Extensible Distributed Operating System for Reliable Control Systems

Total Page:16

File Type:pdf, Size:1020Kb

Extensible Distributed Operating System for Reliable Control Systems 194 Extensible Distributed Operating System for Reliable Control Systems Katsumi Maruyama, Kazuya Kodama, Soichiro Hidaka, Hiromichi Hashizume National Institute of Informatics, 2-1-2 Hitotsubashi, Chiyoda-ku, Tokyo, Japan Email:{maruyama,kazuya,hidaka,has}@nii.ac.jp Abstract small monitor-like OSs are used. However, these monitor- like OSs lack program protection mechanisms, and program Since most control systems software is hardware-related, development is difficult. real-time-oriented and complex, adaptable OSs which help Therefore, an extensible/adaptable OS for control sys- program productivity and maintainability improvement are tems is required . We are developing a new OS character- in strong demand. ized by: We are developing an adaptable and extensible OS based on micro-kernel and multi-server scheme: each server runs • Use of an efficient and flexible micro-kernel (L4-ka). • Multi-server based modular OS. (Each OS service is in a protected mode interacting only via messages, and implemented as individual user-level process.) could be added/extended/deleted easily. Since this OS is • Robustness. Only the micro-kernel runs in kernel highly modularized, inter-process messaging overhead is a mode and in kernel space. Other modules run in a pro- concern. Our implementation proved good efficiency and tected user space and mode. maintainability. • Hardware driver programs in user-level process. • Flexible distributed processing by global message passing. 1. Introduction This OS structure proved to enhance OS modularity and ease of programming. However, inter-process messaging Most systems, from large scale public telephone switch- overhead should be considered . We measured the overhead, ing systems to home electronics, are controlled by software, and the overhead was proved to be small enough. and improvement of control program development produc- tivity is necessary . To facilitate the program development , suitable OSs are 2. Structure of this OS required . The followings are required to OSs for control systems. 2.1. The outline of this OS • Required features largely depend on target fields. Ex- Fig. 1 shows the structure of this OS. Thick square boxes tensible and adaptable OS is required . represent independent logical spaces. • Control systems, such as telephone switching systems, Micro kernel manages logical spaces (processes), multi require very severe multi and realtime processing ca- threads, message passing (IPC) and interrupts. Only the mi- pabilities. Very efficient multi-threading must be sup- cro kernel is executed in the kernel mode. ported. OS services, such as process management, file service, • Hardware controls are essential. network service, are implemented by user-level processes, In most OSs, driver programs run in kernel mode, and not by the kernel. They have their own logical space and are their program development is very difficult. executed in user mode. Even hardware drivers are located in • Control programs should be maintained for a very long user-level processes. Processes interact only via messages. time, adding new functions. Maintainability is of great importance . 2.2. L4 Micro kernel General purpose OSs are not sufficient for these require- We adopted L4-ka micro kernel [2] implemented at Uni- ments. Therefore, in large and severe systems, specially versity of Karlsruhe, because it is very efficient and flexible. designed OSs are used. In economical embedded systems, L4-ka is characterized by: 195 User-Space, User-Mode APL APL Drive Request Message Driver Library Library Thread Driver task in user mode Shell IRQ_THREAD IRQ_handler( ) Process File NW DP Manager Server Server Server Device Pager User-Space, User-Mode registers in I/O space. IRQ_Message L4 micro-kernel Kernel-Space, Kernel-Mode Figure 1. Multi server OS. Device L4 micro-kernel Interrupt 1. Efficient thread facilities. Figure 2. Driver program. 2. Efficient and flexible message passing facilities: mes- sages are sent synchronously to the destined threads by either value copy, buffer copy or page mapping. data transfers. 3. Flexible memory management. Prof. Liedtke et al. reported [1] a simple L4 message (inter address space, round trip) costs about 500 machine 2.3. Logical space and pager cycles, whereas the shortest Linux system call getpid() costs about 220 machine cycles, and that overall overhead Pager is a user-level process to assign page frames when will be several percent in comparison with monolithic OSs. pagefault occurs . By rewriting the pager, a user can provide To evaluate the block data transfer overhead, we mea- his own mapping algorithm. When a pagefault occurs , the sured it in the case of file service. In monolithic OSs, file kernel sends pagefault message to the pager. Pager assigns subsystem is included in the OS kernel; it accesses APL appropriate page frame, and reply message lets the kernel space directly and transfers data from/to APL by an efficient map new pages. string copy operation. In our OS, the file server is a user-level process, and it 2.4. Service servers cannot access APL space directly. Data must be transferred using IPC, which may result in performance degradation. Process manager manages allocation/freeing of logical We measured the overhead and proved it small enough. space and processes. File server and Network server are implemented by rewriting those of Minix-OS [5] . 