On secure, dynamic customizing of a meta-space-based operating system
Date
2017-10-30
Authors
Horie, Michael
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Continuing advances in hardware and in software applications are pushing traditional
operating systems beyond their limits. This is largely due to the fact that these advances,
and their associated requirements, were not foreseen at operating system design time.
This becomes particularly apparent with multimedia applications, whose demands for
guaranteed quality of service differ considerably from those of most traditional applications.
To ensure that many future requirements will be met, along with many existing
demands, one solution is to allow applications to customize their operating system
throughout its life-time. However, opening up an operating system to application-initiated
changes can compromise the integrity of the system, suggesting the need for a security
model. Like any other aspect of a customizable system, such a security model
should be securely customizable, too. Therefore, this dissertation introduces MetaOS, a
securely- and dynamically-customizable operating system which has a securely- and
dynamically-customizable security model.
MetaOS employs four types of building blocks: meta-levels, meta-spaces, meta-objects,
and meta-interfaces. Meta-levels localize customizable system services. Meta-spaces
act as firewalls which prevent custom alterations from affecting unrelated meta-spaces
and their applications. Meta-objects help to modularize meta-spaces into
smaller, easier-to-maintain components. Finally, meta-interfaces provide the heart of the
secure customizing model. MetaOS meta-interfaces are strictly divided into declarative and imperative interfaces,
providing a basis on which to distinguish between calls which only affect the
invoking application (i.e., local-effect calls), and calls which could affect other applications
as well (i.e., meta-space-wide-effect calls). By giving free access to the former, but
limiting access to the latter, a basic balance between flexibility and security can be
struck. Additional flexibility is achieved by allowing new local and meta-space-wide-effect
calls to be added dynamically, by permitting untrusted applications to negotiate
changes with trusted meta-space managers, and by allowing untrusted applications to
migrate to cloned meta-spaces and alter them as necessary.
Description
Keywords
Operating systems (Computers)