From: Nathan Dire (ndire_at_cs.washington.edu)
Date: Mon Jan 12 2004 - 15:32:52 PST
In "HYDRA: the Kernel of a Multiprocessor Operating System", Wulf, et.
al., present a very minimal but flexible set of core functionalities to
form the basis for operating systems to run on C.mmp at CMU. The
authors expand on ideas concerning protection in multiprogramming
environments.
The design philosophy of HYDRA seems to have much in common with what is
now termed a micro-kernel architecture. The authors wish to provide a
very minimal, robust, and flexible environment that allows the user "to
create his own operating environment without being confined to
predetermined command and file systems, execution scenarios, resource
allocation policies." Three aspects of the approach stand out:
rejecting Dijkstra's strict hierarchical layering; separating mechanism
from policy; and integrating the design with the implementation. These
ideas seem to differ somewhat from earlier papers, and seem to have
persisted in current research.
The HYDRA environment starts with three basic object types: procedure,
local name space, and process. A procedure is as generally defined,
though it includes additional mechanisms to handle protection. An LNS
is the context for an active procedure. The term process corresponds
with it's current usage. These concepts are relatively easy to
understand.
As with the Dennis and Van Horn paper, capabilities are the key to
protection in the HYDRA system. The capability design is extended,
however, in that every object may contain capabilities referencing other
objects, and capabilities may refer to any type or operation.
At the level of abstraction found in this paper, I find it difficult to
evaluate the utility of the ideas, other than as methodology. Certainly
the time and space performance penalties for the pervasive use of
capabilities would need to be measured. As a whole, I think the system
forms a very solid basis for developing multiprocessor operating
systems, and the capability approach would help with addressing many
current security problems.
This archive was generated by hypermail 2.1.6 : Mon Jan 12 2004 - 15:32:53 PST