3.1. Buffer cache in file server 2.5. Driver program File server adopts buffer caches to improve file access Fig. 2 shows the driver program structure. Each device speed (Fig. 3). Data blocks in HDD are identified by device driver has a driver thread which waits for request mes- number and block number. Recently accessed data blocks sages, and an IRQ thread which waits for interrupt mes- are cached in buffer caches, size of which is 1KB each. sages. Drivers are executed in user mode. This helps facili- Buffer caches are located using hash table whose keys are tating their development. When the L4 kernel notices hard- device and block numbers. Data is transferred between an ware interrupt, it sends an interrupt message to the driver, APL buffer and one or more buffer cache entries in FS. and driver action is activated. In our implementation, HDD driver and ETH driver are 3.2. IPC in L4 micro kernel included in File server and INET server, respectively. They can be separate processes, because drivers interact only by To transfer large volume data between processes, L4 pro- messages. vides an efficient buffer copy mechanism using temporal page mapping, and the following schemes can be used. 3. IPC overhead and file server 1. Straight transfer In this OS structure, IPC efficiency determines the sys- Fig. 4 shows the program to transfer data block “a1” tem efficiency. IPC overhead lies in system calls and block of process-A to buffer “b1” of process-B. The sender 196 Send-side Recv-side File Server sendDesc recvDesc 3 1 Hash Data to be sent Table Receive buffer Buffer caches s1 r1 a1 size=s1 b1 s2 a2 size=r1 s3 size=s2 a3 Buffer Cache Buffer Header size=s3 ipc_send(dest, &sendDesc ,,,); ipc_receive(src, &recvDesc ,,,); HDD Driver HDD is accessed only when Figure 5. Scatter/gather buffer transfer. target blocks are not found HDD in buffer caches. Figure 3. UNIX file subprogram. Application program buf n = read(fd, buf, sz); Send-side Recv-side sendDesc recvDesc (1) Prepare gather message 1 1 reception. ipc_receive(....);. Data to be sent Receive buffer s1 r1 (4) Data gather copy Single IPC a1 b1 size=s1 size=r1 (5) Complete Gather ipc_send(dest, &sendDesc ,,,); ipc_receive(src, &recvDesc ,,,); (2) Request message Figure 4. Straight buffer transfer. Buffer caches File Server (Block size = 1 KB) prepares the send descriptor “sendDesc” and invokes ipc_send(). The receiver prepares the receive de- scriptor “recvDesc” and invokes ipc_receive(). Figure 6. File read using scatter/gather trans- fer. 2. Scatter/gather transfer Sender and receiver can specify multiple buffers to 3.4. Evaluation send/receive data. Data is transferred in one IPC, au- tomatically scattering and gathering data according to To evaluate the file-read IPC overhead, the following test the send/recv descriptors. In Fig. 5, data blocks “a1”, program is used: “a2” and “a3” of process-A are transfered to the buffer “b1” of process-B. for (i = 0; i < 100000; i++) { lseek(fd, 0, 0); read(fd, buf, size); 3.3. File server and data transfer } This measures the time to transfer data from file server Let’s assume that APL is requesting to read block data of buffer caches to APL space (CPU=800MHz Pentium-3, L2 2.5KB. As each buffer cache is 1KB in size, requested data cache size= 512KB). At the first access, all data are copied is cached in 3 buffer caches. Therefore 3 IPCs are required on buffer caches from HDD, so that HDD access time are in a straight transfer. amortized. In the scatter/gather transfer, data in multiple buffer Fig. 7 shows the results. The same program is tested on caches can be transferred in one IPC. Fig. 6 shows this Minix-OS (Version 2.0) and Linux (Kernel version 2.2.12), scheme. and results are shown as Minix(3) and Linux(5), respectively. 197 14 (A) NFS: Network File System (1)Straight Application Program (3)Minix 12 (4)Memcpy (2)Scatter/gather Client File System (5)Linux NFS Server 10 (Stateless) Hash Table Message 8 HDD 6 Buffer caches 4 Time (sec/100000-cycles) File Server 2 Application Hash Program 0 Table 0 5 10 15 20 25 30 Data size (KB) Message Buffer caches Library Figure 7. Inter-process communication over- cache HDD head. (B) This System Figure 8. Distributed File Server. In Minix, file server delegates copy to system task who has direct access to resident physical address space of APLs and Modularity and Extensibility New functions, which re- servers, so no IPC is used for data transfer per se.
