CN114861193A - Method and system for isolating resources of microkernel operating system - Google Patents

Method and system for isolating resources of microkernel operating system Download PDF

Info

Publication number
CN114861193A
CN114861193A CN202210501191.4A CN202210501191A CN114861193A CN 114861193 A CN114861193 A CN 114861193A CN 202210501191 A CN202210501191 A CN 202210501191A CN 114861193 A CN114861193 A CN 114861193A
Authority
CN
China
Prior art keywords
resource
user
resources
isolation
user mode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210501191.4A
Other languages
Chinese (zh)
Inventor
黄逸博
古金宇
陈榕
陈海波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiaotong University
Original Assignee
Shanghai Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiaotong University filed Critical Shanghai Jiaotong University
Priority to CN202210501191.4A priority Critical patent/CN114861193A/en
Publication of CN114861193A publication Critical patent/CN114861193A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/4881Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5016Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals the resource being the memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)

Abstract

The invention provides a method and a system for isolating resources of a microkernel operating system, which comprise the following steps: the CPU resource and the memory resource of each process are managed by utilizing the abstraction of the resource container; implementing a device bandwidth isolation mechanism inside a relevant user mode server; the process sandbox mechanism is implemented based on a capability mechanism. Compared with the prior art, the invention provides a new micro-kernel operating system resource isolation mechanism aiming at the resource isolation problem in the cloud computing scene, and the mechanism ensures the light weight, realizes stronger resource isolation than the current container technology and well meets the leading-edge requirements of the current industry.

