November 22, 2007
What is a Microkernel
When you are as immersed in this technology as many of us are, you can forget to explain the basics. At tradeshows I am frequently asked: “What is a Microkernel”
Well, let me begin my describing what a kernel is. A kernel is basically the software component of an operating system that runs in the privileged mode of a microprocessor. Since it runs in this privileged mode, it has unrestricted access to every resource in the system. What runs in privileged mode, which is how the kernel is defined, is basically a super being. It is lord of your computer system - It can do what ever it wants. It forms a necessary part of what we call the trusted computing base (TCB). The TCB is the part of the system that must be trusted because it can circumvent security policies.
Since the kernel runs in privileged mode, it is therefore true that a correctly functioning kernel is a prerequisite for the correct functionality of any other software unit in the system. This is why the kernel, running in privileged mode, is so critical to system security. It follows naturally that we should minimize what goes into the kernel. That is our philosophy at OK. We try to minimize what runs in the privileged mode of the microprocessor.
Our operating system is called a microkernel because it only contains a minimal set of abstractions. With these abstractions you can construct arbitrary operating systems personalities and policies.
The distinction is that your traditional operating systems, such as Windows and Linux and so fourth, run on a monolithic kernel. This means that the kernel is a complicated piece of software that runs a whole range of services like file systems, device drivers, vertical stacks and more. Where as with the microkernel philosophy, the microkernel contains only a very small set of abstractions, like web address bases and things that process communications. Then outside of the microkernel you can take advantage of those mechanisms provided by the microkernel to construct your traditional OS services. You do so outside of the kernel, outside of the privileged mode, in what’s called user mode. Therefore, you reduce the trusted computing base foundation of the secure resource.
You get the functionality of a large monolithic kernel with the safety and security of a microkernel.
Posted by Abi Nourai on November 22 at 07:03 PM
About Abi Nourai:
Abi Nourai, Technical Director-Europe recently relocated to OK Labs Paris office from Sydney. Abi is excited about using the L4 technology he helped develop as an undergraduate to solve 'real world' problems. He gets away from it all by attempting to get speeding tickets on the Old Pacific Highway through the bushland to the central coast in Australia. When not speeding, Abi is an avid skier, and he has skied all over the world.