Recommended publications
  • Microkernel Construction Introduction
    Microkernel Construction Introduction Nils Asmussen 04/06/2017 1 / 28 Outline Introduction Goals Administration Monolithic vs. Microkernel Overview About L4/NOVA 2 / 28 Goals 1 Provide deeper understanding of OS mechanisms 2 Look at the implementation details of microkernels 3 Make you become enthusiastic microkernel hackers 4 Propaganda for OS research at TU Dresden 3 / 28 Administration Thursday, 4th DS, 2 SWS Slides: www.tudos.org ! Teaching ! Microkernel Construction Subscribe to our mailing list: www.tudos.org/mailman/listinfo/mkc2017 In winter term: Microkernel-based operating systems (MOS) Various labs 4 / 28 Outline Introduction Monolithic vs. Microkernel Kernel design comparison Examples for microkernel-based systems Vision vs. Reality Challenges Overview About L4/NOVA 5 / 28 Monolithic Kernel System Design u s Application Application Application e r k Kernel e r File Network n e Systems Stacks l m Memory Process o Drivers Management Management d e Hardware 6 / 28 Monolithic Kernel OS (Propaganda) System components run in privileged mode No protection between system components Faulty driver can crash the whole system Malicious app could exploit bug in faulty driver More than 2=3 of today's OS code are drivers No need for good system design Direct access to data structures Undocumented and frequently changing interfaces Big and inflexible Difficult to replace system components Difficult to understand and maintain Why something different? ! Increasingly difficult to manage growing OS complexity 7 / 28 Microkernel System Design Application
    [Show full text]
  • L4 – Virtualization and Beyond
    L4 – Virtualization and Beyond Hermann Härtig!," Michael Roitzsch! Adam Lackorzynski" Björn Döbel" Alexander Böttcher! #!Department of Computer Science# "GWT-TUD GmbH # Technische Universität Dresden# 01187 Dresden, Germany # 01062 Dresden, Germany {haertig,mroi,adam,doebel,boettcher}@os.inf.tu-dresden.de Abstract Mac OS X environment, using full hardware After being introduced by IBM in the 1960s, acceleration by the GPU. Virtual machines are virtualization has experienced a renaissance in used to test potentially malicious software recent years. It has become a major industry trend without risking the host environment and they in the server context and is also popular on help developers in debugging crashes with back- consumer desktops. In addition to the well-known in-time execution. benefits of server consolidation and legacy In the server world, virtual machines are used to preservation, virtualization is now considered in consolidate multiple services previously located embedded systems. In this paper, we want to look on dedicated machines. Running them within beyond the term to evaluate advantages and virtual machines on one physical server eases downsides of various virtualization approaches. management and helps saving power by We show how virtualization can be increasing utilization. In server farms, migration complemented or even superseded by modern of virtual machines between servers is used to operating system paradigms. Using L4 as the balance load with the potential of shutting down basis for virtualization and as an advanced completely unloaded servers or adding more to microkernel provides a best-of-both-worlds increase capacity. Lastly, virtual machines also combination. Microkernels can contribute proven isolate different customers who can purchase real-time capabilities and small trusted computing virtual shares of a physical server in a data center.
