Presentation is loading. Please wait.

Presentation is loading. Please wait.

Extensible Kernels Mingsheng Hong. OS Kernel Types Monolithic Kernels Microkernels – Flexible (?) – Module Design – Reliable – Secure Extensible Kernels.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Extensible Kernels Mingsheng Hong. OS Kernel Types Monolithic Kernels Microkernels – Flexible (?) – Module Design – Reliable – Secure Extensible Kernels."— Presentation transcript:

1 Extensible Kernels Mingsheng Hong

2 OS Kernel Types Monolithic Kernels Microkernels – Flexible (?) – Module Design – Reliable – Secure Extensible Kernels – Can be customized (extended, specialized, replaced) More functionality Better performance

3 Motivations Problems in traditional OS kernels – Implementation cannot be modified LRU as general page replacement strategy – Hide information of machine resources Not always appropriate in achieving high performance – database on top of file system – Provide a unified interface (overly general) Trade-offs for different applications – page table structure

4 Approaches Exokernel: safely expose machine resources – Higher-level abstractions are implemented in applications – The concept of Library OS – Safety ensured by secure bindings SPIN: use kernel extensions to safely extend/change OS services/implementations – Event-driven model to customize services – Efficiency preserved – Safety ensured by PL facilities

5 Exokernel: Overview An extension of RISC philosophy Kernel provides minimum services – Hardware resource protection Allocation Revocation Sharing Tracking of ownership – Resource usage arbitration Including an abort protocol LibOS as powerful as traditional OS

6 Exokernel: OS Component Layout Exokernel

7 A Motivating Example *This example is borrowed from MIT website

8 The Reality …

9 If Exokernel is Used…

10 Exokernel: Design Principle To separate protection from management – Can protect resources without understanding them When knowledge of resource is required – Can leave decisions to applications by downloading code – Another level of indirection without sacrificing performance

11 Exokernel: Secure Bindings Why? – Library OSes are untrusted How? – Hardware mechanism TLB entry – Software caching STLB – Downloading application code

12 Secure Bindings Multiplexing physical memory – Records capabilities: ownership, R/W permissions (authorization at bind time) – Checks capabilities(authentication at access time) – Enables resource sharing (How?)

13 Secure Bindings via Downloading Code Multiplexing the network – Uses Application-specific Safe Handlers (ASHs) – Performance Eliminate kernel crossings Decouple latency-critical operations from process scheduling – Safety Can be verified and trusted

14 More on ASHs An ASH can serve as a – Packet filter – Computation unit checksumming – Message initiator – Control initiator

15 Issues in Resource Revocation Visible deallocation of resource – So that library OS has a chance to react e.g. when physical page “5” is deallocated – But could be less efficient Can combine invisible revocation Library OS can be prepared for such occasions But when application does not cooperate… – Abort Protocol – imperative revocation e.g. cpu time slice Need to leave some resource for each libOS – Guaranteed mapping

16 Experiment: Aegis & ExOS Aegis: an exokernel on MIPS-based DECstation – Xok: another exokernel for Intel x86 computers ExOS: the corresponding library OS – Virtual memory, IPC are managed at application level – Can be extended Performance compared with: Ultrix

17 Procedure and System Calls

18 Protected Control Transfers Suggested reasons (?) – Kernal crossing – TLB flush

19 ExOS: IPC, VM

20 ASH: Scalability

21 Conclusion Securely multiplexes hardware resources, to achieve more flexibility & efficiency – OS primitives – High level abstractions: VM, IPC – Implementation can be customized (libOS)

22 Some Issues Exokernel – Portability Library OS – Too much code in user space? – Not easy to customize? OSKit, SPIN – Should provide a standard interface? – Security

23 SPIN: an Extensible OS Uses language features to make a system – Extensible Dynamic linking & later binding – Safe Type safe language – Efficient In kernel space Modula-3 features: memory safe; interfaces

24 Traditional OSes *This picture is borrowed from Univ. of Washington website

25 SPIN Structure *This picture is borrowed from Univ. of Washington website

26 The Protection Model Pointers as capabilities – Types not forgeable – Determined at compile-time => efficient – Externalized when passed across domains An object is safe if – Verified by the compiler – Or asserted so by the kernel (objected implemented in other languages)

