CSE 221 - Operating Systems - Notes on "HYDRA - The Kernel of Multiprocessor Operating System"

Question:

How is a Hydra procedure different from the procedures we are familiar with in a typical language and runtime environment?

Answer:

Specific considerations for Hydra

Multiprocessor environment
- not many implementation of multiprocessor systems - should be conservative
Separation of mechanism and policy
Integration of design with implementation methodology
Rejection of strict hierarchical layering
Protection
Reliability

3 critical concepts

Procedure
LNS (Local namespace)
Process
capability consists of a reference to an object together with a collection of “access rights” to that object.
Make a procedure call (system call?) which creates a new LNS from the callee based on capability.
Process is the smallest entity schedulable for execution
argue hierarchical structures are bad for security
each object has a capability which is only modifiable by the kernel and data, representing the data behind the object

kernel provides the walk primitive

input: capability and nonnegative integer
output: the capability that occupies the cap in the part of the object named by the parameter capability

Users have access to procedures, which also have access to some amount of object data

Hydra is based on security and capabilities
separating mechanism (the ability to do an action) from policy (condition enforcing a mechanism). -

Most systems today use ACLs, hydra proposes capabilities

ACL
- example: Files today have ACLs which are owner, group, other, with policies RWX. When showing up to perform a mechanism, need to show identity in order to perform an action
- Data stored on the object with the list of “people” who can access and what they can do.
Capabilities
- Issued a key which “unlocks” ability to perform action on a number of different objects
- Data associated with available actions is a list of objects with the specific actions allowed for that user.

Local Namespace

Procedures