Pavana Yalamanchili (pavanay@hotmail.com)
Mon, 05 Jun 2000 23:28:22 PDT

Exokernel: An Operating System Architecture For Application-Level Resource

The goal of this paper is to focus on the exokernel architecture design and
its secure and efficient implementation. The exokernel operating system
architecture provides application-level management of physical resources.
Motivation for exokernels is the traditional operating systems which
significantly limit the performance and implementation freedom of
applications, they hide information about machine resources behind
high-level abstractions such as processes, files, address spaces and
interprocess communication and these abstractions define a virtual machine
on which applications execute, their implementation cannot be replaced or
modified by untrusted applications. Hard coding the implementations of these
abstractions is inappropriate for three reasons: it denies applications the
advantages of domain-specific optimizations, it discourages changes to the
implementations of existing abstractions, and it restricts the flexibility
of application builders. The authors believe that these problems could be
solved through application-level resource management. Hence a new operating
system architecture, exokernel was designed, in which traditional operating
system abstractions such as virtual memory and interprocess communication
are implemented entirely at application-level by untrusted software. In this
architecture, a minimal kernel called exokernel, securely multiplexes
available hardware resources. Library operating systems use this interface
to implement system objects and policies. Application writers select
libraries or implement their own. Simply relinking application executables
incorporates new implementations of library operating systems.
The exokernel architecture is founded on and motivated by a single, simple,
and old observation: the lower the level of a primitive, the more
efficiently it can be implemented, and the more latitude it grants to
implementers of higher-level abstractions.
To provide an interface that is as low-level as possible, a single goal of
the exokernel designer is to separate protection from management. It exports
hardware resources rather than emulating them, which allows an efficient and
simple implementation. The three techniques employed by exokernel to export
resources securely are by secure binding, visible resource revocation and by
using an abort protocol.
The rest of the paper discusses the issues that arise in their design,
explains the authors’ experimental methodology, presents the implementation
and summarizes the performance measurements of Aegis and ExOS, and finally
reports experiments that demonstrate the flexibility of the exokernel
architecture, summarizes related work and concludes.
Based on the results of their experiments, the authors conclude that the
exokernel architecture is a viable structure for high-performance,
extensible operating system. The exokernel design addresses how to provide
secure multiplexing of physical resources in such a system, and moves the
kernel interface to a lower level of abstraction and Aegis and ExOS
demonstrate that low-level secure multiplexing and library operating systems
can offer excellent performance. Because the exokernel low-level primitives
are simple compared to traditional kernel interfaces, they can be made very
fast and therefore it has less use for kernel extensions.

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com