![Page 1: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/1.jpg)
Lecture 6From L3 to seL4: What Have We Learnt in 20 Years of L4
Microkernels?
Kevin Elphinstone and Gernot Heiser
Operating Systems Practical
12 November, 2014
OSP Lecture 6, L4 Microkernels 1/42
![Page 2: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/2.jpg)
Contents
Introduction and design principles
Brief history of microkernels
L4: Basic abstractions
L4: Design and implementation choices
Keywords
Questions
OSP Lecture 6, L4 Microkernels 2/42
![Page 3: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/3.jpg)
Outline
Introduction and design principles
Brief history of microkernels
L4: Basic abstractions
L4: Design and implementation choices
Keywords
Questions
OSP Lecture 6, L4 Microkernels 3/42
![Page 4: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/4.jpg)
Context and terminology
I Operating system
I Kernel
I Monolithic kernel
I Microkernel
OSP Lecture 6, L4 Microkernels 4/42
![Page 5: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/5.jpg)
Operating system
I abbrv. OS
I Software (collection) to interface hardware with userI Components:
I Kernel: Linux, FreeBSD, Windows NT, XNU, L4, . . .I Services/daemons: sysvinit, CUPS print server, udev, . . .I Utilities: ls, Windows Commander, topI Other applications
OSP Lecture 6, L4 Microkernels 5/42
![Page 6: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/6.jpg)
Kernel
I Components directly interfacing with hardwareI Examples?
I “Core” of OSI No general definition of “core”
OSP Lecture 6, L4 Microkernels 6/42
![Page 7: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/7.jpg)
Monolithic vs. Micro-kernel
Hardware
VFS
IPC, file system
Scheduler, virtual memory
Device drivers, dispatcher
Hardware
IPC, virtual memory
Application
Application
UnixServer
FileServerDevice
Driver
Syscall
IPC
KernelMode
UserMode
Source: http://www.cse.unsw.edu.au/
OSP Lecture 6, L4 Microkernels 7/42
![Page 8: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/8.jpg)
Monolithic vs. Micro-kernel
Monolithic kernel
I IPC, scheduling,memory management
I File systems
I Drivers
I Higher-level API
Microkernel
I IPC, scheduling,memory management
I API closer to thehardware
OSP Lecture 6, L4 Microkernels 8/42
![Page 9: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/9.jpg)
Microkernel principles: minimality
I If it’s not critical, leave it out of the kernelI Pros:
I Small code baseI Easy to debugI Trusted Computing Base, feasible for formal verification
I Cons:I Harder to find the “right” API designI Harder to optimize for high-performance
OSP Lecture 6, L4 Microkernels 9/42
![Page 10: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/10.jpg)
Microkernel principles: user-level services
I Drivers, file systems, etc. as user space servicesI Pros:
I Isolation ⇒ limited attack surfaceI High availability, fault toleranceI Componentization, reusability
I Cons:I Performance: IPC is a bottleneck
OSP Lecture 6, L4 Microkernels 10/42
![Page 11: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/11.jpg)
Microkernel principles: policy freedom
I Kernel provides mechanisms, not policies
I Policy definition is left up to the user space applicationI Pros:
I Flexibility
I Cons:I Hard to achieve, e.g. for schedulingI May lead to application bloat
I Example: kernel provides user with memory, allocationalgorithm depends on app
I Example: cache maintenance is explicitly exposed to userspace, to improve performance
OSP Lecture 6, L4 Microkernels 11/42
![Page 12: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/12.jpg)
Outline
Introduction and design principles
Brief history of microkernels
L4: Basic abstractions
L4: Design and implementation choices
Keywords
Questions
OSP Lecture 6, L4 Microkernels 12/42
![Page 13: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/13.jpg)
0th Generation (1970s)
I Nucleus [Brinch Hansen ’70]
I Hydra [Wulf et al ‘74]I Issues
I Lack of hardware supportI Bad performance
OSP Lecture 6, L4 Microkernels 13/42
![Page 14: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/14.jpg)
1st Generation (1980s)
I Mach
I ChorusI Issues
I Stripped-down monolithic kernelsI BigI Bad performance: 100µs IPC
OSP Lecture 6, L4 Microkernels 14/42
![Page 15: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/15.jpg)
2nd Generation (1990s, early 2000s)
I Minix
I L3, L4 [Lietdke ’95]I Performance-oriented
I From scratch designI Architecture-dependent optimizations, e.g. reduced cache
footprintI L3 was fully implemented in assembly
I IssuesI Security
OSP Lecture 6, L4 Microkernels 15/42
![Page 16: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/16.jpg)
L4 family tree
93 94 95 96 97 98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 13
L3→L4 “X”Hazelnut
Pistachio
L4/Alpha
L4/MIPS
seL4
OKL4-µKernel
OKL4-Microvisor
Codezero
P4→ PikeOS
Fiasco Fiasco.OC
L4-embed.
