From: Gang Zhao (galaxy_at_cs.washington.edu)
Date: Fri Jan 23 2004 - 11:02:30 PST
This paper seems useful and relevant.
It talks about fault tollerance and recovery. Both of these things are exciting.
The important distication made early in the paper was the distinction between fault resistance rather than fault tollerance. This seems a departure from current system design.
The isolation mechanism is essentially seems to put a new kernel transition between the kernel and the extension. During this transitions objects are checked for integrity.
The recovery mechanism discussion seems a little bit light.
While the Nooks paper mentions that it does not protect against malicious code, this doesn't seem to be a drawback. Catching some of the bugs is better than catching none of the bugs.
Nooks required hand coding of the kernel wrappers. This requires expert knowledge, which in other operating systems may be difficult to come by.
I like the idea that the recovery mechanism isn't required to reload the driver. It seems that a driver could deny service by requiring frequent reloads.
This archive was generated by hypermail 2.1.6 : Fri Jan 23 2004 - 11:02:35 PST