| Summary: | Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, February, 2020 === Cataloged from student-submitted PDF of thesis. === Includes bibliographical references (pages 54-60). === A secure kernel is the keystone upon which all software systems are built. Historically, memory corruption errors have accounted for a large portion of kernel bugs. These bugs are difficult to detect and avoid in memory-unsafe languages such as C. To mitigate such bugs, we build on top of an operating system written in a memory-safe language, Rust. Rust provides memory-safety guarantees while remaining as fast and flexible as other systems languages. Yet, some operations within operating systems, such as hand-written assembly for interrupt handling, do not fit within the scope of a language memory-safety model. To reduce the scope of these errors, microkernels isolate and reduce privilege by moving much of the traditional kernel into userspace services. However, their effectiveness is limited by the inflexibility of modern hardware. The Zero Kernel Operating System (ZKOS) emphasizes the high-level ideas of compartmentalization and least privileges on a tagged architecture. In particular, instead of relying on the Ring model and paging, which coarsely limit privilege and isolation granularity, a tagged architecture allows ZKOS to isolate at the memory word level and provide truly disjoint privileges. To this end, ZKOS slices kernelspace and userspace into fine-grained components based on function. Then, ZKOS defines specific entry and exit points between components and composes policies to limit component transitions and privileges. This increases the precision of isolation and privilege, and complements the local compile-time and runtime checks Rust performs to reduce the scope of bugs. === by Justin Restivo. === M. Eng. === M.Eng. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science
|
|---|
