OSmosis: No more Déjà vu in OS isolation

Authors

Sidhartha Agrawal, Reto Achermann and Margo Seltzer

Venue

arXiv Preprint

Links

[ .doi ] [ .pdf ] [ .bib ]

Abstract

Operating systems provide an abstraction layer between the hardware and higher-level software. Many abstractions, such as threads, processes, containers, and virtual machines, are mechanisms to provide isolation. New application scenarios frequently introduce new isolation mechanisms. Implementing each isolation mechanism as an independent abstraction makes it difficult to reason about the state and resources shared among different tasks, leading to security vulnerabilities and performance interference. We present OSmosis, an isolation model that expresses the precise level of resource sharing, a framework in which to implement isolation mechanisms based on the model, and an implementation of the framework on seL4. The OSmosis model lets the user determine the degree of isolation guarantee that they need from the system. This determination empowers developers to make informed decisions about isolation and performance trade-offs, and the framework enables them to create mechanisms with the desired degree of isolation.

Bibtex

@article{Agrawal:2023:OND,
 author = {Agrawal, Sidhartha and Achermann, Reto and Seltzer, Margo},
 doi = {10.48550/arXiv.2309.09291},
 eprint = {2309.09291},
 eprintclass = {cs.OS},
 eprinttype = {preprint},
 id = {Agrawal:2023:OND},
 journal = {arXiv Preprint},
 publisher = {2309.09291},
 title = {OSmosis: No more Déjà vu in OS isolation},
 url = {https://doi.org/10.48550/arXiv.2309.09291},
 year = {2023}
}

Contact

The University of British Columbia
Department of Computer Science
2366 Main Mall
ICICS Building, Office 341
Vancouver, BC V6T 1Z4
Canada

achreto [at] cs.ubc.ca
+1 604 827 2446