The Aegis Exokernel

Download Report

Transcript The Aegis Exokernel

MIT’s Exokernel
Presented by
Victoria Barrow
Kyle Safford
Sean Sommers
Traditional Operating Systems
– Overly Complicated
• More included than necessary
– Inflexible
• Abstractions are hardcoded and hard to change
– Inefficient
• Application programmers have to work around the
hardcoded abstractions
The Exokernel’s Design Principles
– Separation of protection from
management
• Library Operating Systems manage
resources
• Exokernel ensures protection of resources
– Expose as much of the resources as possible
while still ensuring security
Techniques to Export and Expose
Resources Securely
– Secure bindings
– Visible revocation
– Abort Protocol
The Aegis Exokernel
• Represents CPU as linear vector of time
slices.
• Can be allocated similarly to physical
memory.
• Beginning and end time slices denoted by
timer interrupts. (similar deliver to
exceptions)
• General purpose context switching done
through the applications’ handlers.
Aegis Scheduling and Processor
Environments
• Scheduling of the time
slices is done Round
Robin style.
• Scheduling of Library
OSes, not of processes and
threads.
• Fairness achieved through
binding the time an
application takes to save
its context.
• Processor Environments
store information needed
to deliver events.
• Contain four contexts to
support four kinds of
events.
–
–
–
–
Exception context
Interrupt context
Protected Entry context
Addressing context
Procedure & System calls
Exceptions
• Aegis has two system call
paths
– do not require stack/ require
stack
• Exceptions
– unalign (unaligned pointer
access)
– overflow
– coproc (floating point)
– prot (access to protected
pages)
Address Translations &Protected
Control Transfers
• Address Translations
– Two problems with
supporting application level
VM.
• Must provide
bootstrapping for virtual
naming system
• Must support virtual
memory efficiently
• Protected Control
Transfers
– Provides synchronous &
asynchronous for efficient
implementations of IPC
abstractions.
– Both guaranty two
important properties
• An atomic protected
control transfer.
• Aegis will not overwrite
any application visible
register.
Xok/ExOS
• Xok
–
–
–
–
–
–
Utilized for x86-based computers
Provides protection for accessing higher-level objects
Multiplexes like Aegis and uses round-robin-scheduling
Implements a low-level interface and allows versatility
Implements predicates
Requires explicit credentials to allow access
Xok/ExOS
• ExOS
–
–
–
–
LibOS that supports abstractions
Utilizes a process map
Utilizes a global file descriptor table
Must use shared libraries
Xok/ExOS Performance
Conclusion
Questions???