HYDRA: The Kernel of a Multiprocessor Operating SystemMatthew RobertsContribution and Related WorkHYDRA strives to…Provide an environment for effective utilization of the hardware resources (multiprocessor computer system)Facilitate the construction of these environmentsOperating System…?Two views are commonly held: an operating system defines an ``abstract machine'' by providing facilities, or resources, which are more convenient than those provided by the ``bare'' hardwarean operating system allocates (hardware) resources in such a way as to most effectively utilize them.HYDRA provides…Introduction of new facilities (system extension)–ObjectsCreation of new typesApply operations to this typeSharing and protectionCreation of a highly secure systemCapability-based system…Capabilities for memory addressing and protection derived through access rightsSupports security policy by controlling propagation of access rights according to the policy–Poorly suited to providing policy flexibilityHYDRA makes the transition from…Capability-basedToObject-based with capabilities–Object is the unit of protection.–Capabilities are used to determine if access to an object is allowed.–Easier to protect if divided into objectsObject-based system…Everything is an object–Ex// procedures, LNS, processes, disks, files, directories, etc…Abstract objects are the fundamental unitsExtend by adding new types of resourcesManipulate by adding procedures for resources(Name, Type, Representation)Separating mechanism and policy…Control mechanisms are separate from security policy.Mechanisms should be included in the kernel, but policies should not.Kernel provides mechanisms to implement policies.Allows for experimentationSo…we haveAn object-based model with capabilities&Separation of mechanism and policyAllowing for …Flexibility&Ease of Extension3 Object types:The kernel provides an execution environment with the interrelationships of the following:–Procedure–Local Name Space (LNS)–ProcessProcedure Object…Static entityName, parameters, output, and capability–CODE and DATA+–Protection FacilitiesRequired capabilities –Caller Independent – specified at creation time–Caller Dependent – specified at execution time (actual parameters)Local Name Space (LNS)…Dynamic set of capabilities that a running procedure may use at run-timeCreated at procedure callDestroyed at procedure returnProcess…Smallest unit that can be scheduled for executionStack of LNS’s representing cumulative state of a single sequential task.Unit exploited for parallel processing capabilitiesRelated Work…Capability-based SystemsKeyKOS–Persistent, pure capability operating systemEROS (Extremely Reliable Operating System)–Pure capability system with capabilities uniquely identifying an object and a set of access
View Full Document