On secure, dynamic customizing of a meta-space-based operating system




Horie, Michael

Journal Title

Journal ISSN

Volume Title



Continuing advances in hardware and in software applications are pushing traditional operating systems beyond their limits. This is largely due to the fact that these advances, and their associated requirements, were not foreseen at operating system design time. This becomes particularly apparent with multimedia applications, whose demands for guaranteed quality of service differ considerably from those of most traditional applications. To ensure that many future requirements will be met, along with many existing demands, one solution is to allow applications to customize their operating system throughout its life-time. However, opening up an operating system to application-initiated changes can compromise the integrity of the system, suggesting the need for a security model. Like any other aspect of a customizable system, such a security model should be securely customizable, too. Therefore, this dissertation introduces MetaOS, a securely- and dynamically-customizable operating system which has a securely- and dynamically-customizable security model. MetaOS employs four types of building blocks: meta-levels, meta-spaces, meta-objects, and meta-interfaces. Meta-levels localize customizable system services. Meta-spaces act as firewalls which prevent custom alterations from affecting unrelated meta-spaces and their applications. Meta-objects help to modularize meta-spaces into smaller, easier-to-maintain components. Finally, meta-interfaces provide the heart of the secure customizing model. MetaOS meta-interfaces are strictly divided into declarative and imperative interfaces, providing a basis on which to distinguish between calls which only affect the invoking application (i.e., local-effect calls), and calls which could affect other applications as well (i.e., meta-space-wide-effect calls). By giving free access to the former, but limiting access to the latter, a basic balance between flexibility and security can be struck. Additional flexibility is achieved by allowing new local and meta-space-wide-effect calls to be added dynamically, by permitting untrusted applications to negotiate changes with trusted meta-space managers, and by allowing untrusted applications to migrate to cloned meta-spaces and alter them as necessary.



Operating systems (Computers)