MK++ A High Assurance Operating System Kernel Shai Guday David Black.

Slides:



Advertisements
Similar presentations
Slide 19-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 19.
Advertisements

Software Engineering Key design concepts Design heuristics Design practices.
Threads, SMP, and Microkernels
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
14 Macintosh OS X Internals. © 2005 Pearson Addison-Wesley. All rights reserved The Macintosh Platform 1984 – first affordable GUI Based on Motorola 32-bit.
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-
Chapter 4 Threads, SMP, and Microkernels Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.
Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,
Presented By Srinivas Sundaravaradan. MACH µ-Kernel system based on message passing Over 5000 cycles to transfer a short message Buffering IPC L3 Similar.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Improving IPC by Kernel Design Jochen Liedtke Shane Matthews Portland State University.
Microkernels: Mach and L4
Figure 1.1 Interaction between applications and the operating system.
The Design of Robust and Efficient Microkernel ManRiX, The Design of Robust and Efficient Microkernel Presented by: Manish Regmi
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?
Computer System Architectures Computer System Software
UNIX System Administration OS Kernal Copyright 2002, Dr. Ken Hoganson All rights reserved. OS Kernel Concept Kernel or MicroKernel Concept: An OS architecture-design.
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
1 Micro-kernel. 2 Key points Microkernel provides minimal abstractions –Address space, threads, IPC Abstractions –… are machine independent –But implementation.
Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
Kernel, processes and threads Windows and Linux. Windows Architecture Operating system design Modified microkernel Layered Components HAL Interacts with.
Chapter 4 Threads, SMP, and Microkernels Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.
Design Tradeoffs For Software-Managed TLBs Authers; Nagle, Uhlig, Stanly Sechrest, Mudge & Brown.
4/2/03I-1 © 2001 T. Horton CS 494 Object-Oriented Analysis & Design Software Architecture and Design Readings: Ambler, Chap. 7 (Sections to start.
The Performance of Micro-Kernel- Based Systems H. Haertig, M. Hohmuth, J. Liedtke, S. Schoenberg, J. Wolter Presentation by: Seungweon Park.
Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-
Ihr Logo Operating Systems Internals & Design Principles Fifth Edition William Stallings Chapter 2 (Part II) Operating System Overview.
CPSC 372 John D. McGregor Module 3 Session 1 Architecture.
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
OSes: 3. OS Structs 1 Operating Systems v Objectives –summarise OSes from several perspectives Certificate Program in Software Development CSE-TC and CSIM,
KIT – The cooperation of Forschungszentrum Karlsruhe GmbH and Universität Karlsruhe (TH) SYSTEM ARCHITECTURE GROUP, KARLSRUHE UNIVERSITY A Microkernel.
Scott Ferguson Section 1
1 Choices “Our object-oriented system architecture embodies the notion of customizing operating systems to tailor them to support particular hardware configuration.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM
1 Threads, SMP, and Microkernels Chapter Multithreading Operating system supports multiple threads of execution within a single process MS-DOS.
CS533 - Concepts of Operating Systems 1 The Mach System Presented by Catherine Vilhauer.
Overview of Operating Systems Introduction to Operating Systems: Module 0.
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
M. Accetta, R. Baron, W. Bolosky, D. Golub, R. Rashid, A. Tevanian, and M. Young MACH: A New Kernel Foundation for UNIX Development Presenter: Wei-Lwun.
The Mach System Silberschatz et al Presented By Anjana Venkat.
BABCA Software Operating Systems (OS) aka Systems Software A set of instructions that coordinate all the activities among computer hardware resources.
What Makes Device Driver Development Hard Synthesizing Device Drivers Roumen Kaiabachev and Walid Taha Department of Computer Science, Rice University.
Threads, SMP and Microkernels Process vs. thread: –Unit of resource ownership (process has virtual address space, memory, I/O channels, files) –Unit of.
Threads, SMP, and Microkernels Chapter 4. Processes and Threads Operating systems use processes for two purposes - Resource allocation and resource ownership.
Chapter 2 Operating System Overview Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.
Computer System Structures
The Post Windows Operating System
Modularity Most useful abstractions an OS wants to offer can’t be directly realized by hardware Modularity is one technique the OS uses to provide better.
Resource Management IB Computer Science.
Memory COMPUTER ARCHITECTURE
The Mach System Sri Ramkrishna.
CASE STUDY 1: Linux and Android
Operating System Structure
1.1 Reasons to study concepts of PLs
Input/Output 1 1.
Object-Orientated Programming
Morgan Kaufmann Publishers
KERNEL ARCHITECTURE.
Lecture 14 Virtual Memory and the Alpha Memory Hierarchy
Threads, SMP, and Microkernels
Chapter 15, Exploring the Digital Domain
QNX Technology Overview
CGS 3763 Operating Systems Concepts Spring 2013
Lecture 4- Threads, SMP, and Microkernels
Morgan Kaufmann Publishers Memory Hierarchy: Virtual Memory
Operating Systems Structure
Operating Systems Structure
CSE 542: Operating Systems
Presentation transcript:

MK++ A High Assurance Operating System Kernel Shai Guday David Black

MK++ Results  MK++ is a complete reimplementation of the essential Mach abstractions for use in a B3 formal evaluation  A microkernel for TIS's TrustBase - B3 level assurance  Good performance as well as high assurance  An "essential microkernel" with only those features and functions truly needed  All B3 assurance requirements have been met  High Assurance Software Engineering  Object Oriented Layering

Brief History of Software Engineering

MK++ Internal Architecture Resource Management Objects Kernel Interface Space Accounting Processor Scheduling Connection Management Transfer Management Memory Extent Management Resident Memory Management Clock/Device Services Clock Mgmt Device Mgmt User Addr Space User Port Namespace VM Clocks and Devices Tasks, Threads, Resources PC

Object Decomposition

Relationship Decomposition

Benefits of Object Oriented Layering  Lock Hierarchy based on Layer Hierarchy  MK++ is fully preemptible and multithreaded  Simplified Initialization  Run constructors in order from lowest layer to highest layer  Easy to determine what functionality is available at each layer  Significant Layer Enforcement at Compile time  Compiler rejects circular inheritance  Header file discipline: don't include header files from higher layers ... in addition to improved code structure and assurance

A Few Words About Performance  MK++ Performance is comparable to Mach  Even on highly optimized Mach code paths  Performance is more robust (no special case `fast paths')  Kernel microbenchmarks (IPC, page fault, task create)  Extensive use of inline methods  MK++ has lots of tiny methods, but most of them are inline  Disciplined use of virtual methods  Layering forces attention to this  C++ is not slow in the hands of competent software engineers!

Sharper Tools  Layer Verification Tool  Enforce Layering Architecture  Covert Storage Channel Tool  Find all storage channels  But not timing channels  Tools find many problems missed by people  Incremental execution would be very useful  Hook tools into source control system

Formal Methods  Generated runtime assertions based on Formal Model  IPC subsystem invariant checks  The Good News:  Found 4 serious problems missed by development and review  The Bad News:  Missed at least one more  Kernel not exercised under all possible conditions  Test coverage is not a new problem  Neither is it a solved problem

Conclusion  Assurance is only possible if software practitioners can reason about the software  High assurance analysis and design necessary for high assurance software  Software engineering techniques exist for practical development of high assurance software  Complement of layering and object orientation support decomposition of complex system software, e.g. MK++ microkernel  Need advances in the state of the art  Object interface design  Dependency decomposition and encapsulation  Assured design patterns (aka frameworks)  Framework composition rules

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.