Description

Method and system for isolating resources of microkernel operating system
Technical Field
The invention relates to the technical field of microkernel operating systems, in particular to a microkernel operating system resource isolation method and system, and particularly relates to a lightweight microkernel operating system resource isolation method and system.
Background
Achieving a good resource isolation mechanism is a fundamental requirement of cloud computing environments. A typical physical resource on a computer includes a Central Processing Unit (CPU), a memory, a network, and an external storage device. In a traditional non-cloud computing use scene, a user deploys own computing tasks to own purchased physical machines, and the user shares the physical machines independently without the problem of resource isolation. In a cloud computing scenario, computing tasks of users are deployed on virtual machines provided by a cloud service provider, and computing tasks of multiple users may actually share the same physical machine. The cloud server must implement a resource isolation mechanism to isolate the resources used by the computing tasks of the various users.
The mainstream resource isolation mechanism in the current cloud computing environment includes virtualization technology, container technology, and language level virtual machine technology. The three resource isolation mechanisms are very different in lightness and isolation. Briefly, virtualization technology is the most isolated and cumbersome. The isolation and lightweight of container technology is intermediate between virtualization technology and language level virtual machine technology. The language level virtual machine technology has the characteristics of weakest isolation and lightest weight.
From the economic perspective, cloud service providers want to deploy as many user computing tasks as possible onto as few physical machines as possible, so as to achieve the purpose of saving cost, which requires that resources used by the cloud service providers are light in weight in an isolation mechanism. From the perspective of security, users expect that their computing tasks are well isolated from those of other users, which requires that the resource isolation mechanism used by the cloud service provider is very isolated.
Therefore, it is desirable to develop a resource isolation mechanism with isolation and lightweight to achieve these two objectives. The current mainstream resource isolation mechanisms cannot have strong isolation and light weight. Specifically, the virtualization technology is strong enough in isolation but not light enough, the container technology has a problem that a Trusted Computing Base (TCB) is too large, the isolation is not sufficient, and the language-level virtual machine technology is light enough but the isolation is not satisfactory.
Patent document CN109086100B discloses a security architecture and a security service method of a high-security trusted mobile terminal, which includes hardware, a microkernel Hyp, a main operating system MOS, a very simple trusted isolated environment STEE, and a core controller CSC. The method comprises the steps that a novel mobile terminal security architecture is realized on the basis of a virtualization technology, and a microkernel Hyp is realized on a virtual machine management layer, so that all main systems are subjected to monitoring and security management of the microkernel Hyp on the access of hardware; dynamic security measurement is carried out on the kernel of the main system in the microkernel Hyp, the security of the kernel is monitored in real time, and when the kernel is detected to be damaged, the kernel is quickly switched to a backup system, so that the function of the kernel is not influenced; and combining the virtual isolation technology of the virtual machine and the hardware isolation capability of the TrustZone to construct a plurality of extremely simple trusted isolation environments STEEs and realize that independent trusted applications TA are operated in different STEEs, so that the complexity of a trusted isolation environment system is reduced and the separation of the TA is realized. However, the method aims to provide memory isolation between the key application and the common application, and does not solve the technical problems that resource isolation between the common applications and a resource isolation mechanism cannot have strong isolation and lightweight.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a method and a system for isolating resources of a microkernel operating system.
The invention provides a resource isolation method for a micro-kernel operating system, which comprises the following steps:
the CPU resource and the memory resource of each process are managed by utilizing the abstraction of the resource container;
implementing a device bandwidth isolation mechanism inside a relevant user mode server;
the process sandbox mechanism is implemented based on a capability mechanism.
Preferably, the abstract management of the resource container is used to manage the CPU resources and memory resources of each process, including:
when the user process normally operates, resources in the resource container are consumed;
when the user process calls the system, the microkernel consumes the resources in the resource container;
when a user process accesses the service provided by the user mode server through inter-process communication, the service processing thread of the corresponding user mode server consumes the resources in the resource container.
Preferably, the device bandwidth isolation mechanism is implemented inside the associated user mode server, and includes:
the device bandwidth isolation mechanism is implemented inside the relevant user mode server through a device specific model.
Preferably, the process sandbox mechanism is implemented based on a capability mechanism, including:
the user mode server provides the capability to the user process;
a user process is initialized to have a plurality of capabilities assigned by a plurality of user mode servers.
Preferably, the resource container includes a CPU scheduling context and a process private memory pool.
The invention provides a resource isolation system of a micro-kernel operating system, which comprises:
module M1: the CPU resource and the memory resource of each process are managed by utilizing the abstraction of the resource container;
module M2: implementing a device bandwidth isolation mechanism inside a relevant user mode server;
module M3: the process sandbox mechanism is implemented based on a capability mechanism.
Preferably, the module M1, comprises:
submodule M101: when the user process normally operates, resources in the resource container are consumed;
submodule M102: when the user process calls the system, the microkernel consumes the resources in the resource container;
submodule M103: when a user process accesses the service provided by the user mode server through inter-process communication, the service processing thread of the corresponding user mode server consumes the resources in the resource container.
Preferably, the module M2 includes:
the device bandwidth isolation mechanism is implemented inside the relevant user mode server through a device specific model.
Preferably, the module M3, comprises:
submodule M301: the user mode server provides the capability to the user process;
submodule M302: when a user process is initialized, a plurality of capacities endowed by a plurality of user mode servers are possessed.
Preferably, the resource container includes a CPU scheduling context and a process private memory pool.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention provides a new micro-kernel operating system resource isolation mechanism aiming at the problem of resource isolation in a cloud computing scene, which realizes stronger resource isolation than the current container technology while ensuring the lightness and well meets the leading-edge requirements of the current industry.
2. The invention provides a complete and high-applicability light-weight microkernel operating system resource isolation mechanism, and the frontier requirements of the industry are met.
3. The invention realizes the device bandwidth isolation mechanism in the related user mode server, and gives consideration to the isomerism and the expandability of the device.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a schematic diagram of a resource container of the present invention;
FIG. 2 is a schematic diagram of the capability mechanism of the present invention.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will aid those skilled in the art in further understanding the present invention, but are not intended to limit the invention in any manner. It should be noted that it would be obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit of the invention. All falling within the scope of the present invention.
