Computer Laboratory Home Page Search A-Z Directory Help
University of Cambridge Home Computer Laboratory
January 16th 2003
Computer Laboratory > Research > Systems Research Group > NetOS > Seminars > January 16th 2003

Opening up the Kernel to 3rd Parties

Herbert Bos
For safety reasons, most modern operating systems allow only users with the highest privileges ('root users') to program the kernel directly. However, there exist many application areas (e.g. in network packet processing) where 3rd party code would benefit from the ability to execute below the kernel boundary. In the Open Kernel Environment (OKE), we allow any party with the appropriate credentials to load fully optimised native code in a safe manner in the heart of the Linux kernel. Depending on the credentials the code will get more or less access to resources, such as CPU time, heap, stack, APIs, etc. The restrictions are enforced by a trusted compiler. In other words, the OKE offers a safe and flexible environment for programming the kernel. In this talk, I will give an overview of the OKE, and of the mechanisms that were used to restrict the modules.