Design of the SPEEDOS Operating System Kernel

Total Page:16

File Type:pdf, Size:1020Kb

Design of the SPEEDOS Operating System Kernel Universität Ulm Fakultät für Informatik Abteilung Rechnerstrukturen Design of the SPEEDOS Operating System Kernel Dissertation zur Erlangung des Doktorgrades Dr. rer. nat. der Fakultät für Informatik der Universität Ulm vorgelegt von Klaus Espenlaub aus Biberach a.d. Riß 2005 Official Copy, serial number df13c6b7-d6ed-e3f4-58b6-8662375a2688 Amtierender Dekan: Prof. Dr. Helmuth Partsch Gutachter: Prof. Dr. J. Leslie Keedy (Universität Ulm) Gutachter: Prof. Dr. Jörg Kaiser (Otto-von-Guericke-Universität, Magdeburg) Gutachter: Prof. John Rosenberg (Deakin University, Geelong, Victoria, Australia) Prüfungstermin: 11.07.2005 iii Abstract (Eine inhaltsgleiche, deutsche Fassung dieser Übersicht ist ab Seite 243 zu finden.) The design of current operating systems and their kernels shows deficiencies in re- spect to the structuring approach and the flexibility of their protection systems. The operating systems and applications suffer under this lack of extensibility and flexib- ility. The protection model implemented in many operating systems is not powerful enough to represent arbitrary protection conditions on a more fine-grained granu- larity than giving read and/or write access to an entire object. Additionally current operating systems are not capable of controlling the flow of information between software units effectively. Confinement conditions cannot be expressed explicitly and thus confinement problems can only be solved indirectly. Further complications with the protection system and especially the software structure in modern operating systems based on the microkernel approach are caused by the use of the out-of-process model. It is extremely difficult to spe- cify access rights appropriately, because the client/server paradigm does not easily allow a relationship to be established between the role of the client and the per- missions of the server. Focusing on client/server structures favours a single, central server implementation. Specifying a software design and communication model for applications at the operating system level impairs their structure. In reaction to this observation, SPEEDOS follows the in-process model. Processes are the abstraction of activity and are orthogonal to the information-hiding objects. This model is part of the design of many object-oriented programming languages and a few operating systems. The method call does not switch processes, it trans- fers execution to another object in a controlled fashion. This model is almost equi- valent to the out-of-process model, but the in-process model provides advantages, because the process identifier correlates to a subject. However this only helps with protection, but does not magically improve the protection system. The two major deficiencies identified and addressed in this thesis are the ver- satility of access right specification and the structuring of the operating system in conjunction with the applications. The SPEEDOS design places the emphasis on balancing the duties and powers of the kernel and the applications, in order to obtain a flexible and extensible overall system. SPEEDOS supports freely programmable protection checks for individual method invocations. These checks are implemented with bracket methods, which intercept other method invocations. The concept was invented in the context of component- oriented programming languages, which are meant to improve the software struc- ture beyond the state of the art in object-oriented programming languages. In the iv operating system context this is a new concept which allows the implementation of protection checks and similar code in user-level code. Bracket methods may e.g. deny access to the target method based on arbitrary rules or may implement access monitoring. In other operating systems it is not possible to implement these cases completely with user-level code. Brackets may also serve as a basis for implementing confinement, by checking the client and target module identity and the information that is passed between the modules. In SPEEDOS there is a further mechanism which allows confinement rules to be enforced. This additional mechanism, which can be expressed through bits in the module capability used to invoke the target module, complements the bracket- based confinement. Both mechanisms have different strengths and weaknesses. Another important aspect of the SPEEDOS design is the delegation of many oper- ating