On traditional operating systems only trusted software such as privileged servers or the kernel can manage resources. This thesis proposes a new approach, the exokernel architecture, which makes resource management unprivileged but safe by separating management from protection: an exokernel protects resources, while untrusted application-level software manages them. As a result, in an exokernel system, untrusted software (e.g., library operating systems) can implement abstractions such as virtual memory, file systems, and networking.
The main thrusts of this thesis are: (1) how to build an exokernel system; (2) whether it is possible to build a real one; and (3) whether doing so is a good idea. Our results, drawn from two exokernel systems [25, 48], show that the approach yields dramatic benefits. For example, Xok, an exokernel, runs a web server an order of magnitude faster than the closest equivalent on the same hardware, common unaltered Unix applications up to three times faster, and improves global system performance up to a factor of five.
The thesis also discusses some of the new techniques we have used to remove the overhead of protection. The most unusual technique, untrusted deterministic functions, enables an exokernel to verify that applications correctly track the resources they own, eliminating the need for it to do so. Additionally, the thesis reflects on the subtle issues in using downloaded code for extensibility and the sometimes painful lessons learned in building three exokernel-based systems. (Copies available exclusively from MIT Libraries, Rm. 14-0551, Cambridge, MA 02139-4307. Ph. 617-253-5668; Fax 617-253-1690.)
Cited By
- Vieira Neto L, Ierusalimschy R, de Moura A and Balmer M (2014). Scriptable operating systems with Lua, ACM SIGPLAN Notices, 50:2, (2-10), Online publication date: 12-May-2015.
- Vieira Neto L, Ierusalimschy R, de Moura A and Balmer M Scriptable operating systems with Lua Proceedings of the 10th ACM Symposium on Dynamic languages, (2-10)
- Abolfazli S, Sanaei Z, Gani A, Xia F and Yang L (2014). Rich Mobile Applications, Journal of Network and Computer Applications, 40:C, (345-362), Online publication date: 1-Apr-2014.
- Aycock J, de Castro D, Locasto M and Jarabek C Babel Proceedings of the 2012 ACM Workshop on Cloud computing security workshop, (43-54)
- Karne R, Jaganathan K, Rosa N and Ahmed T DOSC Companion to the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, (55-62)
- Teng Q, Chen X and Zhao X On generalizing interrupt handling into a flexible binding model for kernel components Proceedings of the First international conference on Embedded Software and Systems, (423-429)
- Burnside M and Keromytis A High-speed I/O Proceedings of the ACM SIGCOMM workshop on Network-I/O convergence: experience, lessons, implications, (220-227)
Recommendations
The Linux Operating System
The enormous consumer market for IBM PCs and compatibles has made them affordable. Now, with a free operating system called Linux, these inexpensive machines can be converted into powerful workstations for teaching, research, and software development. ...
A robust and flexible operating system compatibility architecture
VEE '20: Proceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsRunning applications for one operating system (OS) on another OS is useful in many cases. However, porting applications requires high development costs and running applications in a virtual machine poses resource sharing problems. A promising approach ...