Neal H. Walfield
Skip Abstract Section
Abstract
The GNU Hurd's design was motivated by a desire to rectify a number of observed shortcomings in Unix. Foremost among these is that many policies that limit users exist simply as remnants of the design of the system's mechanisms and their implementation. To increase extensibility and integration, the Hurd adopts an object-based architecture and defines interfaces, in particular those for the composition of and access to name spaces, that are virtualizable.
This paper is first a presentation of the Hurd's design goals and a characterization of its architecture primarily as it represents a departure from Unix's. We then critique the architecture and assess it in terms of the user environment of today focusing on security. Then follows an evaluation of Mach, the microkernel on which the Hurd is built, emphasizing the design constraints which Mach imposes as well as a number of deficiencies its design presents for multi-server like systems. Finally, we reflect on the properties such a system appears to require.
- Anderson, J. P. Computer security technology planning study. Tech. rep., Air Force Electronic Systems Division, Oct. 1972.Google Scholar
- Banga, G., Druschel, P., and Mogul, J. C. Resource containers: A new facility for resource management in server systems. In 3rd USENIX Symposium on Operating Systems Design and Implementation (Feb. 1999). Google ScholarDigital Library
- Bonwick, J. The slab allocator: An object-caching kernel memory allocator. In USENIX Summer (1994), pp. 87--98. Google ScholarDigital Library
- Bushnell, M. Towards a new strategy of OS design. GNU's Bulletin 1, 16 (Jan. 1994).Google Scholar
- Cox, M., and Ellsworth, D. Application-controlled demand paging for out-of-core visualization. In VIS '97: Proceedings of the 8th conference on Visualization (1997). Google ScholarDigital Library
- Dennis, J. B., and Van Horn, E. C. Programming semantics for multiprogrammed computations. Communications of the ACM 9, 3 (Mar. 1966), 143--155. Google ScholarDigital Library
- DEPARTMENT OF DEFENSE. Trusted Computer System Evaluation Criteria DOD 5200.28-STD. Dec. 1985.Google Scholar
- Domjan, H., and Gross, T. R. Managing resource reservations and admission control for adaptive applications. In 30th International Conference on Parallel Processing (Sept. 2001). Google ScholarDigital Library
- Druschel, P., Pai, V. S., and Zwaenepoel, W. Extensible kernels are leading OS research astray. Proceedings of the 6th Workshop on Hot Topics in Operating Systems (May 1997). Google ScholarDigital Library
- Fleisch, B. The failure of personalities to generalize. In HOTOS '97: Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI) (1997). Google ScholarDigital Library
- Gorman, M. Understanding the Linux Virtual Memory Manager. Bruce Perens' Open source series. Prentice Hall Professional Technical Reference, 2004. Google ScholarDigital Library
- Hardy, N. The KeyKOS architecture. In Operating Systems Review (Oct. 1985), vol. 19, pp. 8--25. Google ScholarDigital Library
- Hertz, M., Feng, Y., and Berger, E. D. Garbage collection without paging. In Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation (June 2005). Google ScholarDigital Library
- Kaashoek, M. F., Engler, D. R., Ganger, G. R., Briceo, H. M., Hunt, R., Mazires, D., Pinckney, T., Grimm, R., Jannotti, J., and Mackenzie, K. Application performance and flexibility on exokernel systems. 16th Symposium on Operating Systems Principles (1997). Google ScholarDigital Library
- Landau, C. R. The checkpoint mechanism in KeyKOS. In Second International Workshop on Object Orientation in Operating Systems (Sept. 1992).Google ScholarCross Ref
- Liedtke, J. Improving IPC by kernel design. In Proceedings of the 14th Symposium on Operating System Principles (SOSP) (Asheville, NC, Dec. 1993). Google ScholarDigital Library
