From: Muench, Joanna (jmuench_at_fhcrc.org)
Date: Mon Jan 12 2004 - 16:36:19 PST
The Wulf et al paper on the HYDRA system presents the design philosophy of
our first kernel for an operating system. The authors in this paper
specifically mention their lack of satisfaction with the layered approach
detailed by Dijkstra for THE and instead describe the kernel of basic
facilities necessary for any operating system. They argue that this kernel
approach is an easier way to created a flexible, reliable and easily
protected operating system.
The paper introduces three core object types, procedure, LNS and process and
provides a simplified explanation of how a procedure become a process with
the capabilities described in a stack of LNS's. The paper also presents a
clear differentiation between protection, a mechanism the kernel offers, and
security, a policy that may be present in higher level facilities. The
central components of the protection mechanism are the object, capabilities
and the CALL/RETURN pair of functions. Since capabilities are just
references to objects, this whole system begins to feel very
object-oriented, and hence very flexible. Here we also find our first
discussion of garbage collection.
The rest of the paper discusses how a kernel containing these basic
mechanisms will make building an operating system easier. The argument isn't
entirely compelling, mostly due to a lack of discussion of the performance
of such a fine-grained protection mechanism. However the last section
provides an extremely interesting example of using the protection mechanisms
within the kernel to control access to a shared bibliographic database. As a
researcher working with a shared bibliography, it is a compelling example
and one that would be difficult to implement in a Windows or UNIX
environment. The closest application that comes to mind is the version
control software CVS. Having tried to fine-tune the permissions in Linux for
that application I can appreciate the simple ownership scheme this paper
presents.
This archive was generated by hypermail 2.1.6 : Mon Jan 12 2004 - 16:36:28 PST