system duties to individual application software modules. The design of the kernel explicitly restricts the duties of the kernel to security-related basic mechan- isms. All policy decisions are made in user-level modules. The delegation of oper- ating system duties to the individual application modules is only sensible for duties which can exploit application knowledge and do not need global knowledge. Cer- tain resource management duties need to be implemented in centralised modules, otherwise the allocation efficiency would suffer. Making decisions as decentralised as possible avoids many structural problems of microkernels, which also attempt to delegate functionality to user-level servers, but results in a completely different and less flexible and extensible operating system and application structure. The kernel implements only policy-neutral mechanisms and delegates all policy decisions to user-level code, in order to minimise the size of the kernel. As an in- tentional side-effect this maximises the flexibility and extensibility of the user-level modules. Effectively the complete operating system characteristics are determined by user-level code. The result is an operating system kernel that implements only a few mechanisms in the form of kernel instructions that enhance the base processor instruction set. Most such kernel instructions deal with aspects related to protec- tion. The SPEEDOS kernel implements the in-process model, which avoids many protection problems, because processes represent users, not services. The ortho- gonal design of modules and processes is the key to a flexible, freely programmable protection system, based on capabilities and bracket methods. In the prototype implementation it is shown that the virtual memory model used to describe the module structure can be mapped efficiently to the current page- based memory architecture implemented by the standard processor architectures available today. It is not necessary to design a custom processor architecture, al- though certain improvements in the virtual memory implementation provided by the processor hardware would be desirable. This observation confirms the experi- ences made by the designers of other single-address-space operating systems. The design description in this thesis reflects the experiences made during the implementation of the prototype. The prototype helped identifying small errors and inconsistencies in the design, however the changes could not be incorporated in the prototype due to time constraints. v Contents 1 Introduction 1 1.1 Motivation . 1 1.2 Aims of SPEEDOS ............................. 3 1.3 Overview of the Thesis . 3 2 Operating System Concepts and Application Issues 5 2.1 What Is an Operating System? . 5 2.1.1 The Operating System as a Resource Manager . 6 2.1.2 The Operating System as a Virtual Machine . 6 2.2 Memory Model . 7 2.2.1 Memory Hierarchy . 8 2.2.2 Non-Virtual Memory Organisation . 9 2.2.3 General Virtual Memory Organisation . 10 2.2.4 Virtual Memory as Extended Computational Memory . 11 2.2.5 Direct Addressability . 12 2.2.6 Segmentation . 13 2.2.7 Paging . 15 2.2.8 Combined Segmentation and Paging . 17 2.3 Process Model . 18 2.3.1 Out-of-Process Model . 19 2.3.2 In-Process Model . 20 2.3.3 Evaluation of the Process Models . 20 2.3.4 Persistent Processes . 21 2.3.5 Address Spaces . 21 2.3.6 Multithreading . 22 2.3.7 Interrupts . 23 2.4 Device Drivers and File Systems . 24 2.4.1 Device Driver Functionality . 24 2.4.2 Device Driver Interface . 25 2.4.3 File System Functionality . 26 2.4.4 File System Interface . 26 2.5 Resource Management . 27 2.5.1 CPU Scheduling . 28 2.5.2 I/O Scheduling . 29 vi Contents 2.5.3 Physical Memory Scheduling . 29 2.5.4 Virtual Memory Scheduling . 30 2.5.5 Energy Management . 30 2.6 Communication . 30 2.6.1 Addressing . 31 2.6.2 Synchronisation . 32 2.6.3 Buffering . 33 2.6.4 Explicitness . 34 2.7 Security Model . 35 2.7.1 Protection . 35 2.7.2 Lampson’s Access Matrix Model . 36 2.7.2.1 Access Control Lists . 37 2.7.2.2 Capability Lists . 38 2.7.3 Access Rule Model . 39 2.7.4 Access Control . 39 2.7.4.1 Discretionary Access Control . 40 2.7.4.2 Mandatory Access Control . 40 2.7.5 Access Rights . 41 2.7.5.1 Direct Access Rights . 41 2.7.5.2 Semantic Access Rights . 41 2.7.5.3 Generic Access Rights . 43 2.7.5.4 Metarights . 43 2.7.6 Implementing a Security Model . 43 2.7.7 Confinement . 44 2.7.8 Covert Channels . 44 2.7.9 Trust . 45 2.7.10 Authentication . 46 2.8 Structuring . 46 2.8.1 Layered Systems . 47 2.8.2 Abstraction . 