1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
[[!meta copyright="Copyright © 2007, 2008 Free Software Foundation, Inc."]]
[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
id="license" text="Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no Invariant
Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license
is included in the section entitled
[[GNU Free Documentation License|/fdl]]."]]"""]]
<p>Neal Walfield and Marcus Brinkmann have written and submitted for
publication <a
href="http://lists.gnu.org/archive/html/bug-hurd/2007-01/msg00046.html"><em>A
Critique of the GNU Hurd Multi-server Operating System</em></a> and a <a
href="http://lists.gnu.org/archive/html/l4-hurd/2007-01/msg00007.html">position
paper <em>Improving Usability via Access Decomposition and Policy
Refinement</em></a>. Please follow the two preceding links to see the complete
announcements. The authors welcome comments and discussion which may be
directed to the <a href="mailto:bug-hurd@gnu.org"><bug-hurd@gnu.org>
mailing list</a> for the Critique and to the <a
href="mailto:l4-hurd@gnu.org"><l4-hurd@gnu.org> mailing list</a> for the
position paper.
<p>The abstract of the Critique: <blockquote><p>The GNU Hurd's design was
motivated by a desire to rectify a number of observed shortcomings in Unix.
Foremost among these is that many policies that limit users exist simply as
remnants of the design of the system's mechanisms and their implementation. To
increase extensibility and integration, the Hurd adopts an object-based
architecture and defines interfaces, which, in particular those for the
composition of and access to name spaces, are virtualizable.
<p>This paper is first a presentation of the Hurd's design goals and a
characterization of its architecture primarily as it represents a departure
from Unix's. We then critique the architecture and assess it in terms of the
user environment of today focusing on security. Then follows an evaluation of
Mach, the microkernel on which the Hurd is built, emphasizing the design
constraints which Mach imposes as well as a number of deficiencies its design
presents for multi-server like systems. Finally, we reflect on the properties
such a system appears to require.</blockquote>
<p>The abstract of the position paper: <blockquote><p>Commodity operating
systems fail to meet the security, resource management and integration
expectations of users. We propose a unified solution based on a capability
framework as it supports fine grained objects, straightforward access
propagation and virtualizable interfaces and explore how to improve resource
use via access decomposition and policy refinement with minimum interposition.
We argue that only a small static number of scheduling policies are needed in
practice and advocate hierarchical policy specification and central
realization.</blockquote>
|