    [Show full text]
  • L4 Microkernel
    L4 Microkernel See final slide for sources Presented by Michael LeMay L4 Advantages ● Recursive construction of memory spaces – Allows construction of memory managers in userspace that just use memory mapping – Kernel provides map, grant, and flush ● Blazing fast IPC – Passes short messages in registers – Avoids copying large messages and thus avoids TLB flushes and cache misses – Lazy scheduling of thread queues improves small message IPC around 25% L4 Performance OS Microseconds Instructions Mach 115 1150 L4 5 50 Exokernel 1.4 30 SPIN 102 1100 (Exokernel runs on MIPS R2000, which operates more efficiently than the x86 for L4, and has a tagged TLB. It also does not provide a portable API.) L4 Conceptual Contributions ● The author of the L4 paper, Jochen Liedtke, showed that microkernels do not inherently: – Exhibit slow IPC – Impose significant processor overhead ● Instead, he showed that particular implementations are to blame: – Mach was causing lots of cache misses because it's fat, making it look like microkernels have high overhead Microkernel Non-portability ● Liedtke argues that microkernels should be non- portable, but present a uniform API: – Abstract microkernels require additional hardware abstraction layer – Can't take advantage of specific performance-enhancing hardware features – Can't protect against peculiar hardware performance pitfalls L4 Subprojects http://www.dakotacountyswcd.org/treetype.htm ● L3 – Predecessor to L4 ● FIASCO – C++ implementation of L4, poor performer in comparison to “Pip” series ● L4Ka – Most active
    [Show full text]
  • The L4 Ecosystem
    Faculty of Computer Science, Operating Systems Group The L4 ecosystem Berlin, Dec 2004 System Issues ● Convential systems are ● Complex ● Linux kernel at least 500,000 LoC ● Prone to errors ● Drivers ● All system components run in privileged mode ● Inflexible ● Global policies ● Large Trusted Computing Base (TCB) 27.12.04 Adam Lackorzynski, Michael Peter Folie 2 Insights Observation: Most kernel functionality does not need CPU privileges, like: – Filesystems – Driver functionality – User management 27.12.04 Adam Lackorzynski, Michael Peter Folie 3 What is really needed Jochen Liedtke: “A microkernel does no real work” Kernel provides only inevitable mechanisms No policies enforced by the kernel What is inevitable? Abstractions Mechanisms . Threads . Communication . Scheduling . Address Spaces . Safe construction This should be sufficient for everything 27.12.04 Adam Lackorzynski, Michael Peter Folie 4 The Marred Perception of Microkernels • Supposed to be slow – Not true any more • No obvious benefit – Infamous dispute Torvalds vs. Tannenbaum – How much worth is manageability of complexity? • GNU Hurd – Late – Slow – Constantly lagging behind other OS in functionality 27.12.04 Adam Lackorzynski, Michael Peter Folie 5 The Case for Microkernels • Complexity needs to be handled – Structure beyond monolithic kernels are needed – Several candidates • Virtualisation • Paravirtualisation • Microkernel • Implementation of some functionality is even simplified – Real time • DROPS • RTLinux – Security • Substantially smaller trusted computing
    [Show full text]
  • Rust and IPC on L4re”
    Rust and Inter-Process Communication (IPC) on L4Re Implementing a Safe and Efficient IPC Abstraction Name Sebastian Humenda Supervisor Dr. Carsten Weinhold Supervising Professor Prof. Dr. rer. nat. Hermann Härtig Published at Technische Universität Dresden, Germany Date 11th of May 2019 Contents 1 Introduction 5 2 Fundamentals 8 2.1 L4Re . 8 2.2 Rust....................................... 11 2.2.1 Language Basics . 11 2.2.2 Ecosystem and Build Tools . 14 2.2.3 Macros . 15 3 Related Work 17 3.1 Rust RPC Libraries . 17 3.2 Rust on Other Microkernels . 18 3.3 L4Re IPC in Other Languages . 20 3.4 Discussion . 21 3.4.1 Remote Procedure Call Libraries . 21 3.4.2 IDL-based interface definition . 22 3.4.3 L4Re IPC Interfaces In Other Programming Languages . 23 4 L4Re and Rust Infrastructure Adaptation 24 4.1 Build System Adaptation . 25 4.1.1 Libraries . 26 4.1.2 Applications . 27 4.2 L4rust Libraries . 29 4.2.1 L4 Library Split . 29 4.2.2 Inlining vs. Reimplementing . 30 4.3 Rust Abstractions . 31 4.3.1 Error Handling . 31 4.3.2 Capabilities . 32 5 IPC Framework Implementation 35 5.1 A Brief Overview of the C++ Framework . 36 5.2 Rust Interface Definition . 37 5.2.1 Channel-based Communication . 37 5.2.2 Macro-based Interface Definition . 39 5.3 Data Serialisation . 43 2 5.4 Server Loop . 46 5.4.1 Vector-based Service Registration . 46 5.4.2 Pointer-based Service Registration . 48 5.5 Interface Export . 52 5.6 Implementation Tests .