49 2.8.3 Client-Server System Structure . 49 2.8.4 Module-Based System Structure . 50 2.8.5 Operating System – Kernel Boundary . 50 2.8.6 Graphical User Interfaces . 52 2.8.7 Code Libraries . 53 2.9 Summary . 54 3 Survey of Mechanisms in Existing Operating System Designs 55 3.1 UNIX . 55 3.1.1 History and Structure . 56 3.1.2 Memory and Process Management . 57 3.1.3 Resource Management . 57 3.1.4 File System and Device Drivers . 58 3.1.5 Protection Mechanisms . 58 Contents vii 3.1.6 Authentication . 59 3.1.7 Communication and Synchronisation . 59 3.1.8 Critical Discussion and Summary . 60 3.2 KeyKOS . 62 3.2.1 Structure . 62 3.2.2 Memory and Process Management . 63 3.2.3 Protection Mechanism . 64 3.2.4 Communication . 65 3.2.5 Critical Discussion and Summary .
Recommended publications
  • Operating Systems and Virtualisation Security Knowledge Area (Draft for Comment)
    OPERATING SYSTEMS AND VIRTUALISATION SECURITY KNOWLEDGE AREA (DRAFT FOR COMMENT) AUTHOR: Herbert Bos – Vrije Universiteit Amsterdam EDITOR: Andrew Martin – Oxford University REVIEWERS: Chris Dalton – Hewlett Packard David Lie – University of Toronto Gernot Heiser – University of New South Wales Mathias Payer – École Polytechnique Fédérale de Lausanne © Crown Copyright, The National Cyber Security Centre 2019. Following wide community consultation with both academia and industry, 19 Knowledge Areas (KAs) have been identified to form the scope of the CyBOK (see diagram below). The Scope document provides an overview of these top-level KAs and the sub-topics that should be covered under each and can be found on the project website: https://www.cybok.org/. We are seeking comments within the scope of the individual KA; readers should note that important related subjects such as risk or human factors have their own knowledge areas. It should be noted that a fully-collated CyBOK document which includes issue 1.0 of all 19 Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas. Operating Systems and Virtualisation Security Herbert Bos Vrije Universiteit Amsterdam April 2019 INTRODUCTION In this knowledge area, we introduce the principles, primitives and practices for ensuring security at the operating system and hypervisor levels. We shall see that the challenges related to operating system security have evolved over the past few decades, even if the principles have stayed mostly the same. For instance, when few people had their own computers and most computing was done on multiuser (often mainframe-based) computer systems with limited connectivity, security was mostly focused on isolating users or classes of users from each other1.
    [Show full text]
  • Sprite File System There Are Three Important Aspects of the Sprite ®Le System: the Scale of the System, Location-Transparency, and Distributed State
    Naming, State Management, and User-Level Extensions in the Sprite Distributed File System Copyright 1990 Brent Ballinger Welch CHAPTER 1 Introduction ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ This dissertation concerns network computing environments. Advances in network and microprocessor technology have caused a shift from stand-alone timesharing systems to networks of powerful personal computers. Operating systems designed for stand-alone timesharing hosts do not adapt easily to a distributed environment. Resources like disk storage, printers, and tape drives are not concentrated at a single point. Instead, they are scattered around the network under the control of different hosts. New operating system mechanisms are needed to handle this sort of distribution so that users and application programs need not worry about the distributed nature of the underlying system. This dissertation explores the approach of centering a distributed computing environment around a shared network ®le system. The ®le system is chosen as a starting point because it is a heavily used service in stand-alone systems, and the read/write para- digm of the ®le system is a familiar one that can be applied to many system resources. The ®le system described in this dissertation provides a distributed name space for sys- tem resources, and it provides remote access facilities so all resources are available throughout the network. Resources accessible via the ®le system include disk storage, other types of peripheral devices, and user-implemented service applications. The result- ing system is one where resources are named and accessed via the shared ®le system, and the underlying distribution of the system among a collection of hosts is not important to users.
