Concepedia

Publication | Closed Access

Safe kernel programming in the OKE

DOI

45

Citations

10

References

2003

Year

Herbert Bos, Bart Samwel

Unknown Venue

Abstract

This paper describes the implementation of the OKE, which allows users other than root to load native and fully optimised code in the Linux kernel. Safety is guaranteed by trust management, language customisation and a trusted compiler. By coupling trust management with the compiler, the OKE is able to vary the level of restrictions on the code running in the kernel, depending on the programmer's privileges. Static sandboxing is used as much as possible to check adherence to the security policies at compile time.

References

YearCitations

Efficient software-based fault isolation

Robert Wahbe, Steven Lucco, Thomas E. Anderson,

1993

1.2K

Extensibility safety and performance in the SPIN operating system

Brian N. Bershad, Stefan Savage, Przemysław Pardyak,

1995

949

The BSD packet filter: a new architecture for user-level packet capture

Steven McCanne, Van Jacobson

1993

869

Cyclone: A Safe Dialect of C

Trevor Jim, J. Greg Morrisett, Dan Grossman,

2002

617

Checking system rules using system-specific, programmer-written compiler extensions

Dawson Engler, Benjamin Chelf, Andy Chou,

Operating Systems Design and Implementation

2000

537

Safe kernel extensions without run-time checking

George C. Necula, Peter Lee

1996

502

Region-based memory management in cyclone

Dan Grossman, Greg Morrisett, Trevor Jim,

2002

404

Processes in KaffeOS: isolation, resource management, and sharing in java

Godmar Back, Wilson C. Hsieh, Jay Lepreau

Operating Systems Design and Implementation

2000

172

EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail

Nathaniel S. Borenstein

1994

131

Efficient packet monitoring for network management

Kostas G. Anagnostakis, Sotiris Ioannidis, Stefan Miltchev,

2003

49

Page 1