From: Brian Milnes (brianmilnes_at_qwest.net)
Date: Wed Jan 14 2004 - 09:45:51 PST
Hydra: The Kernel of a Multi-Processing Operating System - W. Wulf et al
The authors describe the Hydra kernel for C.mmp as having a general object
semantics and is designed to create secure systems. This was a novel
approach in that they are attempting to provide a "kernel" on which to build
many OS systems. Their philosophy was to build a system that allowed
separation of mechanism from policy. They use a structured design and
modularity ala Dijkstra and Parnas and reject strict hierarchical design
from systems such as "THE."
The system has capabilities including a concept of a protected call with
capabilities. It did a form of dynamic type and capability check at
protected call, launching each new call in its own protection space making a
type of protected RPC. This requires a real garbage collection, which must
have been a dog on such a small old machine. Modern operating systems mostly
avoid a full garbage collection in favor of reference counting and timeouts
on data structures.
They believe that the system contained all of the necessary features to
allow one to build their own OS without being constrained by policy. But
their example of using these features is for a very simple system; they
would have been better served to show an example not just of a toy user
protected sub domain but to show something of more scale such as user login
and resource sharing. Although this is a nice overview of some of Hydra, we
miss two of its most advanced features for its time: multiprocessing and
networking.
This archive was generated by hypermail 2.1.6 : Wed Jan 14 2004 - 09:46:01 PST