NovaGMD/IBM/Karlsruhe
UNSW/NICTA
Dresden
Assember
CCC
Portable
Caps
Verified
Source: http://www.cse.unsw.edu.au/
OSP Lecture 6, L4 Microkernels 16/42
![Page 17: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/17.jpg)
L4 family tree
93 94 95 96 97 98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 13
L3→L4 “X”Hazelnut
Pistachio
L4/Alpha
L4/MIPS
seL4
OKL4-µKernel
OKL4-Microvisor
Codezero
P4→ PikeOS
Fiasco Fiasco.OC
L4-embed.
NovaGMD/IBM/Karlsruhe
UNSW/NICTA
Dresden
Assember
C++
C
Asm+C
C++
CC
Portable
Caps
Verified
Source: http://www.cse.unsw.edu.au/
OSP Lecture 6, L4 Microkernels 17/42
![Page 18: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/18.jpg)
3rd Generation (2007+)
I OKL4 Microvisor [Heiser and Leslie ’10]
I Microkernel and hypervisor
I Replaces some of the mechanisms with hypervisor mechanisms
I Deployed in older Motorola phones
OSP Lecture 6, L4 Microkernels 18/42
![Page 19: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/19.jpg)
3rd Generation (2007+)
I seL4 [Elphinstone et al ’07, Klein et al ’09]I Security-oriented
I Capability-based access controlI Strong isolation
I Memory management policy fully exported to user spaceI Kernel objects are first class citizensI All memory is explicitly allocated
I Formally verified [Klein et al ’09]
OSP Lecture 6, L4 Microkernels 19/42
![Page 20: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/20.jpg)
Outline
Introduction and design principles
Brief history of microkernels
L4: Basic abstractions
L4: Design and implementation choices
Keywords
Questions
OSP Lecture 6, L4 Microkernels 20/42
![Page 21: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/21.jpg)
What mechanisms to abstract?
I Bare minimum:I ProcessorI MemoryI Interrupts/exceptions
I Must replace memory isolation with communication protocolsI Communication (IPC)I Synchronization
OSP Lecture 6, L4 Microkernels 21/42
![Page 22: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/22.jpg)
Hypervisor vs. microkernel
Resource Hypervisor Microkernel
Memory Virtual MMU (vMMU) Address space
CPU Virtual CPU (vCPU) Thread orscheduler activation
Interrupt Virtual IRQ (vIRQ) IPC message or signal
Communication Virtual NIC Message-passing IPC
Synchronization Virtual IRQ IPC message
Source: http://www.cse.unsw.edu.au/
OSP Lecture 6, L4 Microkernels 22/42
![Page 23: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/23.jpg)
Abstracting memory
I Address space, fundamentally:I A collection of virtual → physical mappings
I Ways to expose this to user:I Array of (physical) frames or (virtual) pages to be mappedI Cache for mappings which might vanish (Virtual TLB)
OSP Lecture 6, L4 Microkernels 23/42
![Page 24: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/24.jpg)
Abstracting execution
I Threads, vCPUs
I What defines a thread?I Migrating threads
I Thread might be moved to different address space
OSP Lecture 6, L4 Microkernels 24/42
![Page 25: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/25.jpg)
Abstracting execution
I Scheduling: map threads to CPUs
I What is the scheduling policy?
I Simple round-robin
I Policy-free scheduling?
OSP Lecture 6, L4 Microkernels 25/42
![Page 26: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/26.jpg)
Communication abstraction
I Inter-Process Communication (IPC)
I Synchronous, asynchronous 6= blocking, non-blocking
I Traditional L4 IPC is fully synchronousI Asynchronous notification
I Sender asynchronous, receiver blocking and synchronousI Similar to Unix’s select
OSP Lecture 6, L4 Microkernels 26/42
![Page 27: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/27.jpg)
Interrupt abstraction
I Hardware faults are abstracted through IPC
I Synchronous exceptions, page faults, etc.I Interrupts are asynchronous notifications
I Thread must register as a pagefault/exception/interrupthandler
OSP Lecture 6, L4 Microkernels 27/42
![Page 28: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/28.jpg)
Access control
How do we specify objects?I IDs in a global list
I Provably insecureI Can DDoS, create covert channels, etc.
