Can we make operating systems reliable and secure?

  title={Can we make operating systems reliable and secure?},
  author={Andrew S. Tanenbaum and Jorrit N. Herder and Herbert Bos},
Microkernels long discarded as unacceptable because of their lower performance compared with monolithic kernels might be making a comeback in operating systems due to their potentially higher reliability, which many researchers now regard as more important than performance. Each of the four different attempts to improve operating system reliability focuses on preventing buggy device drivers from crashing the system. In the Nooks approach, each driver is individually hand wrapped in a software… 

Figures from this paper

puffs-Pass-to-Userspace Framework File System

This work presentspuffsthe Pass-to-Userspace Frame work File System, a frame work for implementing file systems outside of the kernel in a separate protection domain in a user process that is argued to outweigh the measured overhead when compared with a classic in-k ernel file system.

Performance Optimizations for Isolated Driver Domains

The key idea is to replace the interrupt-based notification between domains with a spinning-based approach, thus trading CPU capacity for increased throughput, and the results show that the solution matches or outperforms Xen's isolated driver domain in most scenarios the authors considered.

Improving system security through TCB reduction

This work shows how the security-critical part of the OS, the so called TCB (Trusted Computing Base), can be reduced from millions to less than hundred thousand lines of code to achieve these security goals.

Reorganizing UNIX for Reliability

The architecture of a modular UNIX-compatible operating system, MINIX3, that provides reliability beyond that of most other systems, and is designed to survive and automatically recover from failures in critical modules, transparent to applications and without user intervention is discussed.

Building a reliable operating system

CuriOS is presented, an operating system that incorporates several new error management techniques that significantly improve reliability and achieves inter-client isolation by curtailing error propagation within services.

Faster Recovery from Operating System Failure and File Cache Missing

This work proposes a system that can fix failures within one second without losing file caches by replacing the OS encountering a fatal error by another OS that is running on the same machine.


This paper tries to use software architecture style based on Event-Driven and message passing communication method and determine a framework for interaction among practicable processes on OS and proposes a method which finally can improve the interaction between the OS and processes.

Improving Xen security through disaggregation

This paper introduces the work to disaggregate the management virtual machine in a Xen-based system, and describes the implementation, which moves the domain builder, the most important privileged component, into a minimal trusted compartment.

FlexOS: towards flexible OS isolation

FlexOS is presented, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time, and it is shown that, under equivalent configurations, FlexOS performs similarly or better than existing solutions which use fixed safety configurations.

Even more patterns for secure operating systems

This work presents patterns for the representation of processes and threads, emphasizing their security aspects, and presents a pattern to control the power of administrators, a common source of security problems.



Improving the reliability of commodity operating systems

Nooks, a reliability subsystem that seeks to greatly enhance operating system reliability by isolating the OS from driver failures, represents a substantial step beyond the specialized architectures and type-safe languages required by previous efforts directed at safe extensibility.

An empirical study of operating systems errors

A study of operating system errors found by automatic, static, compiler analysis applied to the Linux and OpenBSD kernels found that device drivers have error rates up to three to seven times higher than the rest of the kernel.

Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines

By allowing distinct device drivers to reside in separate virtual machines, this technique isolates faults caused by defective or malicious drivers, thus improving a system's dependability, and enables extensive reuse of existing and unmodified drivers.

The performance of μ-kernel-based systems

The ported Linux operating system was ported to run on top of the L4 μ- kernel and the resulting system with both Linux running native, and MkLinux, a Linux version that executes onTop of a first-generation Mach-derived μ-kernel demonstrated both that it is possible to implement a high-performance conventional operating system personality above a μ- Kernel, and that the performance of the μ- kernels is crucial to achieve this.

The architecture of virtual machines

A virtual machine can support individual processes or a complete system depending on the abstraction level where virtualization occurs, and replication by virtualization enables more flexible and efficient and efficient use of hardware resources.

On micro-kernel construction

Contradictory to this belief, it is shown and support by documentary evidence that inefficiency and inflexibility of current μ-kernels is not inherited from the basic idea but mostly from overloading the kernel and/or from improper implementation.

The distribution of faults in a large industrial software system

The ultimate goal of this study is to help identify characteristics of files that can be used as predictors of fault-proneness, thereby helping organizations determine how best to use their testing resources.

An empirical study of operating systems errors

A study of operating system errors found by automatic, static, compiler analysis applied to the Linux and OpenBSD kernels is presented.

Software errors and complexity: an empirical investigation

The distributions and relationships derived from the change data collected during the development of a medium scale satellite software project shows that meaningful results can be obtained which

Software errors and complexity: an empirical investigation0

An analysis of the distributions and relationships derived from the change data collected during development of a medium-scale software project produces some surprising insights into the factors