From: Cem Paya 98 (Cem.Paya.98_at_Alum.Dartmouth.ORG)
Date: Mon Jan 12 2004 - 12:02:17 PST
Paper review: Programming semantics for multi-programmed
computations, Van Horn et al.
Cem Paya, CSE551P
The authors describe an intermediate level language for
expressing the semantics of what we might today call multi-
user, multitasking operating system. It’s telling that the
paper appeared in a conference on programming languages
(as opposed to operating systems) because the emphasis is
on defining a very precise way to express familiar
concepts such as synchronization and protection.
Key contribution in the paper is capability based access
controls. There were two main paradigms for controlling
access: permissions can be associated with the object or
they can be associated with users, or “principals”as they
are dubbed in this paper. Former is used by virtually all
commercial operating systems in the form access controls.
Van Horn et. al. describe the alternative based on
associating capabilities with principals. This is more
flexible because users can acquire or give up capabilities
dynamically; granting or revoking permission to an object
does not involve changing the object itself. In the MCS
system groups of processes called computations (==”job” in
contemporary terminology) are associated with a capability
list or C-list for short. All attempts at accessing
resources are checked against C-list for authorization.
Unlike ACLs which tend to be relatively static,
capabilities are routinely updated at runtime. For example
the superior computation can grant additional permissions
to its inferior computation. The language also makes
provisions for synchronization via the lock primitive,
debugging through a series of commands to inspect other
processes, parallel programming using the “fork” idea of
cloning the current process and generalized notion of file
system with namespaces.
In retrospect much of the ideas proposed here presage
their modern versions. Some, notably capabilities, have
survived intact if not necessarily widely used in
practice. (Although the growth of the web and distributed
systems may bring capabilities back into vogue) Concept of
viewing file system as directed graph with reference
counted links is another example. Others are in a highly
primate or convoluted state. For example there is a
primitive IPC mechanism that allows processes to call into
each other, but the semantics described here are a
complete Rube-Goldberg contraption. Many of the others
have been superseded by cleaner and simpler models, such
as sharing in modern file systems.
This archive was generated by hypermail 2.1.6 : Mon Jan 12 2004 - 12:02:23 PST