|
||
user-level, where it can be coupled more tightly to the application, resulting in an order-of-magnitude reduction in communication overhead. In addition, the user-level protocols can be customized to the application, thereby enabling experimentation with new protocols that are, for example, tailored toward real-time multimedia stream transmission. The main ideas of U-Net have been incorporated into the VIA (Virtual Interface Architecture) industry standard led by Compaq, Intel and Microsoft. At this point, commercial network interfaces designed for VIA are available. My group's recent research is premised on the conviction that advances in system security and safety could enable far more applications than further performance improvements. At the same time, Java has popularized the notion of safety at the language level and research projects such as Proof Carrying Code made it clear that language-based protection technology was maturing to the point where it would force a re-evaluation of the boundaries between programming languages, operating systems, and architecture. As we began to investigate how to build an entire system on language-based protection, we became convinced that a capability system is the best approach. Being able to revisit an operating system design approach essentially abandoned over a decade ago that still intrigues many an operating system researcher is proving to be a fascinating journey. Two of the most commonly voiced reasons for the failure of capability systems are that they were too expensive to implement and that they were too difficult to use. We developed an operating system on Java, called the J-Kernel, to show how language technology can be used to implement capabilities at very low cost. While trying to extract performance from Java has been a painful undertaking, the J-Kernel does demonstrate that capabilities can be implemented very efficiently. We are now developing applications on the J-Kernel to gain experience using capabilities so we can make progress on simplifying their use. Today, the J-Kernel represents the most sophisticated attempt at building a capability system using language-based security. Going forward, our goal with the J-Kernel is not to replace desktop operating systems. Rather we are focusing on the emerging large numbers of networked embedded and mobile devices. We are using our experience with the J-Kernel to provide a run-time infrastructure with the network safety features required in that domain. Our goal is to show that language-based protection is the most efficient avenue for building a run-time system for these devices. Publications
|