权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

CAREER: Taming the size, complexity and longevity of OS kernels via enhanced OS kernel extensions

职业：通过增强的操作系统内核扩展来控制操作系统内核的大小、复杂性和寿命

基本信息

批准号：
2236966
负责人：
Daniel Williams
金额：
$ 60.27万
依托单位：
Virginia Polytechnic Institute and State University
依托单位国家：
美国
项目类别：
Continuing Grant
财政年份：
2023
资助国家：
美国
起止时间：
2023-05-01 至 2028-04-30
项目状态：
未结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2236966&HistoricalAwards=false
关键词：
CAREER Taming size complexity longevity

项目摘要

Operating system (OS) kernels are the most fundamental softwarecomponent society depends on, underpinning the computing industry,from the clouds and datacenters that manage our data to the smartphones and other devices we all use daily. Unfortunately, they havegrown to be complex and have not kept pace with advances inprogramming languages and modular software design, instead strugglingto meet modern security and reliability threats to our computinginfrastructure. Moreover, there appears to be no clear path toincrementally evolve them and their unchecked complexity has become asignificant barrier to entry for students and practitioners to learnor innovate at the kernel level. This project seeks to remedy thisissue by create a safe kernel extension framework within the legacy OSkernel that enables it to be replaced in part or in its entirety withsafe components. Through this extension framework, the project willenable a practical, incrementally-adoptable mechanism forundergraduate, graduate students and practitioners to evolve kernelsto be safer and more reliable, improving national security and leadingto higher productivity for society and the national economy.This project aims to achieve three goals for the OS kernel: securityand robustness through language safety, robustness and incrementalupdate through componentization, and practical relevance throughbuilding upon existing kernel extension frameworks. The key insight inour approach is that a safe kernel extension framework can be createdwithin the legacy OS kernel that enables any part of it to be replacedvia bypass extensions, evolving the kernel towards a safe,componentized architecture, or in its entirety with a safe andspecialized in-situ kernel. Our integrated research and educationplan involves three broad research thrusts. First, we will exploreexpressiveness/safety tradeoffs for kernel extensions, and will designa new Rust-based kernel extension environment that provides similarsafety guarantees with a more expressive programming environment thanthe popular eBPF kernel extension framework in Linux. Second, we willexplore to what extent our enhanced safe kernel extensions can replaceindividual kernel components with bypass extensions and explore newcomponent boundaries in Linux. Finally, we will explore to what extentan entirely new in-situ kernel can be created from extensions,ultimately in the context of Linux. Our educational plan integratesthe research in courses and other initiatives involving open sourceand industry.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

操作系统(OS)内核是社会所依赖的最基本的软件组件，支撑着计算行业，从管理我们数据的云和数据中心到我们日常使用的智能手机和其他设备。不幸的是，它们变得越来越复杂，没有跟上编程语言和模块化软件设计的进步，相反，它们难以应对我们计算基础设施面临的现代安全和可靠性威胁。此外，似乎没有明确的路径来逐步发展它们，它们不受控制的复杂性已经成为学生和实践者在核心层面学习或创新的重要障碍。这个项目试图通过在遗留的OS内核中创建一个安全的内核扩展框架来解决这个问题，该框架使其能够部分或全部被安全组件取代。通过这个扩展框架，该项目将为本科生、研究生和实践者提供一个实用的、增量可采用的机制，使内核更安全、更可靠，改善国家安全，并为社会和国民经济带来更高的生产力。该项目旨在实现操作系统内核的三个目标：通过语言安全实现安全性和健壮性，通过组件化实现健壮性和增量更新，以及通过构建现有内核扩展框架实现实用相关性。我们方法中的关键见解是，可以在遗留操作系统内核中创建一个安全的内核扩展框架，使其任何部分都可以通过旁路扩展进行替换，从而使内核朝着安全、组件化的体系结构发展，或者使用安全和专门的就地内核进行整体升级。我们的综合研究和教育计划包括三个广泛的研究项目。首先，我们将探索内核扩展的表现力/安全权衡，并将设计一个新的基于Rust的内核扩展环境，该环境将提供类似的安全保证，并具有比Linux中流行的eBPF内核扩展框架更具表现力的编程环境。其次，我们将探索我们增强的安全内核扩展在多大程度上可以用绕过扩展取代单个内核组件，并探索Linux中新的组件边界。最后，我们将探索在多大程度上可以通过扩展创建一个全新的就地内核，最终是在Linux环境下。我们的教育计划整合了涉及开源和行业的课程和其他倡议的研究。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。