Software Stack: Part 2: OS, OS Types and OS Internals

• demo: perf on a helloworld application
• demo: on a vulnerable application

need for OS:

• common functions / features
• security and integrity - multiple apps

diagram: OS as collection of libraries diagram: OS as a mediator layer

1. what makes an operating system
2. the operating system interface
3. privileged and unprivileged domain - domain transition
4. optimizing the OS interface
5. optimizing vs security: OS types
6. virtualization

1. What Makes and OS

• diagram: OS components + libc
• OS as a library, but not linked
• diagram: executable and instructions trigger the call to the OS (see more in the OS interface)
• build apps and run top of the OS
• intro in OS types (more on that later): microkernel, monolithic, unikernel / SASOS
• diagram: OS types
• demo: build Unikraft
• show: https://makelinux.github.io/kernel/map/

2. The OS Interface

• syscall interface
• entry points to the kernel features
• classes of calls
• demo: example of syscalls
• list of syscalls: https://blog.rchapman.org/posts/Linux_System_Call_Table_for_x86_64/, https://arm64.syscall.sh/, https://x64.syscall.sh/ overhead: write("/dev/null", buffer, 1000);
• demo: syscall overhead
• libcall vs syscalls: which libcalls do, do not or only sometimes do syscalls

3. Privileged and Unprivileged domains

• diagram: multi app
• kernel mode vs user mode https://www.youtube.com/watch?v=H4SDPLiUnv4
• kernel / user vs root / non-root
• diagram: kernel space, vs root/non-root - orthogonal
• possible actions in kernel mode, possible actions in user mode
• demo: run cli in assembly
• demo: use cr3 in assembly

4. Optimizing the OS Interface

• reminder: overhead
• move processing in user space
• move processing in kernel space
• demo: printf
• demo: sendfile
• upside and downsides of each

5. Optimizing vs Security: OS Types

• more user space: security but not performance: microkernels
• more of kernel space: performance but increased attack surface
• diagram: OS types

6. Virtualization

• what if the OS is faulty
• what if I want to run different applications for different tenants
• what if you want to run multiple different OSes
• diagram: virtualization

7. Takeaways

• OS has a dual role: provides core features; ensures system integrity by isolating applications
• isolation is done via a dual domain design: kernel mode and user mode
• system calls cause a domain switch, making them expensive
• Microkernel and monolithic design trade security vs performance
• Virtualization adds another layer; the hypervisor is for VMs / OSes what the OS is for applications

Slides

TODO