ACM 9 (1966), 143--155. Clearly, these principles, other than security and verification, are not absolute. If you want to restrict the component (eg an OS personality) further, you can instead supply it with with caps to pools of TCBs, frames, address spaces etc. 1993. Linux is a registered trademark of Linus Torvalds. Wombat: A portable user-mode Linux for embedded systems. However, this issue is reducing in the modern microkernel systems created such as L4 microkernel systems. Kernel design for isolation and assurance of physical memory. Jochen Liedtke. Livio Soares and Michael Stumm. You also have the option to opt-out of these cookies. L4 microkernel family tree from 1993 until 2013. Ph.D. Dissertation. It can then manage the pools, but would have to appeal to a higher authority to move memory between the pools. That it does so without a performance hit is doubly astonishing. And much of our research over the years has been driven by addressing this: evolving the kernel to support a growing class of use cases well. Most recently we have taken a step further in extending isolation (and thus security) to timing properties, as a principled way of eliminating timing channels. creating an address space, which requires memory for page tables) the caller must provide this memory explicitly to the kernel (by a process called retyping, which converts user-controlled Untyped, i.e. In Proceedings of the Asia-Pacific Workshop on Systems (APSys). What makes seL4 unique is that we know with mathematical certainty that the seL4 code implements its "distancing" specification with ZERO functionality bugs. L4, like its predecessor L3 microkernel, was created by German computer scientist Jochen Liedtke as a response to the poor performance of earlier microkernel-based operating systems. J. ACM 24, 3 (1977), 455--464. 1994. Managing Kernel Memory Resources from User Level. 10 Years seL4: Still the Best, Still Getting Better, Insecure by design – lessons from the Meltdown and Spectre debacle, Stopping you from shooting yourself in the foot, client performs seL4_Call(), kernel changes client state to blocked, kernel moves scheduling context from client to server, kernel unblocks server, which executes the request, having handled the request, server performs seL4_ReplyRecv() on the reply object to respond to the client, kernel blocks server, kernel returns scheduling context to client. the set of data structures held by the kernel. Canberra. In Proceedings of the IEEE Symposium on Security and Privacy. 585--591. The performance of μ-kernel-based systems.


