Design of the SPEEDOS operating system kernel
FacultiesFakultät für Informatik
LicenseStandard (Fassung vom 03.05.2003)
The two major deficiencies identified and addressed in this thesis are the versatility of access right specification and the structuring of the operating system in conjunction with the applications. The SPEEDOS design places the emphasis on balancing the duties and powers of the kernel and the applications in order to obtain a flexible and extensible overall system. SPEEDOS supports freely user-programmable protection checks for individual method invocations. These checks are implemented with bracket methods, which intercept other method invocations. For example bracket methods may deny access to the target method based on arbitrary rules or may implement access monitoring. Brackets may also serve as a basis for implementing confinement by checking the client and target module identity and the information that is passed between the modules. Another important aspect of the SPEEDOS design is the delegation of many operating system duties to individual application software modules. The design of the kernel explicitly restricts the duties of the kernel to security-related basic mechanisms. All policy decisions are made in user-level modules. Certain resource management duties still need to be implemented in centralized modules, otherwise the allocation efficiency would decrease. The kernel implements only policy-neutral mechanisms and delegates all policy decisions to user-level code in order to minimize the size of the kernel. As an intentional side-effect this maximizes the flexibility and extensibility of the user-level modules. Effectively the complete operating system characteristics are determined by user-level code. In the prototype implementation it is shown that the virtual memory model used to describe the module structure can be mapped efficiently to the current page-based memory architecture implemented by the standard processor architectures available today.
Subject HeadingsComputerarchitektur [GND]
Kernel <Informatik> [GND]
Computer security [LCSH]
Operating systems (Computers) [LCSH]