Microkernel-based System Research Articles

The use of mTags for mandatory security: a case study

mTags is an efficient mechanism that augments inter-thread messages with lightweight metadata. We introduce and discuss a case study that we have conducted in the use of mTags for realizing a kind of mandatory security. Although mTags can be implemented for any message passing thread-based system, we consider an implementation of it in the POSIX-compliant QNX Neutrino, a commercial microkernel-based system. The approach to mandatory security that we adopt is Usable Mandatory Integrity Protection, which has been proposed in recent research. We call our adaptation of Usable Mandatory Integrity Protection using mTags, µMIP. We discuss the challenges we faced, and our design and implementation that overcomes these challenges. We discuss the performance of our implementation for well-established benchmarks. We conclude with the observation that mTags can be useful and practical to realize mandatory security in realistic systems. Copyright © 2013 John Wiley & Sons, Ltd.

Enhancing a dependable multiserver operating system with temporal protection via resource reservations

Nowadays, microkernel-based systems are getting studied and adopted with a renewed interest in a wide number of IT scenarios. Their advantages over classical monolithic solutions mainly concern the dependability domain. By being capable of dynamically detect and solve non-expected behaviours within its core components, a microkernel-based OS would eventually run forever with no need to be restarted. Dependability in this context mainly aims at isolating components from a spatial point of view: a microkernel-based system may definitely not be adopted in the context of real-time environments, simply basing on this kind of protection only. One of the most active real-time research areas concerns adding temporal protection mechanisms to general purpose operating systems. By making use of such mechanisms, these systems become suitable for being adopted in the context of time-sensitive domains. Microkernel-based systems have always been thought of as a kind of platform not suited to real-time contexts, due to the high latencies introduced by the message passing technique as the only inter-process communication (IPC) facility within the system. With computer performances growing at a fairly high rate, this overhead becomes negligible with respect to the typical real-time processing times. In the last years, many algorithms belonging to the class of the so-called Resource Reservations (RRES) have been devised in order to provide the systems with the needed temporal isolation. By introducing a RRES-aware scheduler in the context of a microkernel-based system, we may enrich it with the temporal benefits it needs in order to be deployed within domains with real-time requirements. In this paper we propose a generic way to implement these mechanisms, dependent for a very small part on the underlying OS mechanisms. In order to show the generality of our RRES framework we implemented it in the context of Minix 3, a highly dependable microkernel-based OS with an impressive users base.

The impact of operating system structure on memory system performance

In this paper we evaluate the memory system behavior of two distinctly different implementations of the UNIX operating system: DEC's Ultrix, a monolithic system, and Mach 3.0 with CMU's UNIX server, a microkernel-based system. In our evaluation we use combined system and user memory reference traces of thirteen industry-standard workloads. We show that the microkernel-based system executes substantially more non-idle system instructions for an equivalent workload than the monolithic system. Furthermore, the average instruction for programs running on Mach has a higher cost, in terms of memory cycles per instruction, than on Ultrix. In the context of our traces, we explore a number of popular assertions about the memory system behavior of modern operating systems, paying special attention to the effect that Mach's microkernel architecture has on system performance. Our results indicate that many, but not all of the assertions are true, and that a few, while true, have only negligible impact on real system performance.