Building a New OS: Architectural & Security Implementations
1. Building A New Operating
System
Subhajeet Mukherjee @ SfBayACM
Subhajeet Mukherjee - SfBayACM
Slides URL: http://bit.ly/071718
July 17, 2018
2. Agenda-
• Structural & Architectural Differences Between Major Operating
System Families [Q&A > 3-5 minutes]
• Security Implementations Across Major Operating Systems [Q&A > 3-
5 minutes]
• Architectural & Security Implementation In The OS That I’ve been
Working On [Q&A > 5 minutes]
Subhajeet Mukherjee - SfBayACM07/17/18
6. Major Families-
• Unix Family != UNIX
• Variants & Derivatives: BSD, XNU(Kernel), Darwin
• Windows NT Family
• Any Windows since 1993
• Unix-Like Family
• Android
• Uses Linux (Kernel)
Subhajeet Mukherjee - SfBayACM07/17/18
7. Major Differences-
Unix Family
• Windowing system is separate
and runs in the user space
• File Systems vary depending on
the versions. (UFS, Open ZFS)
Windows NT Family
• Windowing system doesn’t run
in the user space but uses
privileged mode to increase
graphics performance
• Almost consistent until now with
Proprietary NTFS. Also has other
proprietary file systems by
Microsoft
Subhajeet Mukherjee - SfBayACM07/17/18
10. Security Key Points-
• Kernel Level Security
• Computer security at very low level
• File Systems Security
• Encryption Technologies
• Includes File System’s structural security, permissions etc.
• User Level Security
• Includes passwords, username check
11. Security-
• ASLR (Address Space Layout Randomization) !General Computer
Security Topic!
• Prevents Memory corruption vulnerabilities
• Arranges address spaces by randomizing positions of key data
areas of a process, the base of the executable and the positions of
heaps, stacks etc.
• KASLR (Kernel Address Space Layout Randomization)
• Same thing, but with Kernel.
• There’s another thing called KARL. (will come back to this later)
12. File Systems Security-
• Prevention of race conditions
• Basically, if more than one program attempt to access and modify
a file system, is when race condition happen as this can lead to
corrupted data.
• Access Control
• Basic Read Write Execute Permissions
• Data Protection
• Having Backups and Recovery
• Various Encryption Concepts
07/17/18 Subhajeet Mukherjee - SfBayACM
16. Security-
• Kernel level security
• Will support KARL as it inherits security components from
OpenBSD.
• KARL stands for Kernel Address Randomization Link
• Very similar to KASLR but slightly different as it doesn’t change
the location of the kernel
• Combining both KASLR method will make it hard for the
attacker
• File system support
• Supports UFS and ZFS
17. Hardware Support-
• Currently supports Intel x86-64 Processors
• Eventually plans to shift towards RISC-V (Parallelly being simulated)
• Benefits include:
• Open Instruction Set Architecture
• Royalty Free
18. Graphics APIs Support-
Open GL
• Sequential execution of operations
• Super hard to debug in terms of
concurrency
• One global state machine
• GPU sync and memory are not usually
visible
• 49 fps on average in (eg. Mad Max)
Supports Vulkan
• Better handling towards Multi-threading
• Multi-threading friendly
• Object based without any state
• User has control over memory sync.
• 128 on average in (eg. Mad Max)
CPU Efficiency Comparison (arm):
https://www.youtube.com/watch?v=rvCD9F
aTKCA
07/17/18 Subhajeet Mukherjee - SfBayACM
21. Round Focus-
07/17/18 Subhajeet Mukherjee - SfBayACM
• The user gets notified about something while the user is working on
something crucial
• When the user clicks on it, the elements inside the application lead
him to switch to a different application (high probability)
• The user holds a high probability to fall in a loop depending on what
he is working on and thus loses focus on the priority
22. Some High-Level Reasons-
• Humans in general should evolve with technology instead of just
being consumers
• Ambiguous gestures reduce usability and consistency
• Notifications and Multitasking reduce productivity:
• Round Focus: https://www.youtube.com/watch?v=kX2Z5GnJmpE
• Survey and Research by companies and institutions:
https://bit.ly/2zI73sd
07/17/18 Subhajeet Mukherjee - SfBayACM
23. High-Level Solution Implementations In This OS-
• Timed Notification System
• Reduced Gestures
• Reduced Multitasking
• Scrollable and Unobtrusive User Interface
• Usability and Accessibility
07/17/18 Subhajeet Mukherjee - SfBayACM
24. References-
• Golftheman (2008, July 17). Monolith-, Micro- and a "hybrid" kernel, a draft of
new version. Retrieved from: https://commons.wikimedia.org/wiki/File:OS-
structure2.svg
• David A Wheeler (2007). Free software licenses in a spectrum. Retrieved from:
https://www.linuxvoice.com/the-fight-for-freedom &
https://en.wikipedia.org/wiki/Free_software_license#/media/File:Software_licen
sing_spectrum.png
• CPU Efficiency Comparison (arm). [Video] Retrieved from YouTube:
https://www.youtube.com/watch?v=rvCD9FaTKCA
• Hacker News, Y Combinator. Retrieved from Hacker News:
https://news.ycombinator.com/item?id=14542874
Hello Everybody, First of all, thank you for hosting me. So, this talk will be on the intermediate level. Not super technical nor super conceptual. By the way If anyone wants to access the slides it's on this link.
So, L and I had extensive conversations on what to include and what not. Generally, talking about Operating System includes a whole range of concepts in CS. So,1 hour is probably not enough. Also, I don't like monotonous lectures so, I've divided the talk in three sections and after section, I'll take questions, so, that we've the interactive flow.
I thought of talking about licenses at the first place because that is one of the crucial aspects in terms of usage.
I categorized it with two main divisions, one is permissive and the other one is protective
XNU has 4.3bsd mach and freebsd
Darwin mostly monolithic
people sometimes confuse linux with os
by windowing system I mean things like X window system or wayland
On the other hand windows nt family since vista uses DWM (desktop window manager)
The whole ASLR term was coined by the Linux community
Notice that there's an ML Layer. I'm using tensorflow in the DE.