10 Years L4-Based Systems L4/Nizza Secure-System Architecture TU Dresden Operating Hermann Härtig Systems Group et al. mult. 10 Years Your Passwords, Secrets, ... L4-Based Your Passwords, Secrets, ... Systems applet Linux App Firefox jvm X11 source: Linux Understanding Data Lifetime via Hermann Härtig Whole System Simulation et al. Jim Chow, Ben Pfaff, Tal mult. Garfinkel, Kevin Christopher, TU and Mendel Rosenblum, Dresden Operating keyboard Stanford University Systems Usenix Security 04 Group 2 SEVECOM Budapest 2006 10 Years Outline L4-Based Outline Systems L4 etc . the microkernel vision . early experience: MACH etc . what is L4 ? . L4 and legacy: L4Linux and DDE . DROPS: L4 and Real-Time . L4Env: a multi-server environment for L4 apps Hermann . major L4 projects Härtig et al. mult. TU L4/Nizza Secure System Architecture Dresden Operating What's Up Next? Systems Group Conclusion 3 SEVECOM Budapest 2006 Microkernels - 10 Years Microkernels - L4-Based vision and earlier experience Systems vision and earlier experience . monolithic systems – large – complex – hard to add real-time – large trusted computing bases Applications Applications User Applications – new additional Mode components often crash system Privileged File Network Kernel Hermann Systems Stacks Härtig Mode et al. Memory Processe mult. Manage Drivers s ment TU Dresden Monolithic Operating Operating System Systems Group Hardware 4 SEVECOM Budapest 2006 10 Years The Microkernel Vision L4-Based The Microkernel Vision Systems . small operating system kernel – kernel-mode action less error prone – allows strict validation . system services implemented as user-level servers with their own address spaces – flexibility – extensibility – customizable Hermann . more robust systems Härtig et al. – protected individual system components (e.g., drivers) mult. – small trusted computing base TU – allow coexistence of different OS personalities Dresden Operating . Systems reuse legacy OS (slightly modified) Group 5 SEVECOM Budapest 2006 10 Years IBM Workplace OS L4-Based IBM Workplace OS Systems OS/2 OS/400 AIX Windows OS/2 OS/400 AIX Windows Applicati Applicati Applicati Applicati Applicati Applicati Applicati Applicati ons ons ons ons ons ons ons ons OS/2 DOS OS/400 AIX Windows Personality Personality Personality Personality Personality Network Power File Server Security Hermann Service Management Härtig Device et al. Default Pager Bootstrap Name Service mult. Support TU Microkernel Dresden Power Operating ARM MIPS IA32 Alpha Systems PC Group 6 SEVECOM Budapest 2006 Reality in Mid 90ties: 10 Years Reality in Mid 90ties: L4-Based MACH-Based Systems Systems MACH-Based Systems . disappointments – performance – complexity – drivers back in kernel . e.g., IBM is said to have invested and lost over 1 Billion US $ Hermann Härtig et al. mult. TU Dresden Operating Systems Group 7 SEVECOM Budapest 2006 10 Years L4-Based LL44 MMiicrcrookkeerrnneell Systems Jochen Liedtke(ca 96): “A microkernel does no real work, but does it efficiently” . kernel provides only inevitable mechanisms no policies enforced by the kernel what is inevitable? Hermann . Härtig address spaces et al. mult. threads & scheduling TU . inter process communication Dresden Operating Systems Group L4/Fiasco(ca 98): first HLL / Real-Time scheduling 8 SEVECOM Budapest 2006 TUDOS: Emphasis on Real-Time 10 Years TUDOS: Emphasis on Real-Time L4-Based and Security Systems and Security approach . run legacy software on legacy OS Appli- Appli- cation cation Hermann Härtig legacy OS et al. mult. TU Dresden Operating Systems L4/Fiasco Microkernel Group Hardware 9 SEVECOM Budapest 2006 TUDOS: Emphasis on Real-Time 10 Years TUDOS: Emphasis on Real-Time L4-Based and Security Systems and Security approach . run legacy software on legacy OS . run critical applications besides legacy OS Appli- Appli- critical cation cation Hermann Härtig legacy OS et al. mult. TU Resource Management Dresden L4Env & Basic Resource Manager Operating Systems L4/Fiasco Microkernel Group Hardware 10 SEVECOM Budapest 2006 TUDOS: Emphasis on Real-Time 10 Years TUDOS: Emphasis on Real-Time L4-Based and Security Systems and Security approach . run legacy software on legacy OS . run critical applications besides legacy OS Appli- hybrid critical cation Hermann Härtig legacy OS et al. mult. TU Resource Management Dresden L4Env & Basic Resource Manager Operating Systems L4/Fiasco Microkernel Group Hardware 11 SEVECOM Budapest 2006 TUDOS: Emphasis on Real-Time 10 Years TUDOS: Emphasis on Real-Time L4-Based and Security Systems and Security approach . run legacy software on legacy OS . run critical applications besides legacy OS – real-time Appli- Appli- RT Media cation cation Controller Player Hermann Härtig legacy OS ? et al. mult. TU Resource Management Dresden L4Env & Basic Resource