    [Show full text]
  • CHERI Instruction-Set Architecture
    UCAM-CL-TR-876 Technical Report ISSN 1476-2986 Number 876 Computer Laboratory Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son September 2015 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2015 Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son, SRI International Approved for public release; distribution is unlimited. Sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 (“CTSRD”) and FA8750-11-C-0249 (“MRC2”) as part of the DARPA CRASH and DARPA MRC research programs. The views, opinions, and/or findings contained in this report are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government. Additional support was received from St John’s College Cambridge, the SOAAP Google Focused Research Award, the RCUK’s Horizon Digital Economy Research Hub Grant (EP/G065802/1), the EPSRC REMS Programme Grant (EP/K008528/1), the Isaac Newton Trust, the UK Higher Education Innovation Fund (HEIF), and Thales E-Security. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Abstract This technical report describes CHERI ISAv4, the fourth version of the Capability Hardware Enhanced RISC Instructions (CHERI) Instruction-Set Architecture (ISA)1 being developed by SRI International and the University of Cambridge.
    [Show full text]
  • Verteilte Betriebssystemedistributed Operating Systems
    Verteilte Betriebssysteme – Fallstudien Verteilter Betriebssysteme Verteilte Betriebssysteme 3.1 Motivation Wintersemester 2020/2021 3.1 Motivation I Bevor wir einzelne Aspekte diskutiert, betrachten wir einige reale Betriebssysteme Verteilte Betriebssysteme I Betriebssysteme für verteilte Systeme müssen verschiedene Probleme lösen I Bisher keine einheitliche Problemsicht á unterschiedliche Konzepte und Abstraktionen 3. Kapitel I Sehr heterogen I Noch kaum etablierte best practices oder gar Standards, erst in letzter Zeit Bemühungen im Rahmen Fallstudien Verteilter Betriebssysteme des Cloud-Computing Konzentrieren uns hier auf Abstraktionen Matthias Werner I Professur Betriebssysteme I Unterschiedliche Abstraktionen (Modelle) stellen unterschiedliche Anforderungen an Implementierung WS 2020/21 · Matthias Werner III – 2 von 36 osg.informatik.tu-chemnitz.de Verteilte Betriebssysteme – Fallstudien Verteilter Betriebssysteme Verteilte Betriebssysteme – Fallstudien Verteilter Betriebssysteme 3.2 Mach 3.2 Mach 3.2 Mach – Tore als Stellvertreter Mach-Objekte I Entwickelt 1983–86 von der Carnegie-Mellon-University (CMU) in Pittsburgh I Vorgänger: Accent (1981, CMU) I Ursprüngliches Ziel: Moderne Neuimplementierung von UNIX BSD 4.3 I BS-Kern Mach 3.0 verfügbar für die meisten PC- und Workstation-Prozessoren I Grundlage von OSF/1, dem Unix-Standard der Open System Foundation I Kernel für: I NeXTSTEP / OPENSTEP - Rhapsody I XNU (Basis von Darwin, was wiederum die Basis von MacOS X ist) I MkLinux (Power Macintosh) I GNU Hurd (in Form von GNU Mach)
    [Show full text]
  • A VLSI Architecture for Enhancing Software Reliability Kanad Ghose Iowa State University
    Iowa State University Capstones, Theses and Retrospective Theses and Dissertations Dissertations 1988 A VLSI architecture for enhancing software reliability Kanad Ghose Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/rtd Part of the Computer Sciences Commons Recommended Citation Ghose, Kanad, "A VLSI architecture for enhancing software reliability " (1988). Retrospective Theses and Dissertations. 9345. https://lib.dr.iastate.edu/rtd/9345 This Dissertation is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Retrospective Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. INFORMATION TO USERS The most advanced technology has been used to photo­ graph and reproduce this manuscript from the microfilm master. UMI films the original text directly from the copy submitted. Thus, some dissertation copies are in typewriter face, while others may be from a computer printer. In the unlikely event that the author did not send UMI a complete manuscript and there are missing pages, these will be noted. Also, if unauthorized copyrighted material had to be removed, a note will indicate the deletion. Oversize materials (e.g., maps, drawings, charts) are re­ produced by sectioning the original, beginning at the upper left-hand comer and continuing from left to right in equal sections with small overlaps. Each oversize page is available as one exposure on a standard 35 mm slide or as a 17" x 23" black and white photographic print for an additional charge.
