1. Microkernels How to build a dependable, modular and secure operating system?

2. Goals of Lecture §to show that operating system can be divided into sets of abstractions, mechanisms and policies §to explain the alternative way an operating system can be built §to present main design issues of KeyKOS microkernel

3. Structure of Lecture §introduction to microkernel technology §comparison of monolithic OS with microkernel based OS §description of KeyKOS microkernel

4. Concept of Microkernel §the idea dates back to 1969 when was introduced by Per Brinch Hansen §alternative approach to operating system construction §attempt to make operating systems more modular, more extendable, more secure and more reliable

5. Monolithic Operating System §kernel of monolithic operating system provides high-level abstractions and realises sophisticated resource scheduling policies §as kernel does too many things, it tends to be large and unreliable §additionally, monolithic OS cannot evolve over time to meet new requirements

6. Microkernel Approach §microkernel implements only small set of simple abstractions and mechanisms §higher level abstraction and services are provided by ordinary sequential processes §the computing environment is created by co-operating processes

7. Advantages of Microkernel §various parts of OS can be designed, implemented, tested and executed independently §as components of OS and their mutual relations can change over time, the evolution is easy to take place §more operating systems can run on top of microkernel simultaneously

8. Disadvantages of Microkernels §as most of services are provided by computational processes, there are much more context switches and larger communication overhead compared to monolithic OS

9. KeyKOS The nanokernel architecture

10. Objectives of KeyKOS §To solve the security, data sharing, pricing, reliability and extensibility requirements of a commercial computer service in a network environment

11. History of KeyKOS §1972written description §1974development funding §1976first terminal message §1979public presentation

12. Architectural Foundations §Stateless kernel §Single-level store §Capabilities

13. Stateless Kernel §the system outside the microkernel is completely described by contents of pages and nodes, which are persistent §all microkernel state can be derived after system crash or power outage §memory functions merely as a disk cache

14. Single-Level Persistent Store §applications, like memory pages, are persistent §data consistency is guaranteed by making periodic checkpoint §persistence is rule, not exception

15. Objects and Capabilities §every object in the system is exclusively referred to by one or more capabilities §capability gives its holder the authority to request a service from object it names; object has no intrinsic authority §messages are the only form of interaction between objects

16. Computing Model §it is worth to view microkernel as a virtual machine which provides objects with communication capability and primitive objects §further, the notion of isolated application can be replaced by the paradigm of co- operating components

17. Primitive Objects §all state information in the system is stored in two types of primitive objects l pages which can store data l nodes which can store capabilities §primitive objects are persistent §it follows that any non-primitive object in the system is persistent as well

18. Fundamental Objects §objects built from one or more nodes and/or pages and interpreted by the kernel itself l domains provide an environment in which process can execute l segments define a portion of memory storage l meters control and measure computer resources

19. Computing Issues §all policy issues are removed from kernel by introducing the concept of keepers l domain keeper l segment keeper l meter keeper

20. Security Issues §we cannot always anticipate the security policies which will be needed in the future §it proves useful to separate security (policies) from protection (mechanisms) §system should obey the Principle of Least Authority