Operating Systems Lecture Notes

23 April 2012 • Web Operating Systems

---

Outline

Introduction

• A read-only web; writing and computing is hard.
• Want distributed, available, scalable, reconfigurable applications.
• Dynamic reconfiguration and mobility.
  • overall availability, better performance, increased resiliency.
• Existing technologies include active networks and Java.

Approach

• Application-independent middleware (an OS in the clouds).
  • Process management over users.
  • Distributed file systems.
  • Security and rights management.
• Possible applications include content distribution (CDNs) and virtual server farms.

Techniques

• Global naming is transparent, but influenced by requirements.
  • The closest or fastest.
• File systems (name-object mappings) with caching and replication.
• Authentication and access across autonomous domains.
• Process management as system and user levels.
• The split between local and global (distributed) function. Should there even be one?

Naming

• Abstractions for location-independent, dynamic naming.
  • Named entities may change in scope (replication, for example) and location.
• Name resolution also caters to, for example, load balancing and availability.

Persistent Shared State

• State that exists independent of readers and writers, which are unconstrained by the state.
• Shared state is a more natural model than explicit networking.
  • But there’s a lot of expensive assumptions lurking.
  • Consistency and coherence being two big ones.
• Consistent and coherent shared state is an important abstraction.

The Man

• Quotidian and extraordinary (which is also quotidian) protection.
  • Quotidian protection supports recognized activities.
  • Extraordinary protection prevents unrecognized (or unwanted) activities.
• Extraordinary protection is universal; quotidian protection is local.
• Abstractions must distribute quotidian protection outward along with the implementation.

Certificates

• A certificate is a grant of transferable rights.
  • A.k.a capabilities.
• Reference monitors are responsible for certificate verification and validation.
  • This can be a chain-of-trust model, or something more nebulous (webs of trust).
• Other requirements include delegation and revocation.

Domains

• A security domain is an environment (resource set) satisfying a certificate.
  • Allowing what’s allowed; denying (or disabling) what’s not.
• Security domains are not portable, but should seem to be so.
  • The security manager constructs the domain from, among other things, the certificate.

Roles

• Not all certificate rights are appropriate in all security domains.
  • The agent can do lots of things, the client (domain) should do only what’s necessary.
• A role is a function with a particular set of minimal permissions.
  • Roles are created by agents from their problems and credentials.
  • This is similar to role-based protection.

Authorization

• Given an authentic agent and an expected operation, can the agent do the operation?
  • Is the client authorized?
• The access-control list (ACL) is the abstraction in support.
  • Capacities vs ACLs.
• Reference monitors translate certificates into principals for ACLs.

Process Control

• Extended local abstractions over remote processors.
  • Local safety via separate address spaces.
  • Fair resource allocations.
• The problem is to extend these properties to remote processors.

Process Management

• Remote requests arrive at resource managers on each site.
• Resource managers create and hand-off requests to virtual machines.
  • Virtual machines interact with reference monitors.
  • Resources are allocated to virtual machines, then to processes.
  • Essentially a “portable” security domain.

Summary

• Operating-system functions can be exported through-out the cloud.
  • As an operating system.
• Dynamic resource placement enables useful naming, balance, and tolerance.
• Fine-grained, role managed security extends to security domains over the network.

References

• WebOS: Operating System Services for Wide-Area Applications by Amin Vahdat and others in Proceedings of the 7th IEEE International Symposium on High Performance Distributed Computing, July, 1998.

---

This page last modified on 2012 April 25.