220 likes | 507 Views
Can We Make Operating Systems Reliable and Secure?. Andrew S. Tanenbaum , Jorrit N. Herder, and Herbert Bos Vrije Universiteit , Amsterdam May 2006. Group 36 9962224 胡 品 捷 9962230 江彥勳. Outline. Introduction Armored Operating Systems L4 Microkernel
E N D
Can We Make Operating Systems Reliable and Secure? Andrew S. Tanenbaum, Jorrit N. Herder, and Herbert Bos VrijeUniversiteit, Amsterdam May 2006 Group 36 9962224胡品捷 9962230 江彥勳
Outline • Introduction • Armored Operating Systems • L4Microkernel • Multiserver Operating Systems • Language-Based Protection • Conclusion
Why we need more reliable and secure? • Most computer users are “normal people” • Less problem • More Convenient and Stable
Unreliable 2.5 million lines of code 5 million lines of code • Huge • Poor fault isolation • Example :6-16 bugs / 1,000 lines of executable code2-75bugs / 1,000 lines of executable code 15000 bugs totally 30000 bugs totally
Fault isolation ⇧ • Virus • Worm Kernel
Armored Operating Systems • Nooks – improve the reliability of OSFocus on making device divers less dangerous • Goals: • Protect the kernel against driver failures. • Recover automatically when a driver fails. • Do all of this with as few changes as possible to existing drivers and the kernel.
Isolation • Main tool : virtual memory paging map Page 1 Page 2 Driver Running Page 3 Page 4 Read-only
Paravirtual Machines • Allow two or more OS • Good fault isolation • Problems can’t spread from one machine to another
L4Microkernel • University ofKarlsruhe • Linux -> L4 Linux Linux -> modify -> Paravirtualization
Multiserver Operating Systems • Multiserver architecture • FeaturesSeparate instruction and data spaces
Language-Based Protection • New protectsystem - Singularity • New type safe language – Sing#Based on C# • Proction : Algol compiler’s “dangerous” code • Idea : Microsoft Research
Conclusion • Nooks – each driver individually wrapped in software jacket • Paravirtual machine – moves the drivers to one or more machines distinct from the main one • Multiserver – runs each driver and OS component in a separate process • Singularity – uses a type-safe language