    [Show full text]
  • KOS - Principles, Design, and Implementation
    KOS - Principles, Design, and Implementation Martin Karsten, University of Waterloo Work In Progress - September 29, 2015 Abstract KOS is an experimental operating system kernel that is designed to be simple and accessible to serve as a platform for research, experimen- tation, and teaching. The overall focus of this project is on system-level infrastructure software, in particular runtime systems. 1 Introduction KOS (pronounce "Chaos") is an experimental operating system kernel that is designed to be simple and accessible to serve as a platform for research, ex- perimentation, and teaching. It is focused on building a nucleus kernel that provides the basic set of operating system functionality, primarily for resource mediation, that must realistically be implemented for execution in privileged mode. While being simple KOS is not simplistic and avoids taking design shortcuts that would prohibit adding more sophisticated resource management strategies later on { inside the kernel or at higher software layers. The nu- cleus kernel is augmented with several prototype subsystems typically found in an operating system to eventually support running realistic applications. The entire code base is written in C++, except for small assembler parts. The C++ code makes use of advanced language features, such as code reuse with efficient strong type safety using templates, the C++ library for data struc- ture reuse, as well as (limited) polymorphism. Existing open-source software is reused for non-nucleus subsystems as much as possible. The project is hosted at https://git.uwaterloo.ca/mkarsten/KOS 2 Motivation In principle, an operating system has two basic functions. First, it consolidates low-level hardware interfaces and provides higher-level software abstractions to facilitate and alleviate application programming.
    [Show full text]
  • Flexible Task Management for Self-Adaptation of Mixed-Criticality Systems with an Automotive Example
    Fakultat¨ fur¨ Informatik Fachgebiet Vernetzte Rechensysteme Technische Universitat¨ Munchen¨ Flexible Task Management for Self-Adaptation of Mixed-Criticality Systems with an Automotive Example Daniel Andreas Krefft Vollst¨andigerAbdruck der von der Fakult¨atf¨urInformatik der Technischen Universit¨at M¨unchen zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr.rer.nat.) genehmigten Dissertation. Vorsitzende: Prof. Dr. Claudia Eckert Pr¨ufendeder Dissertation: Prof. Dr. Uwe Baumgarten Prof. Dr.-Ing. Andreas Herkersdorf Die Dissertation wurde am 22.08.2018 bei der Technischen Universit¨atM¨unchen eingereicht und durch die Fakult¨atf¨urInformatik am 11.12.2018 angenommen. Abstract With regard to future connected cars, there are two trends leading to consolidated hard- ware devices as well as an increasing software complexity within a car. In consequence, a rising number of software needs to use the provided resources of a few high-performance hardware devices. For an efficient resource usage, a flexible software management sup- porting the (self-)adaptation of a software system is getting more and more important - even within a car. This flexible software management therefore needs to consider the criticality and real-time properties of an application within this context. Corresponding to the hardware consolidation, the management approach should be combined with the actual application on one hardware device. With a recent advance of multi-core embed- ded systems, there exists a potential hardware platform which is able to support this combination in an embedded context. Especially, the usage of a flexible management supporting the self-adaptation of a mixed-criticality software system on an embedded hardware device during run-time is of interest.
