Marcus and I have written a short position paper [1] which we have submitted to HotOS XI [2].
The goal of the paper is to articulate the problems we are trying to solve (security, resource management and integration) and to outline a framework for their solution. The system we propose is capability based. Such systems, it has been shown, can be used to straightforwardly realize dynamic POLA and, when designed carefully, can be made relatively extensible. The fine granularity attainable with capabilities is also desirable for resource management. To fix the resource management problems, we introduce an abstraction, resource pools, which is similar to EROS's space banks or resource containers. Resource pools account resources and encapsulate a resource scheduling policy. Resource pools form a policy hierarchy allowing tighter constraints to be placed on derived pools. This allows applications to decompose access to resources and refine policy without having to resort to full-scale interposition. In this way, policy can be set according to the process hierarchy but realized by the resource manager. A practical implication is that the central server can only implement a static number of policies reducing generality. We argue that, in practice, only a small number of policies are actually required. Finally, we introduce mechanisms to allow applications to control multiplexing giving applications, in particular, more control over the eviction policy. Although the paper has already been submitted, we are still interested in comments on how to improve it for the final version (if it is accepted). We are also very interested in discussing reactions to this proposal. Thanks, Neal [1] http://walfield.org/papers/20070104-walfield-access-decomposition-policy-refinement.pdf [2] http://www.usenix.org/events/hotos07/cfp/ _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
