointing through exportable kernel state: Tullmann, et al., 1996

  15. Introduction Kernel User Evaluation Duplicity ◮ Process ≈ Domains ◮ Event Channels ≈ Operations ◮ Motivated by performance concerns ◮ Unnecessary

  16. Introduction Kernel User Evaluation Negative Results ◮ 2–3 iterations for new ideas to be implemented efficiently ◮ Don’t ignore design flaws ◮ An OS is more than a kernel

  17. Introduction Kernel User Evaluation Positive Results ◮ Layering ◮ Simplification ◮ Reliability ◮ Capabilities ◮ Consistent and uniform naming ◮ Consistent and uniform access control ◮ Devices as processes

  18. Introduction Kernel User Evaluation My Observations ◮ Little focus on security ◮ Access control does not rely on delegation ◮ System not persistent

  19. Introduction Kernel User Evaluation Questions ◮ Domain Labels: identify a service in any process? ◮ How do types work?

Recommend


More recommend