A Framework for Easily and Efficiently Extending Operating Systems

Extensible operating systems enable the users to extend their functions by adding extension modules on demand. Such operating systems need a fail-safe mechanism for protecting the systems from erroneous extension modules. However, the mechanism with the full capability of the protection has implied serious performance penalties. To address this problem, we propose a new fail-safe mechanism called multi-level protection. It allows the users to install an extension module in the operating system at various protection levels without changing the module, and thereby, the users can run the module at the minimum protection level to avoid performance penalties. For example, they can choose a higher level for an unstable module, but a lower one for a stable module. We have implemented the CAPELA operating system for the multi-level protection on the basis of NetBSD. CAPELA provides multiple protection managers of various protection levels so that the users can choose one of the protection managers and easily change the protection level. We constructed file system modules and network subsystem modules on top of CAPELA. Also, we confirmed that the performance of the extension modules is improved if the protection level is lowered. When the overheads of the maximum protection level are between 70\% and 220\%, compared with those of the minimum protection level. On the other hand, the overheads of the minimum protection level are between 1.3\% and 12\%, compared with those of the hand-crafted version.