    [Show full text]
  • Improvement of the Virtualization Support in the Fiasco.OC Microkernel
    Technische Universität Berlin Master’s Thesis Chair for Security in Telecommunications (SecT) School IV — Electrical Engineering and Computer Science Technische Universität Berlin Improving Virtualization Support in the Fiasco.OC Microkernel Author: Julius Werner (#310341) Major: Computer Science (Informatik) Email: [email protected] Primary Advisor: Prof. Dr. Jean-Pierre Seifert Secondary Advisor: Prof. Dr. Hans-Ulrich Heiß Tutor: Dipl.-Inf. Matthias Lange April – August 2012 Abstract This thesis aims to improve the memory virtualization efficiency of the Fiasco.OC mi- crokernel on processors with the Intel VMX hardware-assisted virtualization architecture, which is plagued by severe performance degradation. After discussing possible approaches, this goal is accomplished by implementing support for Intel’s nested paging mechanism (EPT). Fiasco.OC’s memory management system is enhanced to allow a new kind of task whose address space is stored in the EPT page attribute format while staying compati- ble with the existing shared memory mapping interface through dynamic page attribute translation. This enhancement is complemented with support for tagged TLB entries (VPIDs), independently providing another minor performance increase. The kernel’s external virtualization API and the experimental userland VMM Karma are adapted to support these changes. The final implementation is evaluated and analyzed in the context of several benchmarks, achieving near-native performance on real-world workloads while only constituting a minor increase in complexity for the microkernel. Zusammenfassung Diese Arbeit zielt darauf ab die Speichervirtualisierungseffizienz des Fiasco.OC Mikro- kerns auf Prozessoren mit der hardwareunterstützten Virtualisierungsarchitektur Intel VMX zu verbessern, welche von schweren Performanzverlusten geplagt wird. Nach der Diskussion möglicher Lösungsansätze wird dieses Ziel mit der Unterstützung von Intels Mechanismus für verschachtelte Seitentabellen (EPT) umgesetzt.
    [Show full text]
  • Evolving Mach 3.0 to a Migrating Thread Model
    Evolving Mach to a Migrating Thread Mo del Bryan Ford Jay Lepreau University of Utah Abstract Wehave mo died Mach to treat crossdomain remote pro cedure call RPC as a single entity instead of a sequence of message passing op erations With RPC thus elevated we improved the transfer of control during RPC bychanging the thread mo del Like most op erating systems Mach views threads as statically asso ciated with a single task with two threads involved in an RPC An alternate mo del is that of migrating threads in which during RPC a single thread abstraction moves b etween tasks with the logical owofcontrol and server co de is passively executed Wehave compatibly replaced Machs static threads with migrating threads in an attempt to isolate this asp ect of op erating system design and implementation The key elementof our design is a decoupling of the thread abstraction into the execution context and the schedulable thread of control consisting of a chain of contexts A key element of our implementation is that threads are now based in the kernel and temp orarily make excursions into tasks via up calls The new system provides more precisely dened semantics for thread manipulation and additional control op erations allows scheduling and accounting attributes to follow threads simplies kernel co de and improves RPC p erformance Wehave retained the old thread and IPC interfaces for backwards compatibility with no changes required to existing client programs and only a minimal change to servers as demonstrated by a functional Unix single server
    [Show full text]
  • Polymorphic Operating Systems
