Results 1 - 10
of
40
Exokernel: An Operating System Architecture for Application-Level Resource Management
, 1995
"... We describe an operating system architecture that securely multiplexes machine resources while permitting an unprecedented degree of application-specific customization of traditional operating system abstractions. By abstracting physical hardware resources, traditional operating systems have signifi ..."
Abstract
-
Cited by 724 (24 self)
- Add to MetaCart
(Show Context)
We describe an operating system architecture that securely multiplexes machine resources while permitting an unprecedented degree of application-specific customization of traditional operating system abstractions. By abstracting physical hardware resources, traditional operating systems have significantly limited the performance, flexibility, and functionality of applications. The exokernel architecture removes these limitations by allowing untrusted software to implement traditional operating system abstractions entirely at application-level. We have implemented a prototype exokernel-based system that includes Aegis, an exokernel, and ExOS, an untrusted application-level operating system. Aegis defines the low-level interface to machine resources. Applications can allocate and use machine resources, efficiently handle events, and participate in resource revocation. Measurements show that most primitive Aegis operations are 10–100 times faster than Ultrix,a mature monolithic UNIX operating system. ExOS implements processes, virtual memory, and inter-process communication abstractions entirely within a library. Measurements show that ExOS’s application-level virtual memory and IPC primitives are 5–50 times faster than Ultrix’s primitives. These results demonstrate that the exokernel operating system design is practical and offers an excellent combination of performance and flexibility. 1
Extensibility, safety and performance in the SPIN operating system
, 1995
"... This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure, together with a core set of extensible services, that allow applications to safely change the operating system's interface and implementation. Ex ..."
Abstract
-
Cited by 461 (16 self)
- Add to MetaCart
This paper describes the motivation, architecture and performance of SPIN, an extensible operating system. SPIN provides an extension infrastructure, together with a core set of extensible services, that allow applications to safely change the operating system's interface and implementation. Extensions allow an application to specialize the underlying operating system in order to achieve a particular level of performance and functionality. SPIN uses language and link-time mechanisms to inexpensively export ne-grained interfaces to operating system services. Extensions are written in a type safe language, and are dynamically linked into the operating system kernel. This approach o ers extensions rapid access to system services, while protecting the operating system code executing within the kernel address space. SPIN and its extensions are written in Modula-3 and run on DEC Alpha workstations. 1
A Secure and Reliable Bootstrap Architecture
- In IEEE Symposium on Security and Privacy
, 1997
"... In a computer system, the integrity of lower layers is treated as axiomatic by higher layers. Under the presumption that the hardware comprising the machine (the lowest layer) is valid, integrity of a layer can be guaranteed if and only if: (1) the integrity of the lower layers is checked, and (2) t ..."
Abstract
-
Cited by 309 (20 self)
- Add to MetaCart
In a computer system, the integrity of lower layers is treated as axiomatic by higher layers. Under the presumption that the hardware comprising the machine (the lowest layer) is valid, integrity of a layer can be guaranteed if and only if: (1) the integrity of the lower layers is checked, and (2) transitions to higher layers occur only after integrity checks on them are complete. The resulting integrity "chain " inductively guarantees system integrity. When these conditions are not met, as they typically are not in the bootstrapping (initialization) of a computer system, no integrity guarantees can be made. Yet, these guarantees are increasingly important to diverse applications such as Internet commerce, intrusion detection systems, and "active networks. " In this paper, we describe the AEGIS architecture for initializing a computer system. It validates integrity at each layer transition in the bootstrap process. AEGIS also includes a recovery process for integrity check failures, and we show how this results in robust systems. We discuss our prototype implementation for the IBM personal computer (PC) architecture, and show that the cost of such system
A Caching Model of Operating System Kernel Functionality
- In Proceedings of the First Symposium on Operating Systems Design and Implementation
, 1994
"... Operating system research has endeavored to develop micro-kernels that provide modularity, reliability and security improvements over conventional monolithic kernels. However, the resulting kernels have been slower, larger and more error-prone than desired. These efforts have also failed to provide ..."
Abstract
-
Cited by 120 (2 self)
- Add to MetaCart
(Show Context)
Operating system research has endeavored to develop micro-kernels that provide modularity, reliability and security improvements over conventional monolithic kernels. However, the resulting kernels have been slower, larger and more error-prone than desired. These efforts have also failed to provide sufficient application control of resource management required by sophisticated applications. This paper describes a caching model of operating system functionality as implemented in the Cache Kernel, the supervisor-mode component of the V++ operating system. The Cache Kernel caches operating system objects such as threads and address spaces just as conventional hardware caches memory data. User-mode application kernels handle the loading and writeback of these objects, implementing application-specific management policies and mechanisms. Experience with implementing the Cache Kernel and measurements of its performance on a multiprocessor suggest that the caching model can provide competitiv...
Exterminate all operating system abstractions
- PROCEEDINGS OF THE 5TH WORKSHOP ON HOT TOPICS IN OPERATING SYSTEMS HOTOS-V
, 1995
"... The defining tragedy of the operating systems community has been the definition of an operating system as software that both multiplexes and abstracts the hardware is based on the assumption that it is possible both to define abstractions that are appropriate for all areas and to implement them to p ..."
