Andrew S. Tanenbaum, Jorrit N. Herder, and Herbert Bos

Vrije Universiteit, Amsterdam

Microkernels—long discarded as unacceptable because of their lower performance

compared with monolithic kernels—might be making a comeback in operating systems

due to their potentially higher reliability,which many researchers now regard as more

important than performance.

When was the last time your TV set crashed

or implored you to download some emergency

software update from the Web? After

all, unless it is an ancient set, it is just a computer

with a CPU, a big monitor, some analog

electronics for decoding radio signals, a couple of

peculiar I/O devices—a remote control, a built-in VCR

or DVD drive—and a boatload of software in ROM.

This rhetorical question points out a nasty little secret

that we in the computer industry do not like to discuss:

Why are TV sets, DVD recorders, MP3 players, cell

phones, and other software-laden electronic devices reliable

and secure but computers are not? Of course there

are many “reasons”—computers are flexible, users can

change the software, the IT industry is immature, and

so on—but as we move to an era in which the vast

majority of computer users are nontechnical people,

increasingly these seem like lame excuses to them.

What consumers expect from a computer is what they

expect from a TV set: You buy it, you plug it in, and it

works perfectly for the next 10 years. As IT professionals,

we need to take up this challenge and make computers

as reliable and secure as TV sets.

The worst offender when it comes to reliability and

security is the operating system. Although application

programs contain many flaws, if the operating system

were bug free, bugs in application programs could do

only limited damage, so we will focus here on operating

systems.

However, before getting into the details, a few words

about the relationship between reliability and security

are in order. Problems with each of these domains often

have the same root cause: bugs in the software. A buffer

overrun error can cause a system crash (reliability problem),

but it can also allow a cleverly written virus or

worm to take over the computer (security problem).

Although we focus primarily on reliability, improving

reliability can also improve security.

WHY ARE SYSTEMS UNRELIABLE?

Current operating systems have two characteristics

that make them unreliable and insecure: They are huge

and they have very poor fault isolation. The Linux kernel

has more than 2.5 million lines of code; the Windows

XP kernel is more than twice as large.

One study of software reliability showed that code

contains between six and 16 bugs per 1,000 lines of executable

code,1 while another study put the fault density

at two to 75 bugs per 1,000 lines of executable code,2

depending on module size

.................................

全文可以直接下载附件。。。。。。。。。。。。。。。

Can We Make Operating Systems Reliable and Secure?的更多相关文章

  1. 对Can We Make Operating Systems Reliable and Secure 的翻译

    摘要:微内核-相对于大内核(monolithic kernels)来说,由于它的 lower performance,长期以来被认为是不可接受的.而现在,由于它潜 在的高可靠性(higher reli ...

  2. Modern Operating Systems(Ⅰ)——2014.12.15

    进程   进程模型     进程就是一个正在执行的程序的实例  值得注意的是,若一个程序运行了两遍,则算作两个进程 创建进程 在通用系统中,有四种主要事件导致进程的创建 ①系统的初始化 ②执行了 正在 ...

  3. [No00003D]操作系统Operating Systems信号量的代码实现Coding Semaphore &死锁处理Deadlock

    操作系统Operating Systems信号量的代码实现Coding Semaphore &死锁处理Deadlock 可以操刀了—从纸上到实际 从Linux 0.11 那里学点东西… 读磁盘 ...

  4. [No00003C]操作系统Operating Systems进程同步与信号量Processes Synchronization and Semaphore

    操作系统Operating Systems进程同步与信号量Processes Synchronization and Semaphore 进程合作:多进程共同完成一个任务 从纸上到实际:生产者− − ...

  5. [No00003A]操作系统Operating Systems 内核级线程Kernel Threads内核级线程实现Create KernelThreads

    开始核心级线程 内核级线程对多核的支持怎么样? 和用户级相比,核心级线程有什么不同? ThreadCreate 是系统调用,内核管理TCB ,内核负责切换线程 如何让切换成型? − − 内核栈,TCB ...

  6. Operating Systems (COMP2006)

    Operating Systems (COMP2006) 1st Semester 2019Page 1, CRICOS Number: 00301JOperating Systems (COMP20 ...

  7. the virtual machine is configured for 64-bit guest operating systems

    Security--Virtualization--Inter(R) Virtualization Technolog 设置为enable 本机安装的是WIN 7 ,详细版本是:Windows 7 U ...

  8. Method of address space layout randomization for windows operating systems

    A system and method for address space layout randomization ("ASLR") for a Windows operatin ...

  9. CMPT 300 – Operating Systems

    Assignment 4 – Create Simple YetFunctional File SystemCMPT 300 – Operating SystemsPlease submit a zi ...

随机推荐

  1. TensorFlow中的通信机制——Rendezvous(二)gRPC传输

    背景 [作者:DeepLearningStack,阿里巴巴算法工程师,开源TensorFlow Contributor] 本篇是TensorFlow通信机制系列的第二篇文章,主要梳理使用gRPC网络传 ...

  2. 使用MySQL组复制的限制和局限性

    本节列出和解释了组复制相关的要求和限制. 1.组复制的要求 要使用组复制,每个MySQL节点必须满足以下条件: 1.1 基本要求 InnoDB存储引擎:数据必须存储在事务型的InnoDB存储引擎中.事 ...

  3. oracle9i的erp数据库无法正常关闭的解决方法。

    oracle9i版本的ERP数据库无法正常关闭. 场景描述:oracle9i数据库正常关闭的时候,hang住在一个地方无法正常关闭. 解决思路:查看alert日志,分析问题. [oraprod@erp ...

  4. 如何将各种低版本的discuz版本升级到discuz x3.0

    最近在做discuz改版的项目,遇到了很多问题,相信很多拥有discuz论坛的版主,站长和程序猿在升级或改版discuz的过程中遇到过和我一样的问题,所以我开了一个discuz专栏,为大家讲解一下di ...

  5. C#实现多态之接口。

    一.什么是接口? 接口就是一种规范协议,约定好遵守某种规范就可以写通用的代码. 定义了一组具有各种功能的方法(只是一种能力,没有具体实现,就像抽象方法一样,“光说不做”). 理解:内存该做成什么样的: ...

  6. 从零开始学安全(五)●Vmware虚拟机三种网络模式详解

    vmware为我们提供了三种网络工作模式,它们分别是:Bridged(桥接模式).NAT(网络地址转换模式).Host-Only(仅主机模式). NAT(网络地址转换模式) NAT(网络地址转换)vm ...

  7. 从零开始学安全(三)●黑客常用的windows端口

    端口可选1-65536 1-1024 预保留端口 留给windows系统服务的 下面是常见的端口对应的服务 1 TCP Port Service Multiplexer 传输控制协议端口服务多路开关选 ...

  8. myeclipse无法部署项目的解决

    一.问题 myeclipse无法部署项目,点击这个部署按钮没有反应. 二.解决办法 1.找到myeclipse的工作空间,也就是启动时的那个项目保存的空间,我的是在D:\myeclipse_works ...

  9. Retrofit2 原理解析

    Retrofit是什么 官网介绍是A type-safe HTTP client for Android and Java,是一个 RESTful 的 HTTP 网络请求框架的封装,但网络请求不是Re ...

  10. Java并发编程-ReentrantReadWriteLock

    基于AQS的前世今生,来学习并发工具类ReentrantReadWriteLock.本文将从ReentrantReadWriteLock的产生背景.源码原理解析和应用来学习这个并发工具类. 1. 产生 ...