    [Show full text]
  • Introduction to Computer System
    Chapter 1 INTRODUCTION TO COMPUTER SYSTEM 1.0 Objectives 1.1 Introduction –Computer? 1.2 Evolution of Computers 1.3 Classification of Computers 1.4 Applications of Computers 1.5 Advantages and Disadvantages of Computers 1.6 Similarities Difference between computer and Human 1.7 A Computer System 1.8 Components of a Computer System 1.9 Summary 1.10 Check your Progress - Answers 1.11 Questions for Self – Study 1.12 Suggested Readings 1.0 OBJECTIVES After studying this chapter you will be able to: Learn the concept of a system in general and the computer system in specific. Learn and understand how the computers have evolved dramatically within a very short span, from very huge machines of the past, to very compact designs of the present with tremendous advances in technology. Understand the general classifications of computers. Study computer applications. Understand the typical characteristics of computers which are speed, accuracy, efficiency, storage capacity, versatility. Understand limitations of the computer. Discuss the similarities and differences between the human and the computer. Understand the Component of the computer. 1.1 INTRODUCTION- Computer Today, almost all of us in the world make use of computers in one way or the other. It finds applications in various fields of engineering, medicine, commercial, research and others. Not only in these sophisticated areas, but also in our daily lives, computers have become indispensable. They are present everywhere, in all the dev ices that we use daily like cars, games, washing machines, microwaves etc. and in day to day computations like banking, reservations, electronic mails, internet and many more.
    [Show full text]
  • The Strange Birth and Long Life of Unix - IEEE Spectrum Page 1 of 6
    The Strange Birth and Long Life of Unix - IEEE Spectrum Page 1 of 6 COMPUTING / SOFTWARE FEATURE The Strange Birth and Long Life of Unix The classic operating system turns 40, and its progeny abound By WARREN TOOMEY / DECEMBER 2011 They say that when one door closes on you, another opens. People generally offer this bit of wisdom just to lend some solace after a misfortune. But sometimes it's actually true. It certainly was for Ken Thompson and the late Dennis Ritchie, two of the greats of 20th-century information technology, when they created the Unix operating system, now considered one of the most inspiring and influential pieces of software ever written. A door had slammed shut for Thompson and Ritchie in March of 1969, when their employer, the American Telephone & Telegraph Co., withdrew from a collaborative project with the Photo: Alcatel-Lucent Massachusetts Institute of KEY FIGURES: Ken Thompson [seated] types as Dennis Ritchie looks on in 1972, shortly Technology and General Electric after they and their Bell Labs colleagues invented Unix. to create an interactive time- sharing system called Multics, which stood for "Multiplexed Information and Computing Service." Time-sharing, a technique that lets multiple people use a single computer simultaneously, had been invented only a decade earlier. Multics was to combine time-sharing with other technological advances of the era, allowing users to phone a computer from remote terminals and then read e -mail, edit documents, run calculations, and so forth. It was to be a great leap forward from the way computers were mostly being used, with people tediously preparing and submitting batch jobs on punch cards to be run one by one.
