ABSTRACT

As computer systems become increasingly mission-critical, used in life-critical situations, and relied upon to protect intellectual property, operating-system reliability is becoming an ever growing concern. In the past, mission- and life-critical embedded systems consisted of simple microcontrollers running a small amount of software that could be validated using traditional and informal techniques. However, with the growth of software complexity, traditional techniques for ensuring software reliability have not been able to keep up, leading to an overall degradation of reliability. This paper argues that microkernels are the best approach for delivering truly trustworthy computer systems in the foreseeable future. It presents the NICTA operating-systems research vision, centred around the L4 microkernel and based on four core projects. The seL4 project is designing an improved API for a secure microkernel, L4.verified will produce a full formal verification of the microkernel, Potoroo combines execution-time measurements with static analysis to determine the worst case execution profiles of the kernel, and CAmkES provides a component architecture for building systems that use the microkernel. Through close collaboration with Open Kernel Labs (a NICTA spinoff) the research output of these projects will make its way into products over the next few years.

1. INTRODUCTION

Operating-system reliability is a growing concern as computer systems are becoming increasingly mission-critical for many organisations. Furthermore, embedded computing systems are increasingly used to handle sensitive personal data. For example, in some countries people routinely perform financial transactions via their mobile phones, and an increasing number of countries use embedded computer systems to store and access sensitive medical information. Embedded systems are also increasingly being used in lifecritical situations, such as aircraft, automobiles and medical devices. Finally, personal computers as well as mobile devices are increasingly used to access valuable intellectual property, such as artistic media content, which the owners authorise for use under very restricted conditions.