27 The Extension Model Events and handlers event handlers P1 P2 P3 Execution of handlers can be Synchronous/ asynchronous Bounded in time Ordered/unordered predicates

28 Core Services Services that cannot be safely implemented by extensions Simple functionality Fine grained control

29 Core Services: Memory Management Manage memory and processor resources – MM interfaces Storage: allocate, deallocate, reclaim Naming : allocate, deallocate Translation: add/remove/examine mapping – Exceptions PageNotPresent BadAddress ProtectionFault – Address space model can be defined on top of the primitives

30 Core Services: Thread Management Thread Management – Strand interface block/unblock checkpoint/resume – Global and application-specific schedulers – Thread model can be defined on top of the primitives Core services are trusted – Extensions should be fault-isolated

31 Performance I: Competitors DEC OSF/1: monolithic kernel Mach 3.0: microkernel SPIN: extensible kernel

32 Performance II: Microbenchmarks IPC Thread management

33 VM primitives Kernel crossings Overhead in demultiplexing exception (?)

34 Performance III: Networking Latency and bandwidth Packet forwarding

35 End-to-End Performance Networked Video System A dilemma in web server buffer management -- hybrid cache policy

36 Issues in SPIN Scalability of the event/handler model How to prioritize handlers? – Throughput vs. fairness Extensibility limited by interfaces

37 Conclusion Two methods to make OS more flexible & efficient Both reduce kernel crossings – Exokernel: libOS – SPIN: link extension code to kernel space

Download ppt "Extensible Kernels Mingsheng Hong. OS Kernel Types Monolithic Kernels Microkernels – Flexible (?) – Module Design – Reliable – Secure Extensible Kernels."

Similar presentations

Northwestern University 2007 Winter – EECS 443 Advanced Operating Systems Exokernel: An Operating System Architecture for Application-Level Resource Management.

Northwestern University 2007 Winter – EECS 443 Advanced Operating Systems Exokernel: An Operating System Architecture for Application-Level Resource Management.
Slide 19-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 19.

Slide 19-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 19.
CS533 Concepts of Operating Systems Class 14 Virtualization and Exokernels.

CS533 Concepts of Operating Systems Class 14 Virtualization and Exokernels.
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Chorus and other Microkernels Presented by: Jonathan Tanner and Brian Doyle Articles By: Jon Udell Peter D. Varhol Dick Pountain.

Chorus and other Microkernels Presented by: Jonathan Tanner and Brian Doyle Articles By: Jon Udell Peter D. Varhol Dick Pountain.
Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.

Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.
Exokernel: An Opertion System Architecture for Application-Level Resource Management SIGCOMM ’ 96, PDOS-MIT Presented by Ahn Seunghoon Dawson R. Engler,

Exokernel: An Opertion System Architecture for Application-Level Resource Management SIGCOMM ’ 96, PDOS-MIT Presented by Ahn Seunghoon Dawson R. Engler,
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, David Becker, Marc.

Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, David Becker, Marc.
Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,

Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,
Extensible Kernels: Exokernel and SPIN Presented by Hakim Weatherspoon (Based on slides from Edgar Velázquez-Armendáriz and Ken Birman)

Extensible Kernels: Exokernel and SPIN Presented by Hakim Weatherspoon (Based on slides from Edgar Velázquez-Armendáriz and Ken Birman)
Extensible Kernels Edgar Velázquez-Armendáriz September 24 th 2009.

Extensible Kernels Edgar Velázquez-Armendáriz September 24 th 2009.
G22.3250-001 Robert Grimm New York University Extensibility: SPIN and exokernels.

G Robert Grimm New York University Extensibility: SPIN and exokernels.
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Virtual Memory Virtual Memory Management in Mach Labels and Event Processes in Asbestos Ingar Arntzen.

Virtual Memory Virtual Memory Management in Mach Labels and Event Processes in Asbestos Ingar Arntzen.
Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr.

Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr.
Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s.

Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s.
Dawson R. Engler, M. Frans Kaashoek, and James O'Tool Jr.

Dawson R. Engler, M. Frans Kaashoek, and James O'Tool Jr.

Similar presentations

Ads by Google