The small size of the kernel is a significant feature of the microkernel, and the microkernel only realizes necessary functions and provides necessary abstraction. The problem that the trusted computing base of the traditional container technology is too large can be well solved by realizing a resource isolation mechanism based on a microkernel operating system. The container technology is based on a macro kernel operating system Linux, the current code line number of the Linux kernel reaches the order of tens of millions, about 400 system calls are provided, the trusted computing base is huge, and a huge attack surface is exposed. The microkernel generally only has tens of thousands of lines of codes, only provides a small amount of system calls, and both a trusted computing base and an exposed attack surface are far smaller than that of the macrokernel.
However, implementing resource isolation on microkernel operating systems presents a number of challenges: for the microkernel operating system, to implement CPU isolation and memory isolation, it is not only necessary to consider that when a user process makes a system call, the kernel should consume the CPU resource and the memory resource of the corresponding user process. It is also necessary to consider that when a user process accesses a service provided by a user mode server through IPC, a service processing thread of the corresponding user mode server should consume a CPU resource and a memory resource of the user process; in addition to CPU isolation and memory isolation, resource isolation also includes device bandwidth isolation. For the macro kernel, drivers and frames of various devices are all in the kernel, so that it is reasonable to implement a device bandwidth isolation mechanism in the kernel. For the microkernel, most services are in a user state, and at the moment, a design decision should be made; another important aspect of resource isolation is the sandbox mechanism (sandbox), where a process runs inside a sandbox, since the process cannot see the world outside the sandbox, and thus is mistaken for having the resources of the entire system, but actually has only its own resources, how should the sandbox mechanism be implemented for the microkernel os?
The invention provides a resource isolation method for a microkernel operating system, which comprises the following steps:
and (4) utilizing the abstraction of the resource container to manage the CPU resource and the memory resource of each process.
The resource container is a structure body managed by a microkernel operating system by taking a process as granularity, comprises all CPU resources and memory resources which can be used by the process, and manages the CPU resources and the memory resources of each process by using the abstraction of the resource container, and comprises the following steps: when the user process normally operates, resources in the resource container are consumed; when the user process calls the system, the microkernel consumes the resources in the resource container; when a user Process accesses a service provided by a user mode server through Inter-Process Communication (IPC), a service processing thread of the corresponding user mode server consumes resources in a resource container. Therefore, the micro-kernel operating system can well realize CPU isolation and memory isolation.
In the invention, the resource container comprises a CPU scheduling context and a process private memory pool.
Specifically, for the microkernel operating system, to implement CPU isolation and memory isolation, it is not only necessary to consider that when a user process makes a system call, the kernel should consume the CPU resource and the memory resource of the corresponding user process. It is also necessary to consider that when a user process accesses a service provided by a user mode server through IPC, a service processing thread of the corresponding user mode server should consume a CPU resource and a memory resource of the user process.
The present invention solves the above problems by abstracting a resource container, which is a structural body of kernel management and contains all CPU resources and memory resources owned by one process.
Fig. 1 is a schematic structural diagram of a resource container of the present invention, and as shown in fig. 1, the resource container includes two members, the first is a CPU scheduling context in which all data to be referred to when a kernel scheduler makes a scheduling decision is stored to implement CPU resource isolation, and the second is a process private memory pool including all physical memory blocks owned by a user process to implement memory resource isolation.
Also, resource containers can be designed as a hierarchy rather than process-granular. For example, a process initially has a root resource container, and then all threads of the process can share the same root resource container, or each thread in the process can have its own independent child resource container, thereby forming a hierarchical structure.
The following describes a case where all threads of a process share the same root resource container.
The flow when the user process calls the system is as follows:
step 1, the user process starts to execute system call.
And 2, finding the resource container corresponding to the user process by the microkernel and starting to process system calling, wherein the kernel automatically starts to execute the instruction under the CPU scheduling context of the current user process.
And 3, when the kernel needs to allocate the memory in the processing process, acquiring and using the corresponding memory from the process private memory pool corresponding to the current user process.
And 4, finishing the kernel processing and returning to the user mode.
The flow of the user process accessing the service provided by the user state server through the IPC is as follows:
initial conditions: the service processing thread of the user mode server does not initially own any resource containers.
Step S1, the user process calls the system call interface related to IPC.
Step S2, the kernel temporarily assigns the resource container of the user process to the service processing thread of the corresponding user mode server.
Step S3, the kernel jumps the control flow to the service processing thread of the corresponding user mode server, and then the thread starts to process the user request, and all the CPU resources and memory resources consumed by the thread are sourced from the resource container of the previous user process.
Step S4, the service processing thread completes the processing request, and invokes the relevant system call to attempt to return to the user process.
And step S5, the kernel returns the resource container of the service processing thread to the user process and returns the control flow to the user process.
It should be noted that, because the user-mode service processing thread generally uses a dynamic memory allocation (malloc) interface to allocate the memory, in order for the service processing thread to correctly use the memory in the resource container, the kernel needs to make the memory allocated through the malloc interface be in a lazy policy, that is, the memory is actually allocated from the current resource container until the memory is actually accessed.
The device bandwidth isolation mechanism is implemented inside the associated user mode server.
The method for realizing the device bandwidth isolation mechanism in the related user mode server comprises the following steps: the device bandwidth isolation mechanism is implemented inside the relevant user mode server through a device specific model.
In particular, the existing Linux-based container technology block device bandwidth isolation mechanism suffers from a number of deficiencies. Specifically, first, the existing Input/Output Control (IO Control) mechanism of the block device does not consider the heterogeneity among modern hardware, and the error uses a single index (the number of Input/Output requests completed Per Second (IOPS)) and the number of bytes transmitted Per Second (bytes) to measure the usage rate of a certain process to a certain device, however, the difference between modern block devices is very large, such as the read/write speeds of the conventional disk and the solid state disk are not the same order of magnitude, for some devices, the indexes such as IOPS and bytes cannot accurately reflect the usage rate, the device bandwidth isolation mechanism implemented based on the error index obviously cannot achieve very good isolation, the operating system should use a device-specific (device-specific) model to accurately measure the actual usage rate of each device, for microkernel operating systems, the best solution is to implement this model inside each user-mode server. The specific implementation varies from device to device, and conventional modeling methods can be used, and machine learning methods can also be used. The microkernel operating system can naturally and well support the heterogeneity of the equipment, and the design can keep great expandability under the condition of supporting various existing equipment specific models.
