The jury is in: Monolithic OS design is flawed

Authors

Simon Biggs, Damon Lee and Gernot Heiser

UNSW Sydney\ DATA61

Abstract

The security benefits of keeping a system’s trusted computing base (TCB) small has long been accepted as a truism, as has the use of internal protection boundaries for limiting the damage caused by exploits. Applied to the operating system, this argues for a small microkernel as the core of the TCB, with OS services separated into mutually-protected components (servers) – in contrast to “monolithic” designs such as Linux, Windows or MacOS. While intuitive, the benefits of the small TCB have not been quantified to date. We address this by a study of critical Linux CVEs, where we examine whether they would be prevented or mitigated by a microkernel-based design. We find that almost all exploits are at least mitigated to less than critical severity, and 40% completely eliminated by an OS design based on a verified microkernel, such as seL4.

BibTeX Entry

  @inproceedings{Biggs_LH_18,
    address          = {Korea},
    author           = {Biggs, Simon and Lee, Damon and Heiser, Gernot},
    booktitle        = {Asia-Pacific Workshop on Systems (APSys)},
    date             = {2018-8-27},
    doi              = {https://doi.org/10.1145/3265723.3265733},
    keywords         = {Linux, microkernel, {seL4}, verification, exploit, operating system structure},
    month            = aug,
    numpages         = {7},
    paperurl         = {https://trustworthy.systems/publications/full_text/Biggs_LH_18.pdf},
    publisher        = {ACM SIGOPS},
    title            = {The Jury Is In: Monolithic {OS} Design Is Flawed},
    year             = {2018}
  }

Download

• Full text
• Slides | BibTeX