    [Show full text]
  • The Strange Birth and Long Life of Unix - IEEE Spectrum
    The Strange Birth and Long Life of Unix - IEEE Spectrum http://spectrum.ieee.org/computing/software/the-strange-birth-and-long-li... COMPUTING / SOFTWARE FEATURE The Strange Birth and Long Life of Unix The classic operating system turns 40, and its progeny abound By WARREN TOOMEY / DECEMBER 2011 They say that when one door closes on you, another opens. People generally offer this bit of wisdom just to lend some solace after a misfortune. But sometimes it's actually true. It certainly was for Ken Thompson and the late Dennis Ritchie, two of the greats of 20th-century information technology, when they created the Unix operating system, now considered one of the most inspiring and influential pieces of software ever written. A door had slammed shut for Thompson and Ritchie in March of 1969, when their employer, the American Telephone & Telegraph Co., withdrew from a collaborative project with the Photo: Alcatel-Lucent Massachusetts Institute of KEY FIGURES: Ken Thompson [seated] types as Dennis Ritchie looks on in 1972, shortly Technology and General Electric after they and their Bell Labs colleagues invented Unix. to create an interactive time-sharing system called Multics, which stood for "Multiplexed Information and Computing Service." Time-sharing, a technique that lets multiple people use a single computer simultaneously, had been invented only a decade earlier. Multics was to combine time-sharing with other technological advances of the era, allowing users to phone a computer from remote terminals and then read e-mail, edit documents, run calculations, and so forth. It was to be a great leap forward from the way computers were mostly being used, with people tediously preparing and submitting batch jobs on punch cards to be run one by one.
    [Show full text]
  • Extensible Distributed Operating System for Reliable Control Systems
    194 Extensible Distributed Operating System for Reliable Control Systems Katsumi Maruyama, Kazuya Kodama, Soichiro Hidaka, Hiromichi Hashizume National Institute of Informatics, 2-1-2 Hitotsubashi, Chiyoda-ku, Tokyo, Japan Email:{maruyama,kazuya,hidaka,has}@nii.ac.jp Abstract small monitor-like OSs are used. However, these monitor- like OSs lack program protection mechanisms, and program Since most control systems software is hardware-related, development is difficult. real-time-oriented and complex, adaptable OSs which help Therefore, an extensible/adaptable OS for control sys- program productivity and maintainability improvement are tems is required . We are developing a new OS character- in strong demand. ized by: We are developing an adaptable and extensible OS based on micro-kernel and multi-server scheme: each server runs • Use of an efficient and flexible micro-kernel (L4-ka). • Multi-server based modular OS. (Each OS service is in a protected mode interacting only via messages, and implemented as individual user-level process.) could be added/extended/deleted easily. Since this OS is • Robustness. Only the micro-kernel runs in kernel highly modularized, inter-process messaging overhead is a mode and in kernel space. Other modules run in a pro- concern. Our implementation proved good efficiency and tected user space and mode. maintainability. • Hardware driver programs in user-level process. • Flexible distributed processing by global message passing. 1. Introduction This OS structure proved to enhance OS modularity and ease of programming. However, inter-process messaging Most systems, from large scale public telephone switch- overhead should be considered . We measured the overhead, ing systems to home electronics, are controlled by software, and the overhead was proved to be small enough.
