microkernel

Lee Salzman lee.salzman@lvdi.net
Sat, 15 Dec 2001 12:41:49 -0500


>Hello,
>
>Why do you say in your paper "Why A New Operating System" in section A.9,
>f, "well then", xiv that "the protection-handling or proof-checking
>"microkernel" is like the executive" and you seem to indicate that this is
>a good thing although The TUNES Glossary argues against the idea of using
>a microkernel? The TUNES Glossary even goes so far as to suggest that the
>kernel should be removed from operating systems and I do not know what
>that would leave to do message handling. Anything you can tell me about
>this may be helpful. Oh, and there's a broken link to warnings on The
>TUNES Glossary web page.
>Thanks.
>
>    Drew Daniels

  To clarify, if you read earlier parts of the section, it is stated
(perhaps not clearly enough) that what protection means and what is
its arbitrator should be open, extensible/flexible, and not necessarily
unique (and hence, is not really a "kernel" at all). He is merely
comparing the role of a security arbitrator (of which a microkernel
is just an example of an existing security arbitrator -- not of which
he is necessarily saying anything good about) in a computing system to
the role of an executive in a governing body. The TUNES Glossary is also
more recently updated and is the source to trust first.

  As an example of how one can manage security in an OS without relying
on memory protection and using a rudimentary form of "proof-checking,"
you might find GO! (http://goos.sourceforge.net) interesting. Also,
as an example of how exactly a "kernel-less" OS works, you may want
to check out my defunct, ancient OS toy
(http://www.lvdi.net/~lee.salzman/pos.tar.gz). Both are also interesting
from a message passing point of view in that they try to do away with it.
Message passing is not necessarily a bad thing, but in most OSes it is
used in a bad way -- message passing is not a security mechanism, it's
a synchronization mechanism (and a communication mechanism -- but at
the level of an OS a horrible one, as far as the user/programmer is
concerned).

  Lee