Can We Make Operating Systems Reliable and

Download Report

Transcript Can We Make Operating Systems Reliable and 

Can We Make Operating Systems
Reliable and Secure?
Andrew S. Tanenbaum, Jorrit N. Herder, and Herbert Bos
Vrije Universiteit, Amsterdam
May 2006
Group 36
9962224 胡品捷
9962230 江彥勳
1
Outline

Introduction

Armored Operating Systems

L4 Microkernel

Multiserver Operating Systems

Language-Based Protection

Conclusion
2
Why we need more reliable and secure?

Most computer users are “normal people”

Less problem

More Convenient and Stable
3
Unreliable
Linux kernel
2.5 million lines of code
Windows xp kernel

Huge

Poor fault isolation

5
million lines of code
Example :
6-16 bugs / 1,000 lines of executable code
2-75 bugs / 1,000 lines of executable code
Linux kernel
15000 bugs totally
Windows xp kernel
30000 bugs totally
4
Procedure
1
Kernel
⇧
Fault isolation
• Virus
• Worm
Procedure
2
Procedure
n
5
Armored Operating Systems

Nooks – improve the reliability of OS
Focus on making device divers less dangerous

Goals:
• Protect the kernel against driver
failures.
• Recover automatically when a driver
fails.
• Do all of this with as few changes as
possible to existing drivers and the
kernel.
6
Isolation

Main tool : virtual memory paging map
Page 1
Driver
Running
Page 2
Page 3
Page 4
Read-only
7
Paravirtual Machines

Allow two or more OS

Good fault isolation

Problems can’t spread from one machine to another
8
L4 Microkernel

University of Karlsruhe

Linux -> L4 Linux

9
Linux -> modify -> Paravirtualization
Multiserver Operating Systems

Multiserver architecture

Features
Separate instruction and data spaces
10
Language-Based Protection

New protect system - Singularity

New type safe language – Sing#
Based on C#

Proction : Algol compiler’s “dangerous” code

Idea : Microsoft Research
11
Conclusion

Nooks – each driver individually wrapped in software jacket

Paravirtual machine
– moves the drivers to one or more machines
distinct from the main one

Multiserver – runs each driver and OS component in a separate process

Singularity
– uses a type-safe language
12