RELIABLE OPERATING SYSTEMS



Similar documents
MINIX3: A Reliable and Secure Operating System

Towards Secure and Reliable Firewall Systems based on Minix 3

CS161: Operating Systems

Example of Standard API

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Operating System Structure

Virtual Machines. COMP 3361: Operating Systems I Winter

Implementing MINIX on the Single Chip Cloud Computer

DEVICE DRIVERS AND TERRUPTS SERVICE MECHANISM Lesson-14: Device types, Physical and Virtual device functions

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

B) Using Processor-Cache Affinity Information in Shared Memory Multiprocessor Scheduling

CHAPTER 1: OPERATING SYSTEM FUNDAMENTALS

Tools Page 1 of 13 ON PROGRAM TRANSLATION. A priori, we have two translation mechanisms available:

Operating System Organization. Purpose of an OS

Operating Systems 4 th Class

How do Users and Processes interact with the Operating System? Services for Processes. OS Structure with Services. Services for the OS Itself

Operating System Structures

Weighted Total Mark. Weighted Exam Mark

Operating Systems. Design and Implementation. Andrew S. Tanenbaum Melanie Rieback Arno Bakker. Vrije Universiteit Amsterdam

Outline. Operating Systems Design and Implementation. Chap 1 - Overview. What is an OS? 28/10/2014. Introduction

COS 318: Operating Systems. Virtual Machine Monitors

Operating System Components

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study

Operating System Structures

CSE 120 Principles of Operating Systems. Modules, Interfaces, Structure

COS 318: Operating Systems. Virtual Machine Monitors

HPC performance applications on Virtual Clusters

Review from last time. CS 537 Lecture 3 OS Structure. OS structure. What you should learn from this lecture

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

OS Concepts and structure

Amoeba Distributed Operating System

Cover sheet. How do you create a backup of the OS systems during operation? SIMATIC PCS 7. FAQ November Service & Support. Answers for industry.

Design and Implementation of the Heterogeneous Multikernel Operating System

FAME Operating Systems

Network Attached Storage. Jinfeng Yang Oct/19/2015

A Project Summary: VMware ESX Server to Facilitate: Infrastructure Management Services Server Consolidation Storage & Testing with Production Servers

LynxOS RTOS (Real-Time Operating System)

COS 318: Operating Systems. Virtual Memory and Address Translation

CS 416: Opera-ng Systems Design

Virtualization. Michael Tsai 2015/06/08

Kernel Types System Calls. Operating Systems. Autumn 2013 CS4023

Why the Subsystem Storage Is a Must for the Applications of. Mission Critical Surveillance Projects? Application Notes

Virtualization. Dr. Yingwu Zhu

A Comparison of Distributed Systems: ChorusOS and Amoeba

Administering Microsoft SQL Server 2012 Databases

Proposal for Virtual Private Server Provisioning

A Survey on Virtual Machine Security

Chapter 6, The Operating System Machine Level

Full and Para Virtualization

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

Fault Tolerant Servers: The Choice for Continuous Availability on Microsoft Windows Server Platform

Multiprogramming. IT 3123 Hardware and Software Concepts. Program Dispatching. Multiprogramming. Program Dispatching. Program Dispatching

1. Computer System Structure and Components

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

OPERATING SYSTEMS STRUCTURES

theguard! ApplicationManager System Windows Data Collector

Discovering passwords in the memory

Chapter 3 Operating-System Structures

iseries Logical Partitioning

Operating Systems OS Architecture Models

Going Linux on Massive Multicore

Fastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems

Integrated System and Process Crash Recovery in the Loris Storage Stack

Leveraging Thin Hypervisors for Security on Embedded Systems

Applications Manager Best Practices document

Understanding the OS Architecture and Linux History. Zhiqiang Lin

Taking Linux File and Storage Systems into the Future. Ric Wheeler Director Kernel File and Storage Team Red Hat, Incorporated

Quick Start Guide. GV-Redundant Server GV-Failover Server. 1 Introduction. Packing List

Eloquence Training What s new in Eloquence B.08.00

Lecture 25 Symbian OS

Restoration Technologies. Mike Fishman / EMC Corp.

Virtualization System Security

: HP HP Version : R6.1

Outline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool

Oracle 12c Multitenant and Encryption in Real Life. Christian Pfundtner

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE, AND AGING

obems - open source Building energy Management System T4 Sustainability Ltd

Linux Driver Devices. Why, When, Which, How?

Patch and Vulnerability Management Program

Hi and welcome to the Microsoft Virtual Academy and

IFSM 310 Software and Hardware Concepts. A+ OS Domain 2.0. A+ Demo. Installing Windows XP. Installation, Configuration, and Upgrading.