The process sandbox mechanism is implemented based on a capability mechanism.
Wherein, the process sandbox mechanism is realized based on the capability mechanism, which comprises the following steps: the user mode server provides the capability to the user process; when a user process is initialized, a plurality of capacities endowed by a plurality of user mode servers are possessed.
In particular, one widely adopted way to implement access control for microkernel operating systems is a Capability (Capability) mechanism. Based on the Capability mechanism, the microkernel operating system can conveniently realize the process sandbox mechanism.
Wherein, Capability represents a Capability, and a process possessing a Capability represents that the process possesses the corresponding Capability. According to the invention, a Capability mechanism is used for realizing the process sandbox mechanism of the microkernel operating system, the user mode server can provide Capabilities for the user process, one user process can have a plurality of Capabilities given by a plurality of user mode servers during initialization, and the Capabilities given by the user process are capable of accessing the services provided by the corresponding user mode server.
Fig. 2 is a schematic structural diagram of the capability mechanism of the present invention, and as shown in fig. 2, the Capabilities correspond to IPC channels provided by a kernel, and the user mode server maintains relevant metadata for the IPC channels, specifically including the number of services, the types of services, and specific rights that the IPC channels can access. When a user's request comes, the user mode server decides what services to provide for the user based on the metadata.
Illustratively, assume that there are two processes on the system, one user process and one user-mode filesystem server process, respectively. The user-mode filesystem server process provides filesystem services to the user process. The user mode file system server process in fig. 2 provides 4 services to the outside, which are respectively the read-write service of the/alice folder, the read-write service of the/bob folder, the read-only service of the/public folder and the read-only service of the/shared folder, and the Metadata 1(Metadata1), the Metadata 2(Metadata2), the Metadata 3(Metadata3) and the Metadata 4(Metadata4) respectively correspond to the user authority information of the above four services. These 4 services correspond to 4 capabilities, and in fig. 2, the user process has 2 capabilities, Capability1 and Capability2, which are read-write capabilities of the/alice folder and read-only capabilities of the/shared folder, respectively. With these capabilities, the user process can access the corresponding services provided by the user-mode filesystem server. In terms of implementation, the Capabilities correspond to the IPC channels provided by the kernel, and the user mode server maintains relevant metadata for the IPC channels, specifically including the number of services, the types of services, and specific rights that the IPC channels can access. When the user process accesses the shared folder, the user process obtains an IPC channel provided by the kernel through the Capability corresponding to the shared folder, and communicates with the user-mode file system server through the IPC channel. When the user mode file system server receives the request of accessing/sharing folder of user process, it will check the Metadata4 corresponding to the IPC channel, and decide whether to satisfy the request according to the authority information recorded in the Metadata 4.
Illustratively, the overall flow of a user process accessing a service provided by a file system server includes the steps of:
in step P1, the user process attempts to access a folder based on the Capability provided by the filesystem server, and specifically, the user process initiates a request for accessing a folder to the filesystem server through the IPC channel corresponding to the Capability.
At step P2, the file system server receives the request, checks the metadata corresponding to the IPC channel to determine if the user process has sufficient authority to access the folder, and if the authority is not sufficient, rejects the request. Otherwise, the request is executed.
Step P3, the file system server returns the result of the request processing to the user process through the same IPC channel.
The invention also provides a resource isolation system of the microkernel operating system, which comprises:
module M1: and (4) utilizing the abstraction of the resource container to manage the CPU resource and the memory resource of each process.
Wherein, the module M1 includes: submodule M101: when the user process normally operates, resources in the resource container are consumed; submodule M102: when the user process calls the system, the microkernel consumes the resources in the resource container; submodule M103: when a user process accesses the service provided by the user mode server through inter-process communication, the service processing thread of the corresponding user mode server consumes the resources in the resource container.
Specifically, the resource container includes a CPU scheduling context and a process private memory pool.
Module M2: the device bandwidth isolation mechanism is implemented inside the associated user mode server.
Wherein, the module M2 includes: the device bandwidth isolation mechanism is implemented inside the relevant user mode server through a device specific model.
Module M3: the process sandbox mechanism is implemented based on a capability mechanism.
Wherein, the module M3 includes: submodule M301: the user mode server provides the capability to the user process; submodule M302: when a user process is initialized, a plurality of capacities endowed by a plurality of user mode servers are possessed.
The technical principle of the invention is as follows:
1. and (4) utilizing the abstraction of the resource container to manage the CPU resource and the memory resource of each process. When a user process is making a system call, the kernel should use the resources in the user process resource container. Similarly, when a user process is accessing the service provided by the user mode server, the service processing thread of the corresponding user mode server should use the resource in the user process resource container.
2. In order to take account of the heterogeneity and the expandability of the equipment, the invention realizes an equipment bandwidth isolation mechanism in the related user state server.
3. And realizing a process sandbox mechanism based on the Capability mechanism.
4. The invention provides a complete and high-applicability light-weight microkernel operating system resource isolation mechanism, and the frontier requirements of the industry are met.
The technical problem solved by the invention is as follows:
1. in order to implement the isolation of CPU resources and memory resources on the microkernel operating system, when a user process makes a system call, the kernel should consume the CPU resources and memory resources of the corresponding user process. When a user process requests a service provided by a user mode server through inter-process communication, a service processing thread of the corresponding user mode server should consume a CPU resource and a memory resource of the user process.
2. How to implement device bandwidth isolation mechanisms on the microkernel operating system, such as network bandwidth isolation, block device bandwidth isolation, and the like.
3. How to implement the sandbox mechanism on the microkernel operating system.
It is known to those skilled in the art that, except for implementing the system, the apparatus and the respective modules thereof provided by the present invention in a pure computer readable program code manner, the system, the apparatus and the respective modules thereof provided by the present invention can be implemented with the same program in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like by logically programming the method submodule M. Therefore, the system, the device and the modules thereof provided by the present invention can be considered as a hardware component, and the modules included in the system, the device and the modules thereof for implementing various programs can also be considered as structures in the hardware component; modules for performing various functions may also be considered to be both software programs for performing the methods and structures within hardware components.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.

