From: ahemavathy (ahemavathy_at_hotmail.com)
Date: Sat Feb 28 2004 - 22:07:24 PST
I liked reading this paper in comparison with the Disco paper. The writing style was simpler and so easy to understand. The paper is about another isolation kernel between the physical hardware and the Operating System to achieve isolation between VM's. It differs from Disco in that while Disco is backward compatible with unmodified legacy systems Denali is not. Denali's virtual architecture is not a complete ditto emulation of the physical architecture.
Their aim is to build a isolation kernel that safely multiplexes untrusted Internet services on shared hardware. The 2 major challenges to their goals are scalability and security. One of their design principles is to expose low-level resources rather than high level abstractions thereby reducing security risks. While this principle is similar to Exokernel principle the two systems differ in that Denali exposes only private, virtualized namespaces. Thus Denali's security policy is complete isolation mechanism thus eliminating the need for access control policies.
Another new interesting concept was "idle with timeout" feature which reduces the waste of CPU time. The performance measurements of Denali were impressive. As before the only disappointing thing about the paper was the fact that it was used on a guest OS.
This archive was generated by hypermail 2.1.6 : Sat Feb 28 2004 - 22:08:41 PST