Information Technology Reference
In-Depth Information
The main approach of the Exokernel is to attempt
a very clear separation between management and
protection of resources. Management is left to the
user processes - because user processes them-
selves know how to better utilize the resources
under their control. Protection of the resources is
provided by the Exokernel, but in a very minimal
amount so as not to interfere with any attempts to
optimize the user processes. The end result is an
operating system that is easily modified to meet
the changing needs of user processes while also
allowing real optimizations to occur - which result
in major speed-ups in process execution times.
We will be taking a closer look at the separation
of management from protection as we investigate
the Exokernel Operating System.
improperly if it wanted to, but it also means the
user-process has the freedom to optimize how the
resource is utilized. This added freedom means
software engineers need to develop computer
programs that police themselves to ensure that
the shared resources provided by an Exokernel
are used properly.
Dawson Engler provides a better example of
the separation of management from protection
as he explains how the Exokernel protects physi-
cal memory. The accessing of physical memory
through read and write requests are
privileged
instructions for a traditional operating system. The
traditional kernel stands guard over the memory
and verifies every read/write request to ensure each
request has the proper access rights. Because the
traditional operating system stands between the
user-processes and the physical hardware, when
a user-process wants to send a message to the
hardware, it passes the message to the traditional
operating system and the operating system then
passes the message to the hardware on behalf of
the user process. When a user-process passes a
message to the operating system in this manner, it
is called a system-call. One of the down-sides of
the traditional system-call is that user-processes
cannot directly execute privileged instructions.
Because the traditional operating system is the
constant middle-man that gets involved in every
system-call, the overall efficiency within the entire
computer system is greatly reduced.
In response to the issue of reduced global ef-
ficiency, Dawson Engler explains that the Exoker-
nel's solution is “to make traditionally privileged
code unprivileged by limiting the duties of the
kernel to just these required for protection” (En-
gler, 1998). This means that the Exokernel allows
user-processes to have much more direct access to
memory. The Exokernel still gets involved a little,
but only enough to ensure the memory access is
“safe”. Once safety is guaranteed, a user-process
is allowed to directly access the hardware itself.
In the next pages, we continue to illuminate
some of the unique aspects of the Exokernel Oper-
the exoKernel Solution
Previously we stated the Exokernel only provides
protection and proper sharing of resources. Ac-
cording to Dawson Engler, the process of pro-
tecting resources consists of three major tasks;
1) tracking ownership of resources, 2) ensuring
protection by guarding all resource usage or bind-
ing points, and 3) revoking access to resources
(Engler, 1998). Lesser tasks of the Exokernel
include; protecting a processes ability to execute
privileged instructions, protecting the processing
of the central processing unit, and protecting physi-
cal memory - which includes writes to “special”
memory locations that are used by devices, and
protection of network devices. We stress that
while the Exokernel is providing protection of
these activities, it is not getting involved in the
micro-management of these activities. The micro-
management of these activities is provided by
user-processes that are located in user-space rather
than kernel space. In other words, the Exokernel
will grant a user-process access to a resource, and
it might revoke that access if necessary, however,
it does not regulate how the resource is used. This
means that a user-process could use a resource
Search WWH ::
Custom Search