- Liedtke, J., Panteleenko, V., Jaeger, T., and Islam, N. High-performance caching with the lava hit-server. In Proceedings of the USENIX 1998 Annual Technical Conference (New Orleans, Lousiana, June 1998). Google ScholarDigital Library
- Miller, M. S. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, Johns Hopkins University, May 2006. Google ScholarDigital Library
- Ostrand, T., and Weyuker, E. The distribution of faults in a large industrial software system. In ACM SIGSOFT International Symposium on Software Testing and Analysis (2002), pp. 55--64. Google ScholarDigital Library
- Ostrand, T., Weyuker, E., and Bell, R. Where the bugs are. In ACM SIGSOFT International Symposium on Software Testing and Analysis (2004), pp. 86--96. Google ScholarDigital Library
- Pike, R. Lexical file names in Plan 9 or getting dot-dot right. In 2000 USENIX Annual Technical Conference (June 2000). Google ScholarDigital Library
- Popek, G. J., and Goldberg, R. P. Formal requirements for virtualizable third generation architectures. Communications of the ACM 17, 7 (July 1974), 412--421. Google ScholarDigital Library
- Provos, N., Friedl, M., and Honeyman, P. Preventing privilege escalation. In 12th USENIX Security Symposium (Aug. 2003). Google ScholarDigital Library
- Saltzer, J. H. Naming and binding of objects. In Operating Systems, An Advanced Course (London, UK, 1978), Springer-Verlag, pp. 99--208. Google ScholarDigital Library
- Saltzer, J. H., and Schroeder, M. D. The protection of information in computer systems. In Proceedings of the IEEE (Sept. 1975), vol. 63, pp. 1278--1308.Google ScholarCross Ref
- Seaborn, M. Plash: tools for practical least privilege. http://plash.beasts.org.Google Scholar
- Shapiro, J. S., and Adams, J. Design evolution of the EROS single-level store. In 2002 USENIX Annual Technical Conference (2002), pp. 59--72. Google ScholarDigital Library
- Shapiro, J. S., and Hardy, N. Eros: A principle-driven operating system from the ground up. IEEE Software 19, 1 (2002), 26--33. Google ScholarDigital Library
- Singaravelu, L., Pu, C., Härtig, H., and Helmuth, C. Reducing tcb complexity for security-sensitive applications: Three case studies. In EuroSys 2006 (Leuven, Belgium, April 2006). Google ScholarDigital Library
- Stevenson, J. M., and Julin, D. P. Mach-US: Unix on generic OS object servers. In USENIX Winter (1995), pp. 119--130. Google ScholarDigital Library
- Stiegler, M., Karp, A. H., Yee, K.-P., and Miller, M. Polaris: Virus safe computing for Windows XP. Communications of the ACM 49, 9 (2006), 83--88. Google ScholarDigital Library
- Stonebraker, M. Operating system support for database management. Communications of the ACM 24, 7 (July 1981), 412--418. Google ScholarDigital Library
- Thomas, R., and Martin, J. The underground economy: priceless. ;login: 31, 6 (Dec. 2006).Google Scholar
- Tullmann, P., Lepreau, J., Ford, B., and Hibler, M. User-level checkpointing through exportable kernel state. IEEE International Workshop on Object-Orientation in Operating Systems (Oct. 1996). Google ScholarDigital Library
- Yee, K.-P. User interaction design for secure systems. In International Conference on Information and Communications Security (2002). Google ScholarDigital Library
- Young, M., Tevanian, A., Rashid, R., Golub, D., Eppinger, J., Chew, J., Bolosky, W., Black, D., and Baron, R. The duality of memory and communication in the implementation of a multiprocessor operating system. In 11th ACM Symposium on Operating Systems Principles (SOSP) (Nov. 1987), pp. 63--76. Google ScholarDigital Library
Index Terms
A critique of the GNU hurd multi-server operating system
Recommendations
The Free Software Movement and the GNU/Linux Operating System
ICSM '06: Proceedings of the 22nd IEEE International Conference on Software MaintenanceRichard Stallman is the founder of the GNU Project, launched in 1984 to develop the free software operating system GNU. The name ``GNU'' is a recursive acronym for ``GNU's Not Unix''. He is also the principal author of the GNU Compiler Collection, a ...
Comments