Abstract
This paper revisits an old approach to operating system construc-tion, the library OS, in a new context. The idea of the library OS is that the personality of the OS on which an application depends runs in the address space of the application. A small, fixed set of abstractions connects the library OS to the host OS kernel, offering the promise of better system security and more rapid independent evolution of OS components.
We describe a working prototype of a Windows 7 library OS that runs the latest releases of major applications such as Microsoft Excel, PowerPoint, and Internet Explorer. We demonstrate that desktop sharing across independent, securely isolated, library OS instances can be achieved through the pragmatic reuse of net-working protocols. Each instance has significantly lower overhead than a full VM bundled with an application: a typical application adds just 16MB of working set and 64MB of disk footprint. We contribute a new ABI below the library OS that enables application mobility. We also show that our library OS can address many of the current uses of hardware virtual machines at a fraction of the overheads. This paper describes the first working prototype of a full commercial OS redesigned as a library OS capable of running significant applications. Our experience shows that the long-promised benefits of the library OS approach better protection of system integrity and rapid system evolution are readily obtainable.
- Amazon. Amazon Elastic Compute Cloud (EC2). Seattle, WA, 2006.Google Scholar
- Ammons, G., Appavoo, J., Butrico, M., Da Silva, D., Grove, D., Kawachiya, K., Krieger, O., Rosenburg, B., Van Hensbergen, E. and Wisniewski, R.W. Libra: A Library OS for a JVM in a Virtualized Execution Environment. In Proceedings of the 3rd International Conference on Virtual Execution Environments, 2007. Google Scholar
Digital Library
- Anderson, T.E. The Case for Application-Specific Operating Systems. In Proceedings of the 3rd Workshop on Workstation Operating Systems, 1992.Google Scholar
Cross Ref
- Appavoo, J., Auslander, M., Da Silva, D., Edelsohn, D., Krieger, O., Ostrowski, M., Rosenburg, B., Wisniewski, R.W. and Xenidis, J. Providing a Linux API on the Scalable K42 Kernel. In Proceedings of the 2003 USENIX Annual Technical Conference, 2003.Google Scholar
- Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I. and Warfield, A. Xen and the Art of Virtualization. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, 2003. Google Scholar
Digital Library
- Baumann, A., Barham, P., Dagand, P.-E., Harris, T., Isaacs, R., Peter, S., Roscoe, T., Schüpbach, A. and Singhania, A. The Multikernel: a new OS architecture for scalable multicore systems. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles, 2009. Google Scholar
Digital Library
- Bhattiprolu, S., Biederman, E.W., Hallyn, S. and Lezcano, D. Virtual servers and checkpoint/restart in mainstream Linux. SIGOPS Operating Systems Review, 42 (5), 2008. Google Scholar
Digital Library
- Bugnion, E., Devine, S., Govil, K. and Rosenblum, M. Disco: Running Commodity Operating Systems on Scalable Multiprocessors. ACM Transactions on Computer Systems, 15 (4), 1997. Google Scholar
Digital Library
- Chen, H., Wagner, D. and Dean, D. Setuid Demystified. In Proceedings of the 11th USENIX Security Symposium, USENIX Association, 2002. Google Scholar
Digital Library
- Cheriton, D.R. and Duda, K.J. A Caching Model of Operating System Kernel Functionality. In Proceedings of the 1st USENIX Symposium on Operating Systems Design and Implementation, 1994. Google Scholar
Digital Library
- Douceur, J.R., Elson, J., Howell, J. and Lorch, J.R. Leveraging Legacy Code to Deploy Desktop Applications on the Web. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, 2008. Google Scholar
Digital Library
- Eiraku, H., Shinjo, Y., Pu, C., Koh, Y. and Kato, K. Fast Networking with Socket-Outsourcing in Hosted Virtual Machine Environments. In Proceedings of the 24th ACM Symposium on Applied Computing, 2009. Google Scholar
Digital Library
- Engler, D.R., Kaashoek, M.F. and O'Toole, J., Jr. Exokernel: an Operating System Architecture for Application-Level Resource Management. In Proceedings of the 15th ACM Symposium on Operating Systems Principles, 1995. Google Scholar
Digital Library
- Franke, H., Russel, R. and Kirkwood, M. Fuss, Futexes and Furwocks: Fast Userlevel Locking in Linux. In Proceedings of the Ottawa Linux Symposium, 2002.Google Scholar
- Garfinkel, T. Traps and Pitfalls: Practical Problems in System Call Interposition based Security Tools. In Proceedings of the Network and Distributed Systems Security Symposium, 2003.Google Scholar
- Gerard Malan, R.R., David Golub, and Robert Brown. DOS as a Mach 3.0 Application. In Proceedings of the USENIX Mach Symposium, 1991.Google Scholar
- Gupta, D., Lee, S., Vrable, M., Savage, S., Snoeren, A.C., Varghese, G., Voelker, G.M. and Vahdat, A. Difference Engine: Harnessing Memory Redundancy in Virtual Machines. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, 2008. Google Scholar
Digital Library
- Helander, J., Unix under Mach: The Lites Server. Helsinki University of Technology, Helsinki, 1994.Google Scholar
