The operating system Kernel as a secure programmable machine

To provide modularity and performance, operating system kernels should have only minimal embedded functionality. Today's operating systems are large, inefficient and, most importantly, inflexible. In our view, most operating system performance and flexibility problems can be eliminated simply by pushing the operating system interface lower. Our goal is to put abstractions traditionally implemented by the kernel out into user-space, where user-level libraries and servers abstract the exposed hardware resources. To achieve this goal, we have defined a new operating system structure, exokernel, that safely exports the resources defined by the underlying hardware. To enable applications to benefit from full hardware functionality and performance, they are allowed to download additions to the supervisor-mode execution environment. To guarantee that these extensions are safe, techniques such as code inspection, inlined cross-domain procedure calls, and secure languages are used. To test and evaluate exokernels and their customization techniques a prototype exokernel, Aegis, is being developed.