J. Liedtke: Toward Real Microkernels
Rashid et al.: Mach: A System Software Kernel
Golub et al.: UNIX as an Application Program
Bershad and Chen: The Impact of Operating System Structure on Memory System Performance

How the microkernel idea got started — or at least, how it was popularized. Key ideas in Mach: memory objects, RPC, ports, scheduling. Chen's view on why the Mach kernel delivered such poor performance. Design goals of a microkernel. The central role of IPC.

Volume 1, Chapters 1,2,3.
Volume 3, Chapters 1,2.

Volume 3, Chapters 3,4.

Volume 3, Chapter 5.

It may help to look briefly at About The Pentium.

A look at the Pentium architecture, including the parts we will set aside and how we will do so. An look at the Pentium process model from the user point of view, and it's supervisor-level augmentation by the microkernel.

J. Liedtke: On μ-Kernel-Construction
J. Liedtke: Improving IPC by Kernel Design
Ford et al.: Evolving Mach 3.0 to a Migrating Threads Model.

Discussion of IPC and microkernel system structure. Understanding the high-level issues that impact IPC performance and what to do about them. Explanation of the low-level and high-level IPC interfaces, and how applications use IPC to provide services. Endpoints and options for their implementation. Introduction of capabilities.

Wed, September 28: [mp3] [Ogg]

Mazieres: Secure Applications Need Flexible Operating Systems.
Ford: The Flux OS Toolkit: Reusable Components for OS Implementation.
Fleisch: The Failure of Personalities to Generalize.
Rawson: Experience with the Development of a Microkernel-Based, Multiserver Operating System.

I will be out of town on Monday and Tuesday at a conference, and this week is Rosh Hashanna, which is one of the Jewish high holidays. Class lectures will resume on Wednesday, 5 October.

As you read the papers above, pay particular attention to the two by Rawson and Fleisch. Workplace shell is probably the most thoroughly explored microkernel-based system ever built, and the lessons from this effort are important. Further, remember that both of these papers are written by IBM employees who are publishing news of a technology disaster — something that IBM was embarassed about and might have preferred not to disclose at all. In consequence, both papers are extremely understated, and some of the lessons need to be extracted by thinking carefully about the implications of some of the numbers they cite about project size and time.

Wed, October 5: [mp3] [Ogg]

No new readings.

Issues in storage management. Choices of capability transmission mechanism. Initial discussion of memory mapping primitives.

Mon, October 10: [mp3] [Ogg]
Tue, October 11: [mp3] [Ogg]
Wed, October 12: [mp3] [Ogg]

Shapiro: Vulnerabilities in Synchronous IPC Designs.
Shapiro: Design of the EROS Trusted Window System.

Security challenges in microkernel system structures.

Tue, October 18: [mp3] [Ogg]
Wed, October 19: [mp3] [Ogg]

Download here. Due Monday 10/24 at beginning of class. Submission instructions are on the midterm.

Constructing defensively correct systems.

Tue, October 25: [mp3] [Ogg]
Wed, October 26: [mp3] [Ogg]

Review of the chain of trust for constructors and process creation, and what the brand guarantee actually provides.

Discussion of the connection between persistence and consistency, and how this relates to our notions of transactional consistency.

Discussion of the difference between persistence and data interchange.

Mon, October 31: [mp3] [Ogg]
Wed, November 02: [mp3] [Ogg]

How persistence relates to file system implementation.

Recovery issues in persistent systems.

Midterm followup.

Mon, November 07: [mp3] [Ogg]
Tue, November 08: [mp3] [Ogg]
Wed, November 09: [mp3] [Ogg]

Engler: Exokernel: An Operating System Architecture for Application-Level Resource Management.
Engler: VCODE: A Retargetable, Extensible, Very Fast Dynamic Code Generation System.
Engler: DPF: Fast, Flexible Message Demultiplexing using Dynamic Code Generation.
Engler: Application Performance and Flexibility on Exokernel Systems.

A quick overview of secure boot technology.

Structure of applications in a persistent capability system.

Mon, November 14: [mp3] [Ogg]
Tue, November 15: [mp3] [Ogg]
Wed, November 16: [mp3] [Ogg]

How DMA and interrupt handling works.

Mon, November 21: [mp3] [Ogg]
Tue, November 22: [mp3] [Ogg]

Pulling ideas together in the EROS Window System

Mon, November 28: [mp3] [Ogg]
Tue, November 29: [mp3] [Ogg]
Wed, November 30: [mp3] [Ogg]

Discussion of the Asbestos prototype operating system. Pulling ideas together in the EROS Network Subsystem.

These are getting posted late, but please read them by class on Tuesday, because they are important for the final exam. Pay particularly close attention to section 5 of the Labels paper.

Krohn et al.: Make Least Privilege a Right (Not a Privilege).
Efstathopoulos et al.: Labels and Event Processes in the Asbestos Operating System.
Sinha et al.: Network Subsystems Reloaded: A High-Performance, Defensible Network Subsystem.

Mon, December 5: [mp3] [Ogg]
Tue, December 6: [mp3] [Ogg]
Wed, December 7: [mp3] [Ogg]

Download here. Due Friday 12/16 at noon. Submission instructions are on the final.

Final bits on the EROS network subsystem.

Mon, December 12: [mp3] [Ogg]