    [Show full text]
  • Distributed Virtual Machines: a System Architecture for Network Computing
    Distributed Virtual Machines: A System Architecture for Network Computing Emin Gün Sirer, Robert Grimm, Arthur J. Gregory, Nathan Anderson, Brian N. Bershad {egs,rgrimm,artjg,nra,bershad}@cs.washington.edu http://kimera.cs.washington.edu Dept. of Computer Science & Engineering University of Washington Seattle, WA 98195-2350 Abstract Modern virtual machines, such as Java and Inferno, are emerging as network computing platforms. While these virtual machines provide higher-level abstractions and more sophisticated services than their predecessors from twenty years ago, their architecture has essentially remained unchanged. State of the art virtual machines are still monolithic, that is, they are comprised of closely-coupled service components, which are thus replicated over all computers in an organization. This crude replication of services forms one of the weakest points in today’s networked systems, as it creates widely acknowledged and well-publicized problems of security, manageability and performance. We have designed and implemented a new system architecture for network computing based on distributed virtual machines. In our system, virtual machine services that perform rule checking and code transformation are factored out of clients and are located in enterprise- wide network servers. The services operate by intercepting application code and modifying it on the fly to provide additional service functionality. This architecture reduces client resource demands and the size of the trusted computing base, establishes physical isolation between virtual machine services and creates a single point of administration. We demonstrate that such a distributed virtual machine architecture can provide substantially better integrity and manageability than a monolithic architecture, scales well with increasing numbers of clients, and does not entail high overhead.
    [Show full text]
  • ICACC Abstracts Book
    The American Ceramic Society 42nd International Conference & Exposition on Advanced Ceramics and Composites ABSTRACT BOOK January 21–26, 2018 Daytona Beach, Florida Introduction This volume contains abstracts for over 900 presentations during the 42nd International Conference & Exposition on Advanced Ceramics & Composites in Daytona Beach, Florida. The abstracts are reproduced as submitted by authors, a format that provides for longer, more detailed descriptions of papers. The American Ceramic Society accepts no responsibility for the content or quality of the abstract content. Abstracts are arranged by day, then by symposium and session title. An Author Index appears at the back of this book. The Meeting Guide contains locations of sessions with times, titles and authors of papers, but not presentation abstracts. How to Use the Abstract Book Refer to the Table of Contents to determine page numbers on which specific session abstracts begin. At the beginning of each session are headings that list session title, location and session chair. Starting times for presentations and paper numbers precede each paper title. The Author Index lists each author and the page number on which their abstract can be found. Copyright © 2018 The American Ceramic Society (www.ceramics.org). All rights reserved. MEETING REGULATIONS The American Ceramic Society is a nonprofit scientific organization that facilitates whether in print, electronic or other media, including The American Ceramic Society’s the exchange of knowledge meetings and publication of papers for future reference. website. By participating in the conference, you grant The American Ceramic Society The Society owns and retains full right to control its publications and its meetings.
    [Show full text]
  • Squinting at Power Series
    Squinting at Power Series M. Douglas McIlroy AT&T Bell Laboratories Murray Hill, New Jersey 07974 ABSTRACT Data streams are an ideal vehicle for handling power series. Stream implementations can be read off directly from simple recursive equations that de®ne operations such as multiplication, substitution, exponentiation, and reversion of series. The bookkeeping that bedevils these algorithms when they are expressed in traditional languages is completely hidden when they are expressed in stream terms. Communicating processes are the key to the simplicity of the algorithms. Working versions are presented in newsqueak, the language of Pike's ``squint'' system; their effectiveness depends critically on the stream protocol. Series and streams Power series are natural objects for stream processing. Pertinent computations are neatly describable by recursive equations. CSP (communicating sequential process) languages1, 2 are good vehicles for implementation. This paper develops the algorithmic ideas and reduces them to practice in a working CSP language,3 not coincidentally illustrating the utility of concurrent programming notions in untangling the logic of some intricate computations on sequences. This elegant approach to power series computation, ®rst demonstrated but never published by Kahn and MacQueen as an application of their data stream system, is still little known.4 Power series are represented as streams of coef®cients, the exponents being given implicitly by ordinal position. (This is an in®nite analogue of the familiar representation of a polynomial as an array of coef®cients.) Thus the power series for the exponential function ∞ 1 1 1 e x = Σ x n / n! = 1 + x + __ x 2 + __ x 3 + ___ x 4 + .
    [Show full text]