6/6 paper evals

Yod (h13nguye@ieng9.ucsd.edu)
Tue, 6 Jun 2000 02:40:36 -0700 (PDT)

Henry H. Nguyen
Title: Exokernel: An Operating System Architecture for Application-Level
Resource Management

The exokernel system in this paper addresses he issue of providing application-
level management of physical resources for more flexibility and better OS
performance. In this architecture, a minimal kernel called exokernel securely
multiplexes available hardware resources, and enables virtual memory and
interprocess communication to be implemented entirely at application level by
untrusted software.

One of the design goals of exokernel is to separate protection from management.
The system exports hardware resources rather than emulating them, which allows
an efficient and simple implementation. An exokernel employs three techniques
to export resources securely: Using secure bindings between applications and
machine resources, enables applications to participate in a resource revocation
protocol, and allowing exokernel to break secure bindings of uncooperative
application by force.

The paper goes on to compare the architecture and performance between exokernel
operating system and library-based opearating system. The exokernel system
describes in the paper is the Aegis system. Agis uses round robin method to
schedule the time slices of the CPU. And by downloadnign packets filters and by
employing dynamic code generation, secure binding to the network can be
implemented efficiently in Agis. ExOS, a library-based operating system,
were discussed in detailed by the paper about its IPC, virtual memory, and
remote communication.

Title: Extensibility, Safety and Performance in the SPIN Operating System

This paper talks about the motivations of having an extensible operating system,
and SPIN is the system, implemented at UW, to provide this service. SPIN is a
general purpose operating system that provides extensibility, safety and good
performance, in the words of the author.

The architecture of SPIN is mentioned in detail in this paper. SPIN and its
extensions are written in Modula-3, a general purpose programming language
designed in the 90's. The design on SPIN depends on the language's safety and
excapsulation mechanisms; specifically interfaces, type safety, and automatic
storage management. Kernel resource in SPIN is referenced by capabilities. A
capability is a reference to a resource which can be a system object, an
interface, or a collection of interfaces. SPIN implements capabilities
directly using pointers, which are supported by the language. SPIN's naming and
protection interface is also implemented at the level of the language. SPIN
protection domain defines a set of names, or program symbols, that can be
referenced by code with access to the domain. And a domain, named by a capa-
bility, is used to control dynamic linking, and corresponds to one or more safe
object files with one or more exported interfaces.

SPIN's extension model provides a controlled communication facility between
extensions and the base system, while allowing for a variety of interaction
styles. Extensions in SPIN are defined in terms of events and handlers. An
event is a message that announces a change in the sate of the system or a
request for service. An event handler is a procedure that receives the message.
Extension installs a handles on an event by explicitly registering the handler
with the event through a central dispatcher that routes events to handlers.

The core services that were mentioned in the paper include processor and memory
management. SPIN enables straightforward allocation of virtual page through the
virtual address service, physical page through the physical address service, and
mapping between the two through the translation service. Also in SPIN, an
application can provide its own thread package and scheduler that executes
within the kernel. The thread packeage defines the application's execution
model and synchronization constructs. The core services are trusted in SPIN,
which means that they must perform according to their interface specification.

The last thing that was mentioned in the paper is the performance of the system.
Some of the issues that were discussed include thread management, virtual
memory management, protocol, latency, bandwidth, and scalability of the system.