Paramecium: an extensible object-based kernel

  title={Paramecium: an extensible object-based kernel},
  author={Leendert van Doorn and Philip Homburg and Andrew S. Tanenbaum},
  journal={Proceedings 5th Workshop on Hot Topics in Operating Systems (HotOS-V)},
We describe the design of an extensible kernel, called Paramecium. This kernel uses an object-based software architecture which together with instance naming, late binding and explicit overrides enables easy reconfiguration. Determining which components reside in the kernel protection domain is up to the user. A certification authority or one of its delegates certifies which components are trustworthy and therefore permitted to run in the kernel protection domain. These delegates may include… 
An Explicit Binding Model for Runtime Extensible Operating Systems
Operating system design has traditionally followed a philosophy in which the system is structured as a fixed set of abstractions and mecha nisms. This approach, however, is now showing its
Chameleon, a dynamically extensible and configurable object-oriented operating system
This dissertation introduces Chameleon, a new object-oriented operating system that shares the same philosophical approach as Apertos, leveraging meta designs and concepts to deal with the diverse requirements of today's and future multimedia applications.
Dycos-a customizable kernel architecture supporting distributed operating environments
  • C. B. Czech
  • Computer Science
    Proceedings of 3rd International Conference on Algorithms and Architectures for Parallel Processing
  • 1997
Dycos is an object-based approach providing a toolbox of operations to build user-definable compositions of kernel structures, and has been evaluated on a Solaris 2.5.1 platform.
A secure java TM virtual machine
This paper describes the design and implementation of a system that provides operating system style protection for Java code, which uses hardware protection domains to separate Java classes, provide access control on cross domain method invocations, efficient data sharing between protection domains, and memory and CPU resource control.
Isolation, resource management and sharing in the kaffeos java runtime system
It is demonstrated that in the presence of malicious or buggy code that engages in a denial-of-service attack directed against resources, KaffeOS-based systems can contain the attack, remove resources from the attacked applications, and continue to provide robust service to other clients.
The Inherently Distributed AdaptableO
This paper describes the implementation of the OO system, where the microkernel itself and its abstractions are both distributed and adaptable and the system can maintain both adaptability and other good properties for system distribution as inherent features.
Towards object-based wide area distributed systems
This work advocates an object-based approach to distribution, which allows for flexibility because many of the technical detail of distribution, such as communication protocols, consistency rules, etc. can be hidden behind the objects' interfaces.
Dynamic Memory Model Reconfiguration in DEIMOS
How DEIMOS simultaneously supports a variety of dyn amically instantiable memory models (e.g. segmented memory, paged virtual memory, flat unprotected memo ry, software protected memory) and how it is possible to load new memory models at run time w ithout disrupting applications running under existing models.
Towards a Grand Unified Framework for Mobile Objects
Distributed object systems (DOS) are usually implemented as middleware which repeats and undoes a significant amount of work performed by the underlying operating system [3]. This introduces overhead
FlexRTS: An extensible Orca Run-Time System
FlexRTS provides run-time and application programmers with full control over the implementation and placement of kernel and user-level modules, which allows programmers to optimize the run- time system on a per application basis and take most leverage out of the available hardware.


Interposition agents: transparently interposing user code at the system interface
An object-oriented toolkit is used to construct several agents including protected environments for running untrusted binaries, modified file system namespaces, logical devices implemented entirely in user space, transparent network data compression and/or encryption agents, and system call tracing tools.
Authentication in the Taos operating system
In this design, applications gain access to security services through a narrow interface that provides a notion of identity that includes simple principals, groups, roles, and delegations.
The Operating System Kernel as a Secure Programmable Machine
To put abstractions traditionally implemented by the kernel out into user-space, where user-level libraries and servers abstract the exposed hardware resources, a new operating system structure, exokernel, is defined that safely exports the resources defined by the underlying hardware.
The CHORUS Distributed Operating System: Some Design Issues
The current version, CHORUS-V2, offers a full UNIX ™ compatibility at the user level, while providing control of distribution by relying on a powerful IPC facility, based on ports and messages, as the heart of its architecture.
SPACE: a new approach to operating system abstraction
SPACE is an extensible operating system being developed for research into object-oriented and distributed systems design that uses capability mechanisms based on the manipulation of address spaces to provide low-level kernel primitives from which higher-level abstractions can be constructed.
SPIN: an extensible microkernel for application-specific operating system services
The SPIN operating system enables system services to be defined in an application-specific fashion through an extensible microkernel and offers applications fine-grained control over a machine's logical and physical resources through run-time adaptation of the system to application requirements.
The Spring Name Service
The Spring name service exploits and supports the uniformity of objects in the Spring object-oriented distributed system, integrating access control and persistence for objects in a way that allows object implementations to delegate responsibility to the name service, or to implement their own policies.
Authentication in distributed systems: theory and practice
A theory of authentication and a system that implements it, based on the notion of principal and a “speaks for” relation between principals, is described and used to explain many existing and proposed security mechanisms.
Efficient software-based fault isolation
It is demonstrated that for frequently communicating modules, implementing fault isolation in software rather than hardware can substantially improve end-to-end application performance.
Automated proofs of object code for a widely used microprocessor
This thesis formally described a substantial subset of the MC68020, a widely used microprocessor built by Motorola, within the mathematical logic of the automated reasoning system Nqthm, a.k.a. the Boyer-Moore Theorem Proving System, and mechanized a mathematical theory to facilitate automated reasoning about object code programs.