exokernel: an operating system architecture for application-level resource management"
DESCRIPTION
Exokernel: An Operating System Architecture for Application-Level Resource Management". by Dawson R. Engler, M. Frans Kaashoek, and James O'Toole Jr. Chris Franklin CS533 - Concepts of Operating Systems. Applications. FIXED. Abstractions. Interface. Hardware. The Problem. - PowerPoint PPT PresentationTRANSCRIPT
Exokernel: An Operating System Architecture for Application-Level
Resource Management"
by
Dawson R. Engler, M. Frans Kaashoek, and James O'Toole Jr.
Chris FranklinCS533 - Concepts of Operating Systems
The Problem
Traditional operating systems fix the interface and implementation of OS abstractions.
FIXED
Hardware
Applications
InterfaceAbstractions
The Problem
Performance Flexibility Functionality
FIXED
Hardware
Applications
InterfaceAbstractions
Example
FIXED
Hardware
Apache
InterfaceAbstractions
SQL Server
Traditional OS
Example
Hardware
Exokernel – Application level resource management
SQL Server
Library OS Customized for SQLServer
InterfaceAbstractions
Library OSChosen from available
Apache
InterfaceAbstractions
Exokernel
The Issues
Performance Denies applications the advantages of domain-
specific optimizations Flexibility
Restricts the flexibility of application builders Functionality
Discourages changes to the implementations of existing abstractions
Performance
There is no single way to abstract physical resources or to implement an abstraction that is best for all applications.
OS is forced to make trade-offs Performance improvements of application-
specific policies could be substantial
Flexibility
Fixed high-level abstractions hide information from applications.
Makes it difficult or impossible for applications to implement their own resource management abstractions.
Functionality
Only one available interface between applications and hardware resources.
Because all applications must share one set of abstractions, changes to these abstractions occur rarely, if ever
The Solution
Separate protection from management Allow user level to manage resources
Application libraries implement OS abstractions Exokernel exports resources
Low level interfaceProtects, does not manageExpose hardware
End-to-End Argument
“if something has to be done by the user program itself, it is wasteful to do it in a lower level as well.”
Why should the OS do anything that the user program can do itself?
In other words - all an OS should do is securely allocate resources.
The Exokernel
A thin veneer that multiplexes and exports physical resources securely. Simplicity allows efficiency The lower the level of a primitive, the more
efficiently it can be implemented, and the more latitude it grants to implementers of higher level abstractions.
The Exokernel
Resource management is restricted to allocation, revocation, sharing ownership tracking
Library operating systems
Use the low level exokernel interface Higher level abstractions Special purpose implementations
An application can choose the library which best suits its needs, or even build its own.
Example Exokernel
Another Example
Design Challenge
How can an Exokernel allow libOSes to freely manage physical resources while protecting them from each other?
Design Challenge
How can an Exokernel allow libOSes to freely manage physical resources while protecting them from each other? Track ownership of resources Guard all resource usage Revoke access to resources
Track ownership of resources
Secure bindings – libOS can securely bind to machine resources
Secure Bindings
Exokernel allows libOSes to bind resources using secure bindings Multiplex resources securely Protection for mutually distrusted apps Efficient
Secure Bindings
Secure Binding – a protection mechanism that decouples authorization from actual use of a resource Allows the kernel to protect resources without
having to understand them
Guard all resource usage
Invisible resource revocation-Efficient – application layer not involved -Traditional OS
Visible resource revocation-Allows libOS to guide deallocation and track availability of resources.-Exokernel
Revoke access to resources
Abort protocol – Allows exokernel to break secure bindings of an uncooperative libOS by force
Conclusion
An Exokernel securely multiplexes available hardware raw hardware among applications
Application level library operating systems implement higher-level traditional OS abstractions
LibOSes can specialize an implementation to suit a particular application
Conclusion
The lower the level of a primitive……the more efficiently it can be implemented
… the more latitude it gives to higher level abstractions
So, separate management from protection and……implement protection at a low level (exokernel)
… implement management at a higher level (libOS)
References
http://pdos.csail.mit.edu/exo.html
http://c2.com/cgi/wiki?ExoKernel
Modern Operating Systems – Andrew Tanenbaum
http://computing.breinestorm.net/aegis+exception+ultrix+resource+exceptions/
http://128.138.224.40/csci5573-f03/lecture_notes/exokernel03_files/frame.htm
http://pdos.csail.mit.edu/exo/exo-slides/
http://www.cs.ucf.edu/courses/cop5611/spring05/item/exokernel.pdf
Some Features
It is possible to have different libOSes, for example, one could export a Unix API and another a Windows API
Exokernel vs. Microkernel
A micro-kernel provides abstractions to the hardware such as files, sockets, graphics etc.
An exokernel provides almost raw access to the hardware.