Abstract
-
Cited by 65 (1 self)
- Add to MetaCart
The defining tragedy of the operating systems community has been the definition of an operating system as software that both multiplexes and abstracts the hardware is based on the assumption that it is possible both to define abstractions that are appropriate for all areas and to implement them to perform efficiently in all situations. We believe that the fallacy of this quixotic goal is self-evident, and that the operating system problems of the last two decades (poor performance, poor reliability, poor adaptability, and in exibility) can be traced back to it. The solution we propose is simple: complete elimination of operating system abstractions by lowering the operating system interface to the hardware level.
A Secure Active Network Environment Architecture -- Realization in SwitchWare
- IEEE NETWORK
"... Active Networks is a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping with these security risks represents the most fundamental contribution of Active Network research. T ..."
Abstract
-
Cited by 65 (25 self)
- Add to MetaCart
(Show Context)
Active Networks is a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping with these security risks represents the most fundamental contribution of Active Network research. The security concerns can be divided into those which affect the network as a whole and those which affect individual elements. It is clear that the element problems must be solved first, as the integrity of networklevel solutions will be based on trust of the network elements. In this
Software Prefetching and Caching for Translation Lookaside Buffers
, 1994
"... A number of interacting trends in operating system structure, processor architecture, and memory systems are increasing both the rate of translation lookaside buffer (TLB) misses and the cost of servicing a miss. This paper presents two novel software schemes, implemented under Mach 3.0, to decrease ..."
Abstract
-
Cited by 53 (4 self)
- Add to MetaCart
A number of interacting trends in operating system structure, processor architecture, and memory systems are increasing both the rate of translation lookaside buffer (TLB) misses and the cost of servicing a miss. This paper presents two novel software schemes, implemented under Mach 3.0, to decrease both the number and the cost of kernel TLB misses (i.e., misses on kernel data structures, including user page tables). The first scheme is a new use of prefetching for TLB entries on the IPC path, and the second scheme is a new use of software caching of TLB entries for hierarchical page table organizations. For a range of applications, prefetching decreases the number of kernel TLB misses by 40% to 50%, and caching decreases TLB penalties by providing a fast path for over 90% of the misses. Our caching scheme also decreases the number of nested TLB traps due to the page table hierarchy, reducing the number of kernel TLB miss traps for applications by 20% to 40%. Prefetching and caching, ...
Vino: an integrated platform for operating systems and database research
, 1994
"... In 1981, Stonebraker wrote: Operating system services in many existing systems are either too slow or inappropriate. Current DBMSs usually provide their own and make little or no use of those o ered by the operating system. [STON81] The standard operating system model has changed little since that t ..."
Abstract
-
Cited by 29 (2 self)
- Add to MetaCart
(Show Context)
In 1981, Stonebraker wrote: Operating system services in many existing systems are either too slow or inappropriate. Current DBMSs usually provide their own and make little or no use of those o ered by the operating system. [STON81] The standard operating system model has changed little since that time, and we believe that, at its core, it is the wrong model for DBMS and other resource-intensive applications. The standard model is in exible, uncooperative, and irregular in its treatment of resources. We describe the design of a new system, the VINO kernel, which addresses the limitations of standard operating systems. It focuses on three key ideas: Applications direct policy. Kernel mechanisms are reusable by applications. All resources share a common extensible interface. VINO's power and exibility make it an ideal platform for the design and implementation of traditional and modern database management systems. 1
Comparing Kernel-Space and User-Space Communication Protocols on Amoeba
- IN PROC. OF THE 15TH INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS
, 1995
"... Most distributed systems contain protocols for reliable communication, which are implemented either in the microkernel or in user space. In the latter case, the microkernel provides only low-level, unreliable primitives and the higher-level protocols are implemented as a library in user space. This ..."
Abstract
-
Cited by 13 (9 self)
- Add to MetaCart
(Show Context)
Most distributed systems contain protocols for reliable communication, which are implemented either in the microkernel or in user space. In the latter case, the microkernel provides only low-level, unreliable primitives and the higher-level protocols are implemented as a library in user space. This approach is more flexible but potentially less efficient. We study the impact on performance of this choice for RPC and group communication protocols on Amoeba. An important goal in this paper is to look at overall system performance. For this purpose, we use several (communication-intensive) parallel applications written in Orca. We look at two implementations of Orca on Amoeba, one using Amoeba's kernel-space protocols and one using userspace protocols built on top of Amoeba's low-level FLIP protocol. The results show that comparable performance can be obtained with user-space protocols.
Issues in the Design of an Extensible Operating System
- In OSDI
, 1994
"... Extensible operating systems are designed around the principle that a system can be dynamically customized to best serve application needs. However, realizing this goal in a safe and efficient manner poses a number of unique problems. In this paper, we examine the requirements for constructing robus ..."
Abstract
-
Cited by 13 (1 self)
- Add to MetaCart
Extensible operating systems are designed around the principle that a system can be dynamically customized to best serve application needs. However, realizing this goal in a safe and efficient manner poses a number of unique problems. In this paper, we examine the requirements for constructing robust extensible systems and discuss implementation techniques to satisfy those requirements with low overhead. 1 Introduction An extensible operating system is composed of a set of interfaces and implementations that can be changed as needed by an application or a set of applications. The design of an extensible system reflects the position that the core services and performance requirements of all applications cannot be met entirely in advance by any operating system. Consequently, an extensible operating system must provide a software infrastructure into which new components can be installed as though they were part of the native system. In general, operating systems have attempted to provid...
