SRL Publications Projects Courses







600.439: Microkernel Architecture and Design

Fall 2005 Syllabus (Preliminary)  

Last Update: 9/14/2005

This course provides a look at the architecture and design issues in a modern microkernel. We will review the classing papers in the field, and we will spend a significant bit of time growing a microkernel up from a starting system. The course is primarily project oriented.

Regrettably, there really isn't a textbook covering this area well. We will therefore be working from primary source materials (papers). Readings are due at the start of the relevant week. We need to be able to discuss and evaluate this material in class.

The usual lecture format will be split each week between discussion of papers, key issues, and examination of real code.

The syllabus that follows is a work in progress!

Week of Topic(s) and Papers
12 September

Early Results


J. Liedtke: Toward Real Microkernels
Rashid et al.: Mach: A System Software Kernel
Golub et al.: UNIX as an Application Program
Bershad and Chen: The Impact of Operating System Structure on Memory System Performance


How the microkernel idea got started — or at least, how it was popularized. Key ideas in Mach: memory objects, RPC, ports, scheduling. Chen's view on why the Mach kernel delivered such poor performance. Design goals of a microkernel. The central role of IPC.

19 September

The Pentium and the Process Model


Volume 1, Chapters 1,2,3.
Volume 3, Chapters 1,2.

Volume 3, Chapters 3,4.

Volume 3, Chapter 5.

It may help to look briefly at About The Pentium.


A look at the Pentium architecture, including the parts we will set aside and how we will do so. An look at the Pentium process model from the user point of view, and it's supervisor-level augmentation by the microkernel.

26 September



J. Liedtke: On μ-Kernel-Construction
J. Liedtke: Improving IPC by Kernel Design
Ford et al.: Evolving Mach 3.0 to a Migrating Threads Model.


Discussion of IPC and microkernel system structure. Understanding the high-level issues that impact IPC performance and what to do about them. Explanation of the low-level and high-level IPC interfaces, and how applications use IPC to provide services. Endpoints and options for their implementation. Introduction of capabilities.


Wed, September 28: [mp3] [Ogg]

3 October

Arguments Pro and Con


Mazieres: Secure Applications Need Flexible Operating Systems.
Ford: The Flux OS Toolkit: Reusable Components for OS Implementation.
Fleisch: The Failure of Personalities to Generalize.
Rawson: Experience with the Development of a Microkernel-Based, Multiserver Operating System.


I will be out of town on Monday and Tuesday at a conference, and this week is Rosh Hashanna, which is one of the Jewish high holidays. Class lectures will resume on Wednesday, 5 October.

As you read the papers above, pay particular attention to the two by Rawson and Fleisch. Workplace shell is probably the most thoroughly explored microkernel-based system ever built, and the lessons from this effort are important. Further, remember that both of these papers are written by IBM employees who are publishing news of a technology disaster — something that IBM was embarassed about and might have preferred not to disclose at all. In consequence, both papers are extremely understated, and some of the lessons need to be extracted by thinking carefully about the implications of some of the numbers they cite about project size and time.


Wed, October 5: [mp3] [Ogg]

10 October

Storage, Capability Models, Memory Mapping


No new readings.


Issues in storage management. Choices of capability transmission mechanism. Initial discussion of memory mapping primitives.


Mon, October 10: [mp3] [Ogg]
Tue, October 11: [mp3] [Ogg]
Wed, October 12: [mp3] [Ogg]

17 October

Security Issues


Shapiro: Vulnerabilities in Synchronous IPC Designs.
Shapiro: Design of the EROS Trusted Window System.


Security challenges in microkernel system structures.


Tue, October 18: [mp3] [Ogg]
Wed, October 19: [mp3] [Ogg]


Download here. Due Monday 10/24 at beginning of class. Submission instructions are on the midterm.

24 October

Defensive Correctness


Constructing defensively correct systems.


Tue, October 25: [mp3] [Ogg]
Wed, October 26: [mp3] [Ogg]

31 October

Persistence, storage systems, and consistency.


Review of the chain of trust for constructors and process creation, and what the brand guarantee actually provides.

Discussion of the connection between persistence and consistency, and how this relates to our notions of transactional consistency.

Discussion of the difference between persistence and data interchange.


Mon, October 31: [mp3] [Ogg]
Wed, November 02: [mp3] [Ogg]

7 November

Persistence Implications


How persistence relates to file system implementation.

Recovery issues in persistent systems.

Midterm followup.


Mon, November 07: [mp3] [Ogg]
Tue, November 08: [mp3] [Ogg]
Wed, November 09: [mp3] [Ogg]

14 November

Secure Boot, System Structure


Engler: Exokernel: An Operating System Architecture for Application-Level Resource Management.
Engler: VCODE: A Retargetable, Extensible, Very Fast Dynamic Code Generation System.
Engler: DPF: Fast, Flexible Message Demultiplexing using Dynamic Code Generation.
Engler: Application Performance and Flexibility on Exokernel Systems.


A quick overview of secure boot technology.

Structure of applications in a persistent capability system.


Mon, November 14: [mp3] [Ogg]
Tue, November 15: [mp3] [Ogg]
Wed, November 16: [mp3] [Ogg]

21 November

DMA and Interrupt Handling


How DMA and interrupt handling works.


Mon, November 21: [mp3] [Ogg]
Tue, November 22: [mp3] [Ogg]

28 November

Examining the EROS Window System


Pulling ideas together in the EROS Window System


Mon, November 28: [mp3] [Ogg]
Tue, November 29: [mp3] [Ogg]
Wed, November 30: [mp3] [Ogg]

5 December

Examining the EROS Networking Stack


Discussion of the Asbestos prototype operating system. Pulling ideas together in the EROS Network Subsystem.


These are getting posted late, but please read them by class on Tuesday, because they are important for the final exam. Pay particularly close attention to section 5 of the Labels paper.

Krohn et al.: Make Least Privilege a Right (Not a Privilege).
Efstathopoulos et al.: Labels and Event Processes in the Asbestos Operating System.
Sinha et al.: Network Subsystems Reloaded: A High-Performance, Defensible Network Subsystem.


Mon, December 5: [mp3] [Ogg]
Tue, December 6: [mp3] [Ogg]
Wed, December 7: [mp3] [Ogg]

Final Exam

Download here. Due Friday 12/16 at noon. Submission instructions are on the final.

12 December

Last Discussion and Wrap-Up


Final bits on the EROS network subsystem.


Mon, December 12: [mp3] [Ogg]