Claims (10)

1. A method for isolating resources of a microkernel operating system is characterized by comprising the following steps:
abstract management of CPU resources and memory resources of each process by using the resource container;
implementing a device bandwidth isolation mechanism inside a relevant user mode server;
the process sandbox mechanism is implemented based on a capability mechanism.
2. The method of claim 1, wherein the managing CPU resources and memory resources of each process using abstraction of resource containers comprises:
when the user process normally runs, resources in the resource container are consumed;
when the user process calls the system, the microkernel consumes the resources in the resource container;
and when the user process accesses the service provided by the user mode server through the inter-process communication, the service processing thread of the corresponding user mode server consumes the resources in the resource container.
3. The method of claim 1, wherein implementing the device bandwidth isolation mechanism inside the associated user-mode server comprises:
the device bandwidth isolation mechanism is implemented inside the relevant user mode server through a device specific model.
4. The method of claim 1, wherein the capability-based mechanism implements a process sandbox mechanism comprising:
the user mode server provides the capability to the user process;
when a user process is initialized, a plurality of capacities endowed by a plurality of user mode servers are possessed.
5. The method of claim 1 or 2, wherein the resource container comprises a CPU scheduling context and a process private memory pool.
6. A microkernel operating system resource isolation system, comprising:
module M1: the CPU resource and the memory resource of each process are managed by utilizing the abstraction of the resource container;
module M2: implementing a device bandwidth isolation mechanism inside a relevant user mode server;
module M3: the process sandbox mechanism is implemented based on a capability mechanism.
7. The microkernel operating system resource isolation system of claim 6 wherein said module M1 comprises:
submodule M101: when the user process normally runs, resources in the resource container are consumed;
submodule M102: when the user process calls the system, the microkernel consumes the resources in the resource container;
submodule M103: and when the user process accesses the service provided by the user mode server through the inter-process communication, the service processing thread of the corresponding user mode server consumes the resources in the resource container.
8. The microkernel operating system resource isolation system of claim 6 wherein said module M2 comprises:
the device bandwidth isolation mechanism is implemented inside the relevant user mode server through a device specific model.
9. The microkernel operating system resource isolation system of claim 6 wherein said module M3 comprises:
submodule M301: the user mode server provides the capability to the user process;
sub-module M302: when a user process is initialized, a plurality of capacities endowed by a plurality of user mode servers are possessed.
10. The microkernel operating system resource isolation system of claim 6 or 7 wherein the resource container comprises a CPU scheduling context and a process private memory pool.
CN202210501191.4A 2022-05-09 2022-05-09 Method and system for isolating resources of microkernel operating system Pending CN114861193A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210501191.4A CN114861193A (en) 2022-05-09 2022-05-09 Method and system for isolating resources of microkernel operating system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210501191.4A CN114861193A (en) 2022-05-09 2022-05-09 Method and system for isolating resources of microkernel operating system