Learning Objectives. Chapter 1: Networking with Microsoft Windows 2000 Server. Basic Network Concepts. Learning Objectives (continued)

Enterprise-Class Virtualization with Open Source Technologies

WinClon CC. Network-based System Deployment and Management Tool. A Windows Embedded Partner

Fault Tolerant Servers: The Choice for Continuous Availability

Lesson Objectives. To provide a grand tour of the major operating systems components To provide coverage of basic computer system organization

Chapter 15 Windows Operating Systems

Chapter 2 System Structures

Virtualization for Cloud Computing

Android Virtualization from Sierraware. Simply Secure

POSIX. RTOSes Part I. POSIX Versions. POSIX Versions (2)

Transcription:

RELIABLE OPERATING SYSTEMS Research Summary 1 st EuroSys Doctoral Workshop October 23, 2005 Brighton, UK Jorrit N. Herder Dept. of Computer Science Vrije Universiteit Amsterdam

PERCEIVED PROBLEMS Weak security and reliability Computer crashes Digital pests (viruses, worms, etc.) Complexity Hard to maintain and configure Too large for embedded and mobile computing

TYPICAL OS STRUCTURES KERNEL KERNEL L4 KERNEL (a) Monolithic kernel (b) Multiserver Hybrid kernel (c) Single server Minimal kernel

INHERENT PROPERTIES Fundamental design flaws in monolithic kernels All code runs at highest privilege level (breaches POLA) No proper fault isolation (any bug can be fatal) Huge amount of code in kernel (1 20 bugs per 1000 LOC) Untrusted, 3 rd party code in kernel (70% driver bugs) Hard to maintain and configure (limited portability) Lack of modularity causes problems Proper OS design can solve above problems

DESIGN OF A RELIABLE OS: MINIX 3 Recent work Design and implementation of server server server the MINIX 3 operating system Transformation into a minimal driver driver driver kernel design (< 3800 LOC) All servers and drivers run in a KERNEL (d) Multiserver Minimal kernel separate mode process Current research Additional reliability properties

MINIX 3: ACHIEVING RELIABILITY Design principles Simplicity Modularity Least authorization Fault tolerance How this helps Number of fatal bugs is reduced Damage that bugs can do is limited Recovery from common failures is possible

MINIX 3: STRUCTURAL MEASURES Stable minimal kernel (< 3800 LOC) reduces # fatal bugs Isolated, mode processes in private address space Reliable IPC: small, fixed size message passing Deadlock avoidance and deadlock detection Buffer overruns prevented and damage limited Bad pointers in OS are caught with MMU hardware Scheduler detects and tames infinite loops in OS Monitor and restart malfunctioning OS services

MINIX 3: PER PROCESS POLICIES IPC only possible if type and target are allowed Only exported list of kernel calls can be called Access to individual I/O ports can be restricted Access to remote memory, e.g., video RAM Scheduling priority and quantum size Period for reincarnation server status checks

MINIX 3: REINCARNATION SERVER Start servers and drivers (1) Encapsulate in new process 1 2 PM a RS 2 3 b FS (2) Assign only needed privileges (3) Start in controlled environment Monitor services driver (a) Immediate crash detection (b) Periodically check status KERNEL Fix problems Kill and restart fresh copy

SUMMARY & CONCLUSION Different OS structures and properties Fundamental problems with monolithic systems Inherent benefits of modular systems OS reliability is possible: MINIX 3 Multiserver OS with minimal kernel (< 3800 LOC) Improvements over other operating systems We reduce the number of fatal bugs We limit the damage bugs can do We can recover from common failures

QUESTIONS? The MINIX 3 team More information Jorrit Herder Web: www.minix3.org Ben Gras As of tomorrow! Philip Homburg Herbert Bos News: comp.os.minix Mail: jnherder@cs.vu.nl Andy Tanenbaum

PERFORMANCE ISSUES Historical fear: modularity incurs overhead Communication overhead Copying of data Times have changed... New insights reduced performance penalty (only 5 10%) Absolute performance penalty is minimal these days Users gladly sacrifice some performance for reliability

MINIX 3: SOME NUMBERS Performance measurements Time from multiboot monitor to login is under 5 sec. The system can do a full build of itself within 4 sec. Run times for typical applications: 6% overhead File system and disk I/O performance: 9% overhead Networking performance: Ethernet at full speed Code size statistics Kernel is 3800 LOC; rest of the OS is in space Minimal POSIX conformant system is 18,000 LOC

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information