IEEE Transactions on Computers - Special issue on architectural support for programming languages and operating systems
Two years of experience with a &mgr;-Kernel based OS
ACM SIGOPS Operating Systems Review
The impact of operating system structure on memory system performance
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Improving IPC by kernel design
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Communications of the ACM
The performance of μ-kernel-based systems
Proceedings of the sixteenth ACM symposium on Operating systems principles
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
A Linear Time Algorithm for Deciding Subject Security
Journal of the ACM (JACM)
The nucleus of a multiprogramming system
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
Pragmatic Nonblocking Synchronization for Real-Time Systems
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Policy/mechanism separation in Hydra
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
A comment on the confinement problem
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
The Cambridge CAP computer and its protection system
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
Preventing Denial-of-Service Attacks on a P-Kernel for WebOSes
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Flexible Access Control using IPC Redirection
HOTOS '99 Proceedings of the The Seventh Workshop on Hot Topics in Operating Systems
Vulnerabilities in Synchronous IPC Designs
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Fast Component Interaction for Real-Time Systems
ECRTS '05 Proceedings of the 17th Euromicro Conference on Real-Time Systems
Itanium: a system implementor's tale
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Kernel design for isolation and assurance of physical memory
Proceedings of the 1st workshop on Isolation and integration in embedded systems
Organization and features of the Michigan terminal system
AFIPS '72 (Spring) Proceedings of the May 16-18, 1972, spring joint computer conference
Taming subsystems: capabilities as universal resource access control in L4
Proceedings of the Second Workshop on Isolation and Integration in Embedded Systems
The multikernel: a new OS architecture for scalable multicore systems
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
NOVA: a microhypervisor-based secure virtualization architecture
Proceedings of the 5th European conference on Computer systems
The OKL4 microvisor: convergence point of microkernels and hypervisors
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Redesigning xen's memory sharing mechanism for safe and efficient I/O virtualization
WIOV'10 Proceedings of the 2nd conference on I/O virtualization
Making information flow explicit in HiStar
Communications of the ACM
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
Timing Analysis of a Protected Operating System Kernel
RTSS '11 Proceedings of the 2011 IEEE 32nd Real-Time Systems Symposium
Improving interrupt response time in a verifiable protected microkernel
Proceedings of the 7th ACM european conference on Computer Systems
Flattening hierarchical scheduling
Proceedings of the tenth ACM international conference on Embedded software
Correct, fast, maintainable - choose any three!
APSys'12 Proceedings of the Third ACM SIGOPS Asia-Pacific conference on Systems
seL4: From General Purpose to a Proof of Information Flow Enforcement
SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
Shrinking the hypervisor one subsystem at a time: a userspace packet switch for virtual machines
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Hi-index | 0.00 |
The L4 microkernel has undergone 20 years of use and evolution. It has an active user and developer community, and there are commercial versions which are deployed on a large scale and in safety-critical systems. In this paper we examine the lessons learnt in those 20 years about microkernel design and implementation. We revisit the L4 design papers, and examine the evolution of design and implementation from the original L4 to the latest generation of L4 kernels, especially seL4, which has pushed the L4 model furthest and was the first OS kernel to undergo a complete formal verification of its implementation as well as a sound analysis of worst-case execution times. We demonstrate that while much has changed, the fundamental principles of minimality and high IPC performance remain the main drivers of design and implementation decisions.