Publications (1)

Publication Number Publication Date
CN114861193A true CN114861193A (en) 2022-08-05

Family

ID=82637732

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210501191.4A Pending CN114861193A (en) 2022-05-09 2022-05-09 Method and system for isolating resources of microkernel operating system

Country Status (1)

Country Link
CN (1) CN114861193A (en)

Similar Documents

Publication Publication Date Title
US10176019B2 (en) Dynamic management of computing platform resources
US10701139B2 (en) Life cycle management method and apparatus
US9619270B2 (en) Remote-direct-memory-access-based virtual machine live migration
US9430296B2 (en) System partitioning to present software as platform level functionality via inter-partition bridge including reversible mode logic to switch between initialization, configuration, and execution mode
Williams Virtualization with Xen (tm): Including XenEnterprise, XenServer, and XenExpress
US9218042B2 (en) Cooperatively managing enforcement of energy related policies between virtual machine and application runtime
US10635499B2 (en) Multifunction option virtualization for single root I/O virtualization
US10223170B2 (en) Dynamic management of computing platform resources
US10666572B2 (en) Dynamic management of computing platform resources
US20210117244A1 (en) Resource manager access control
US9678984B2 (en) File access for applications deployed in a cloud environment
US10728169B1 (en) Instance upgrade migration
CN114846448A (en) Providing multiple namespace support to applications in containers under KUBERNETES
CN112306669A (en) Task processing method and device based on multi-core system
KR101535792B1 (en) Apparatus for configuring operating system and method thereof
CN114861193A (en) Method and system for isolating resources of microkernel operating system
CN107562510B (en) Management method and management equipment for application instances
US11561815B1 (en) Power aware load placement
US11704159B2 (en) System and method for unified infrastructure architecture
US11875195B2 (en) Methods and systems for dynamic load balancing of processing resources in distributed environments
CN114244724B (en) Method and device for evolution of metropolitan area network control plane to containerization
WO2023274014A1 (en) Storage resource management method, apparatus, and system for container cluster
Wijiutomo et al. Development of Test Environment Platform for IMA using COTS components
CN114153557A (en) Method and system for deploying specified application based on host machine operating system
Missbach et al. Stateless Computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination