VirtuOS

Ruslan Nikolaev, Godmar Back
2013 Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles - SOSP '13  
Most operating systems provide protection and isolation to user processes, but not to critical system components such as device drivers or other system code. Consequently, failures in these components often lead to system failures. VirtuOS is an operating system that exploits a new method of decomposition to protect against such failures. VirtuOS exploits virtualization to isolate and protect vertical slices of existing OS kernels in separate service domains. Each service domain represents a
more » ... tition of an existing kernel, which implements a subset of that kernel's functionality. Unlike competing solutions that merely isolate device drivers, or cannot protect from malicious and vulnerable code, VirtuOS provides full protection of isolated system components. VirtuOS's user library dispatches system calls directly to service domains using an exceptionless system call model, avoiding the cost of a system call trap in many cases. We have implemented a prototype based on the Linux kernel and Xen hypervisor. We demonstrate the viability of our approach by creating and evaluating a network and a storage service domain. Our prototype can survive the failure of individual service domains while outperforming alternative approaches such as isolated driver domains and even exceeding the performance of native Linux for some multithreaded workloads. Thus, Vir-tuOS may provide a suitable basis for kernel decomposition while retaining compatibility with existing applications and good performance.
doi:10.1145/2517349.2522719 dblp:conf/sosp/NikolaevB13 fatcat:eolqsbmsbfbppeheykl4toswsm