Trustworthy Systems

LionsOS: A highly dependable operating system for cyberphysical systems

Authors

Gernot Heiser

    School of Computer Science and Engineering
    UNSW,
    Sydney 2052, Australia

Published:

Keynote at International Symposium on Parallel Computing and Distributed Systems

Abstract

Cyberphysical and other embedded system are frequently security- or safety-critical. While in the past such systems might run on simple microcontrollers and were protected by air gaps, these days they use high-end multicore processors, frequently are distribute systems, and generally are internet-connected. This makes protection against external attackers, as well as resilience against internal component failures first-class safety/security issues. At the core of ensuring security and safety is the operating system (OS), which is in charge of controlling access so system resources a failure of the OS results in a failure of the system.

LionsOS, presently under development at the Trustworthy Systems group at UNSW Sydney, is designed to prevent such failure with the strength of mathematical proof. LionsOS is based on the seL4 microkernel, the world's first OS kernel with a proof of implementation correctness, and further proofs of security/safety enforcement. LionsOS adds to seL4 the kind of services developers need from an OS, such as I/O and resource management. Critically, LionsOS is designed to be verifiable itself, by leveraging seL4's verified isolation enforcement.

While verifying seL4 cost about a dozen person years for about 10,000 lines of code, the aim for LionsOS is to scale this to a system of the order of 100,000 lines of code over a period of about three years. This is enabled by a highly modular design based on strict separation of concerns combined with strict adherence to the time-honoured engineering principle KISS (keep it simple, stupid!) The modular design also enables location transparency, where different components can be distributed across and moved between processor cores. Initial evaluations of networking shows that LionsOS can outperform the mature Linux OS.

BibTeX Entry

  @misc{Heiser_24:pcds,
    author           = {Gernot Heiser},
    howpublished     = {Keynote at International Symposium on Parallel Computing and Distributed Systems},
    month            = sep,
    title            = {{LionsOS}: A Highly Dependable Operating System for Cyberphysical Systems},
    year             = {2024}
  }

Download