I IDs in per-address space lists
I Capabilities
OSP Lecture 6, L4 Microkernels 28/42
![Page 29: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/29.jpg)
Access control: capabilities
I Developed in KeyKOS, Coyotos, Amoeba, L4 Pistachio,OKL4, seL4, . . .
I A tokenI owned by the subject (e.g. a thread)I as proof that it has access rights to an object (e.g. a kernel
object)
I All inter-domain accesses are mediated by capabilities
OSP Lecture 6, L4 Microkernels 29/42
![Page 30: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/30.jpg)
Outline
Introduction and design principles
Brief history of microkernels
L4: Basic abstractions
L4: Design and implementation choices
Keywords
Questions
OSP Lecture 6, L4 Microkernels 30/42
![Page 31: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/31.jpg)
Implementation language
I Initial L3 and L4: 100% x86 assembly
I Pistachio, OKL4 microkernel: C, C++, assembly
I OKL4 Microvisor, seL4: C
I seL4: Haskell prototype for correctness proof
OSP Lecture 6, L4 Microkernels 31/42
![Page 32: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/32.jpg)
Inter-Process Communication
I seL4, OKL4: “Endpoints” as IPC targetsI Decouple target from actual service
I Fully signal-like asynchronous IPC (OKL4 Microvisor)
OSP Lecture 6, L4 Microkernels 32/42
![Page 33: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/33.jpg)
Access control and resource management
I seL4: access control based on delegable capabilities
I Take-grant modelI Provable security
I Information leaks are impossibleI . . . if the policy is correctI . . . and the implementation is correctI . . . and the compiler is correctI . . . and the hardware isn’t faulty
OSP Lecture 6, L4 Microkernels 33/42
![Page 34: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/34.jpg)
Access control and resource management
I seL4: resources are exposed as capabilities to physical memoryI May be:
I MappedI Delegated to children domainsI Delegated to kernel: “retyped” into kernel objects
OSP Lecture 6, L4 Microkernels 34/42
![Page 35: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/35.jpg)
Preemption in the kernel
I Interrupts are disabled when running in kernel
I Microkernel is in general non-preemptable
I Preemption points for long-running operations
OSP Lecture 6, L4 Microkernels 35/42
![Page 36: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/36.jpg)
Scheduling
I Scheduling contexts (Fiasco.OC)I Separate scheduling parameters from threadsI Allow implementing hierarchical scheduling [Lackorzynski et al
’12]
I Policy-free scheduling still unresolved
OSP Lecture 6, L4 Microkernels 36/42
![Page 37: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/37.jpg)
Multi-processors
I Initial L4 design is uniprocessor
I seL4: same, due to formal verification constraints
I Possible approach: multikernels [M Von Tessin ’12]
OSP Lecture 6, L4 Microkernels 37/42
![Page 38: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/38.jpg)
Outline
Introduction and design principles
Brief history of microkernels
L4: Basic abstractions
L4: Design and implementation choices
Keywords
Questions
OSP Lecture 6, L4 Microkernels 38/42
![Page 39: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/39.jpg)
Keywords
I microkernel
I l4
I thread
I address space
I inter-process communication
I access control
I capability
I preemption
OSP Lecture 6, L4 Microkernels 39/42
![Page 40: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/40.jpg)
Resources
I http://dl.acm.org/citation.cfm?id=224075
I http://www.cse.unsw.edu.au/~cs9242/13/lectures/
I http://os.inf.tu-dresden.de/L4/
I http://ssrg.nicta.com.au/projects/seL4/
I http://os.inf.tu-dresden.de/fiasco/
I http://www.ok-labs.com/products/okl4-microvisor
OSP Lecture 6, L4 Microkernels 40/42
![Page 41: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/41.jpg)
Outline
Introduction and design principles
Brief history of microkernels
L4: Basic abstractions
L4: Design and implementation choices
Keywords
Questions
OSP Lecture 6, L4 Microkernels 41/42
![Page 42: Lecture 6 - From L3 to seL4: What Have We Learnt in 20 Years of …elf.cs.pub.ro/soa/res/lectures/lecture-l4.pdf · 2014. 12. 1. · Lecture 6 From L3 to seL4: What Have We Learnt](https://reader035.vdocuments.us/reader035/viewer/2022071409/610161228decf97aa90275eb/html5/thumbnails/42.jpg)
Questions
?
OSP Lecture 6, L4 Microkernels 42/42