Manager Operating Systems L4/Fiasco Microkernel Group Hardware 12 SEVECOM Budapest 2006 TUDOS: Emphasis on Real-Time 10 Years TUDOS: Emphasis on Real-Time L4-Based and Security Systems and Security approach . run legacy software on legacy OS . run critical applications besides legacy OS – real-time – high security Appli- Appli- E-sign VPN cation cation Hermann Härtig legacy OS ? et al. mult. TU Resource Management Dresden L4Env & Basic Resource Manager Operating Systems L4/Fiasco Microkernel Group Hardware 13 SEVECOM Budapest 2006 TUDOS: Emphasis on Real-Time 10 Years TUDOS: Emphasis on Real-Time L4-Based and Security Systems and Security approach . run legacy software on legacy OS . run critical applications besides legacy OS – real-time – high security split application: internet transaction put together sign & pay . split applications shopping cart shopping cart and reuse legacy software for Hermann Härtig uncritical parts legacy OS ? et al. mult. TU Resource Management Dresden L4Env & Basic Resource Manager Operating Systems L4/Fiasco Microkernel Group Hardware 14 SEVECOM Budapest 2006 TUDOS: Emphasis on Real-Time 10 Years TUDOS: Emphasis on Real-Time L4-Based and Security Systems and Security approach . run critical applications ithout legacy OS critical Hermann Härtig et al. mult. TU Resource Management Dresden L4Env & Basic Resource Manager Operating Systems L4/Fiasco Microkernel Group Hardware 15 SEVECOM Budapest 2006 10 Years What you see ... L4-Based What you see ... Systems Appli- Appli- Presenter cation cation L4Linux Server GUI: DOpE Hermann Härtig Windowmanager: Nitpicker et al. mult. DMphys L4IO Names ... TU L4/Fiasco Microkernel Dresden Operating Systems Hardware Group 16 SEVECOM Budapest 2006 10 Years L4 IPC L4-Based L4 IPC Systems address space A address space B send(msg,…) receive(msg, …) Hermann Härtig et al. synchronous (no buffering) mult. diverse payloads TU Dresden Operating Systems Group 17 SEVECOM Budapest 2006 10 Years L4 IPC Payloads L4-Based L4 IPC Payloads Systems . registers only (short IPC), fast . strings (long IPC) . access rights (“mappings”) – memory pages transfer page table entries – IO ports – ... can be revoked (“unmap”) Hermann . faults Härtig et al. mult. interrupts TU Dresden Operating Systems Group 18 SEVECOM Budapest 2006 LLeeggaacycy SSooffttwwaarree ffoorr LL44:: 10 Years 4 L4-Based L Linux and DDE Systems L Linux and DDE objectives . inherit large base of legacy software binary compatible . get it out of the way for more interesting applications . but reuse it also for interesting applications and . reuse drivers Hermann Härtig et al. mult. TU Dresden Operating Systems Group 19 SEVECOM Budapest 2006 10 Years L4-Based LLiinnuuxx KKeerrnneell StStrruuccttuurree Systems User Application Application Application Application Mode Privileged Mode Arch- Depend. System-Call Interface Linux File Systems Networkin Processes Memory Kernel – VFS g – Scheduling Managemen – File System – Sockets – IPC Impl. t Arch- – Protocols – Page allocation Independ. Device Drivers – Address spaces – Swapping Hermann Arch- Hardware Access Härtig Depend. et al. mult. Software Hardwar TU Hardware CPU, Memory, PCI, Devices, … e Dresden Operating Systems Group 20 SEVECOM Budapest 2006 10 Years L4-Based LLiinnuuxx KKeerrnneell StStrruuccttuurree Systems . Kernel entry – System calls – Exceptions (page faults, …) User Application Application Application A. pSpiglincaatl iodnelivery Mode . Copy from/to user address space Arch- System-Call Interface Depend. CPU state, features . Initialization Linux File Systems Networkin . LPowro-lceesvesl emsemoryM emmanoarygement Kernel – VFS g –– SMcMheUd u(plinagge tabMleasn, TaLgBe)men – File System – Sockets . L–o wIPC-level interrupt support Impl. t Arch- – Protocols . Low-level device –s Puapgpeo arltlocation Independ. Device Drivers – Memory-mappe– dA dId/Ore,s sI/ sOp apcoesrts – DMA – Swapping Hermann Arch- Hardware Access Härtig Depend. et al. mult. Privileged Mode L4 TU Dresden Software Operating Hardware Systems Hardware Group CPU, Memory, PCI, Devices, … 21 SEVECOM Budapest 2006 10 Years Linux Systemcalls L4-Based Linux Systemcalls Systems L4Linux Server Arch-Dependent Syscall Dispatcher L4Linux User Process 2 INT 0x80 1 3 Application Arch-Independent L4/Fiasco Kernel Hermann Härtig 4 et al. L Linux server receives exception IPC mult. L4Linux server handles system call TU . L4Linux server sends an exception reply Dresden Operating . L4 kernel receives reply and sets new state of thread Systems Group 22 SEVECOM Budapest 2006 10 Years Address Spaces L4-Based Address Spaces Systems Application Li4nLuxinux K eSrenervler Memory thread_inf Management – Page allocation o – Address spaces – Swapping Architecture- Dependent
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages75 Page
-
File Size-