    Vrije Universiteit Amsterdam Masters Thesis Polymorphic Operating Systems Candidate: Supervisor: Second Reader: Anton Kuijsten Prof. Andrew S. Tanenbaum Cristiano Giuffrida August 2012 Abstract In recent years, kernel-level exploitation has gained popularity. Existing countermea- sures do not offer a comprehensive defense against kernel memory error exploits. In this paper, we introduce a novel design of system-level address space layout random- ization (ASLR), that provides a comprehensive countermeasure against memory error exploits. While many ASLR implementations offer protection for the application layer, our design protects the operating system itself. We present a fine-grained randomization that covers all regions in the address space. Central to our design is the periodic live rerandomization of a running operating system, which counters brute force attacks. This rerandomization mechanism is fault-resilient, so it does not decrease system reliability. Results from SPEC and syscall-intensive benchmarks show a performance overhead less than 5% and a memory footprint overhead around 15%. This indicates that our design does not compromise performance, while providing effective and reliable protection for the operating system. i Contents Abstract i 1 Introduction1 1.1 Kernel-level Exploitation............................1 1.2 Address Space Layout Randomization....................1 1.3 Goals......................................2 1.3.1 System-level ASLR...........................2 1.3.2 Fine-Grained ASLR..........................2 1.3.3
    [Show full text]
  • Microkernels: Mach and L4
    Microkernels: Mach and L4 Presented by Jason Wu With content borrowed from Dan Williams (2009) and Hakim Weatherspoon (2008) Outline • Introduction to Kernels • 1st Generation Microkernels – Mach • 2nd Generation Microkernels – L4 • Conclusions Introduction to Kernels • Different Types of Kernel Designs – Monolithic kernel – Microkernel – Hybrid Kernel – Exokernel – Virtual Machines? Monolithic Kernels • All OS services operate in kernel space • Good performance • Disadvantages – Dependencies between system component – Complex & huge (millions(!) of lines of code) – Larger size makes it hard to maintain • E.g. Multics, Unix, BSD, Linux Microkernels • Minimalist approach – IPC, virtual memory, thread scheduling • Put the rest into user space – Device drivers, networking, file system, user interface • More stable with less services in kernel space • Disadvantages – Lots of system calls and context switches • E.g. Mach, L4, AmigaOS, Minix, K42 Monolithic Kernels VS Microkernels Hybrid Kernels • Combine the best of both worlds – Speed and simple design of a monolithic kernel – Modularity and stability of a microkernel • Still similar to a monolithic kernel – Disadvantages still apply here • E.g. Windows NT, NetWare, BeOS Exokernels • Follows end-to-end principle – Extremely minimal – Fewest hardware abstractions as possible – Just allocates physical resources to apps • Disadvantages – More work for application developers • E.g. Nemesis, ExOS • Next Thursday! The Microkernel Debate • How big should it be? • Big debate during the 1980’s Summary:
    [Show full text]
  • A Secure Computing Platform for Building Automation Using Microkernel-Based Operating Systems Xiaolong Wang University of South Florida, [email protected]
    University of South Florida Scholar Commons Graduate Theses and Dissertations Graduate School November 2018 A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems Xiaolong Wang University of South Florida, [email protected] Follow this and additional works at: https://scholarcommons.usf.edu/etd Part of the Computer Sciences Commons Scholar Commons Citation Wang, Xiaolong, "A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems" (2018). Graduate Theses and Dissertations. https://scholarcommons.usf.edu/etd/7589 This Dissertation is brought to you for free and open access by the Graduate School at Scholar Commons. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Scholar Commons. For more information, please contact [email protected]. A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems by Xiaolong Wang A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science and Engineering Department of Computer Science and Engineering College of Engineering University of South Florida Major Professor: Xinming Ou, Ph.D. Jarred Ligatti, Ph.D. Srinivas Katkoori, Ph.D. Nasir Ghani, Ph.D. Siva Raj Rajagopalan, Ph.D. Date of Approval: October 26, 2018 Keywords: System Security, Embedded System, Internet of Things, Cyber-Physical Systems Copyright © 2018, Xiaolong Wang DEDICATION In loving memory of my father, to my beloved, Blanka, and my family. Thank you for your love and support. ACKNOWLEDGMENTS First and foremost, I would like to thank my advisor, Dr. Xinming Ou for his guidance, encouragement, and unreserved support throughout my PhD journey.
    [Show full text]