Skip to content

Basekernel Vision

Jump to bottom
Douglas Thain edited this page Jan 22, 2018 · 1 revision

Basekernel is a research project in open source kernel design at the University of Notre Dame. The primary goal is to explore new concepts in operating system abstractions by simply building and using them. The secondary goals are to give students experience designing and working with kernel code.

Basekernel has many of the same concepts that you will find in classic operating systems. It consists of a monolithic kernel that implements the abstractions needed to run user-level programs: multiple processes run in separate address spaces, a filesystem is used to store persistent state, and a windowing system is used for graphical display. That said, Basekernel is not meant to be a clone of any other system, such as Unix or Windows or Multics. We are happy to re-use good ideas from those systems when possible, but "Do it like Unix" is not the design goal.

The key idea underlying the design of Basekernel is "hierarchical containment". Simply stated, each process in the system may only access a subset of the namespace and resources accessible to its parent process. And, a parent process is free to revoke its children's access to resources at any time. While easily stated, most contemporary operating systems violate this principle in many ways large and small that make it very difficult to run an untrusted process in any reliable way. By designing Basekernel around this principle, we aim to create a system that is trustworthy and performant when simply used in the obvious and most direct way.

It's not hard to see how the principle of hierarchical containment can be applied to operating systems abstractions. Here are a few examples:

  • Process Management: A parent process can always kill its children, but a child can never kill its parent. (And a child can kill its grand-children, and so on.)
  • Filesystem: A parent can restrict the "root" directory seen by a child process, forcing it to live in a sub-tree. (And a child can restrict its children, and so on.)
  • Files: A parent could pass a set of open files to a child, and disallow it from opening any further files. (And a child could pass a subset of those open files to its children.)
  • Display: A parent process can restrict a child to writing to a subset of its display window. (And a child could restrict its children likewise.)

To explore this idea, our focus is on the abstractions of the operating system: process management, filesystems, displays, and so forth. We are most interesting in understanding how these abstractions must be designed so as to permit the principle of hierarchical containment. This requires carefully designing system call APIs and then experimenting with user-level programs to understand if the abstractions are useful in practice.

To be clear, we are less interested in the low level of the operating system, such as disk drivers, display acceleration, varying processor support, and that sort of thing. Those things need to work, of course, but we generally value simplicity instead over raw performance and maximum portability, so that the low level drivers don't become a distraction.

Basekernel is by no means done and so you will find that this vision is not fully implemented. Some of these ideas are partially present in code, others are not present at all. We invite and welcome any contributions from students or the general public that move the code toward this vision. If you have ideas for writing a large amount of code, please get in touch with us to discuss your ideas before making a gigantic pull request.

Clone this wiki locally