- Howell, J., Hunt, G.C., Molnar, D. and Porter, D.E., Living Dangerously: A Survey of Software Download Practices. MSR-TR-2010--51, Microsoft Research, 2010.Google Scholar
- Keetch, T., Escaping from Protected Mode Internet Explorer -- Evaluating a potential security boundary. Verizon Business, London, UK, 2010.Google Scholar
- Leslie, I., McAuley, D., Black, R., Roscoe, T., Barham, P., Evers, D., Fairbairns, R. and Hyden, E. The Design and Implementation of an Operating System to Support Distributed Multimedia Applications. IEEE Journal on Selected Areas In Communications, 14 (7), 1996. Google Scholar
Digital Library
- Litzkow, M., Tannenbaum, T., Basney, J. and Livny, M., Checkpoint and Migration of UNIX Processes in the Condor Distributed Processing System. University of Wisconsin-Madison, 1997.Google Scholar
- Loscocco, P. and Smalley, S. Integrating flexible support for security policies into the Linux operating system. In Proceedings of the 2001 USENIX Annual Technical Conference, 2001. Google Scholar
Digital Library
- Love, R. Get on the D-BUS. Linux Journal, 2005. Google Scholar
Digital Library
- Microsoft. Internet Information Services 7.5. Redmond, WA, 2009.Google Scholar
- Microsoft. Microsoft Application Virtualization (App-V). Redmond, WA, 2006.Google Scholar
- Microsoft Performance Tuning Guidelines for Windows Server 2008 R2, Redmond, WA, 2009.Google Scholar
- Microsoft, Remote Desktop Protocol: Basic Connectivity and Graphics Remoting Specification. Redmond, WA, 2010.Google Scholar
- Price, D. and Tucker, A. Solaris zones: operating system support for server consolidation. In Proceedings of the Large Installation Systems Administration Conference, 2004.Google Scholar
- Roscoe, T., Elphinstone, K. and Heiser, G. Hype and virtue. In Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems, 2007. Google Scholar
Digital Library
- Sapuntzakis, C., Brumley, D., Chandra, R., Zeldovich, N., Chow, J., Lam, M.S. and Rosenblum, M. Virtual Appliances for Deploying and Maintaining Software. In Proceedings of the Large Installation Systems Administration Conference, 2003. Google Scholar
Digital Library
- Soltesz, S., Pötzl, H., Fiuczynski, M.E., Bavier, A. and Peterson, L. Container-based Operating System Virtualization: A Scalable, High-Performance Alternative to Hypervisors. In Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007, ACM, 2007. Google Scholar
Digital Library
- Spear, M.F., Roeder, T., Hodson, O., Hunt, G.C. and Levi, S., Solving the Starting Problem: Device Drivers as Self-Describing Artifacts. In Proceedings of the EuroSys 2006 Conference, Leuven, Belgium, 2006. Google Scholar
Digital Library
- Stokely, M. and Lee, C. The FreeBSD Handbook 3rd Edition, Vol. 1: User's Guide. FreeBSD Mall, Inc., Brentwood, CA, 2003. Google Scholar
Digital Library
- Sugerman, J., Venkitachalam, G. and Lim, B.-H. Virtualizing I/O Devices on VMware Workstations Hosted Virtual Machine Monitor. In Proceedings of the 2001 USENIX Annual Technical Conference, 2001. Google Scholar
Digital Library
- Torre, C. Mark Russinovich: Inside Windows 7. Channel 9, Redmond, WA, January, 2009.Google Scholar
- VMWare. ThinApp. Palo Alto, CA, 2008.Google Scholar
- Waldspurger, C.A. Memory Resource Management in VMware ESX Server. In Proceedings of the 5th USENIX Symposium on Operating Systems Design and Implementation, 2002. Google Scholar
Digital Library
- Whitaker, A., Shaw, M. and Gribble, S.D. Scale and Performance in the Denali Isolation Kernel. In Proceedings of the 5th USENIX Symposium on Operating Systems Design and Implementation, 2002. Google Scholar
Digital Library
- Yee, B., Sehr, D., Dardyk, G., Chen, J.B., Muth, R., Orm, T., Okasaka, S., Narula, N., Fullagar, N. and Inc, G. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In Proceedings of the 30th IEEE Symposium on Security and Privacy, 2009. Google Scholar
Digital Library
- Zeldovich, N., Boyd-Wickizer, S., Kohler, E. and Mazières, D. Making information flow explicit in HiStar. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, 2006. Google Scholar
Digital Library
Index Terms
Rethinking the library OS from the top down
Recommendations
Rethinking the library OS from the top down
ASPLOS '11This paper revisits an old approach to operating system construc-tion, the library OS, in a new context. The idea of the library OS is that the personality of the OS on which an application depends runs in the address space of the application. A small, ...
Rethinking the library OS from the top down
ASPLOS XVI: Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systemsThis paper revisits an old approach to operating system construc-tion, the library OS, in a new context. The idea of the library OS is that the personality of the OS on which an application depends runs in the address space of the application. A small, ...
How to design a library OS for practical containers?
VEE 2021: Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsContainer engines with operating-system virtualization have been widely used and now offer extensions to replace core functionalities that are derived from the host kernel. Because such extensions with an alternate kernel, which is often implemented in ...







Comments