1 / 15

EROS: A Reliable Real-time operating system

EROS: A Reliable Real-time operating system. Presentation for CS775/875 By: SHANGPING GUO ECE, ODU NOV. 15, 1999. EROS: Outline. Introduction of EROS Key technology in EROS Protected Components Capability based system Global Persistence Crossing protection boundaries

moshe
Download Presentation

EROS: A Reliable Real-time operating system

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EROS: A Reliable Real-time operating system • Presentation for CS775/875 • By: SHANGPING GUO • ECE, ODU • NOV. 15, 1999

  2. EROS: Outline • Introduction of EROS • Key technology in EROS • Protected Components • Capability based system • Global Persistence • Crossing protection boundaries • EROS for large distributed system in the field • Making unit test cost effective • Field replaceable software units • Summary

  3. What is EROS? Objectives EROS is a new operating system being implemented at UPenn. It is a small, secure, real-time operating system that provides orthogonal persistence. SIMPLIFICATION in building large systems, eliminating as many diversionary requirements as possible. CONTAINMENT, allowing the inevitable software failures to be caught and recovered from SECURITY, enabling applications to safely expose sensitive information in a controlled way. EROS:Introduction

  4. EROS: Key technologies • Pure capability architecture • Authority in EROS is conveyed exclusively by secure capability, down to the granularity of individual pages • Orthogonal global persistence • All user state, including both data and running program are transparently saved periodically. In the event of system failure processes are resumed from the last checkpoint. • Security • Processes hold authorities in their own right rather than inheriting from the user

  5. EROS: Boundary and component • Flaws in conventional application • Too much responsibility assigned to a single point of failure: the application • No means to stop one component from damaging another • Handling exceptional cases is hard to isolate from common time-critical cases • Components can not be replaced individually

  6. EROS:Boundary and Component • Advantages • Each component concentrate a well-defined task. • Components run in parallel • components easily replicated • Components interact by communications • faster and more reliable

  7. EROS: Persistence • Every 5 min, the complete state of an EROS system is saved. This is done through a technique called checkpointing • Process don’t die until they are told to, even across system crashes. There is no need to re-establish consistency. • System recovers in 30 sec. • No need for file system for process is alive forever.

  8. EROS: Capability • A capability is a protected token that lets the holder performs certain operation on a particular object. Possession a capability is necessary and sufficient for doing those operations on that object. • Fault can not propagate from one component to another if the components are properly isolated. • In EROS, processes hold capability on behalf their users, different from UNIX and Windows NT.

  9. EROS: Capability • Access control and integrity checks • Suppose you have a database, you only allow me to use for fix number of times. In EROS, a mediator is inserted between the client and database. The mediator has the right to access, however, the user not. • The mediator can also perform integrity checks to make sure the queries make sense. • It is possible to insert a mediator into a client/server. When the server halts, a new process is built to act as server. The old process is now made to run mediator. No client will realize what happens

  10. EROS: Capability • Confinement: • Suppose the client has the valuable database, and need to control the access, the solution is to have some agents you trust who will certify to the client that you program is safe. • In EROS, the trusted part is called constructor. The constructor is a program knowing how to start programs. • You first install your program in a constructor object, assigning all the capabilities the program will use. • You give this constructor to the client.

  11. EROS: Capability • 1. Client asks the constructor: Is it safe to run the program? • 2. Constructor reply based on the capabilities your program holds. Client decides if or not use it. If yes, request a copy of your program • 3. Constructor fakes a copy • 4. Client and application interaction

  12. EROS: Cross-protection boundaries • Application divided into many protected components • Each component is a well-defined function. Critical task is implemented in a whole component. • 100~1000 times faster than other protected crossing mechanism

  13. Conventional:Unit test expensive Modules are cross-dependent. Data or internal function is exposed to other module. Unit boundaries are not preserved when combined into an application. Once combined modules no longer operate in isolation. Such errors is hard to caught EROS: unit test is cost effective EROS component exposes nothing but the specified interfaces EROS preserves protection boundaries in the final application. They enable the errors caught earlier and cross-module effects can not occur. EROS:Unit test cost effective

  14. EROS: field replaceable units • In EROS, the software units can be replaced and tested without breaking a single client operation.

  15. EROS: Summary • EROS provides a rich environment for constructing secure, reliable applications. Its unique features enable it to support large, field engineerable applications without compromising overall performance or responsiveness. • More details, please see: • http://www.eros-os.org • http://www.ece.odu.edu/~sguox002/eros.ppt

More Related