For decades, Operating Systems (OSs) have stressed backward compatibility and extraordinary flexibility. Thus the semantics of today's widely-used OSs dates back to the 1970s. In contrast, over this time Programming Langugages (PLs) have adopted higher level, more abstract, semantics. As a consequence of this semantic gap, PLs have been incorporating more OS semantics. But PLs are not OSs; and a PL-as-OS approach forfeits advantages which result from new OSs.
An OS's system calls (and other interfaces) define its semantics. This semantics includes its security services (authentication, authorization, isolation) and its abstractions. Ethos provides stronger security services which are more resistant to attack and abstractions which are less prone to abuse by attackers. As an example of the former, all networking in Ethos is encrypted, authenticated, and authorized. As an example of the later, Ethos I/O is typed (as in programming languages) ensuring that I/O conforms to declared typed and thus preventing many attacks based on ill-formed input. Together, the security services and abstraction provide security properties which are guaranteed to hold for all applications which are built on top of Ethos.
We believe that a new generation of OS semantics is both necessary and possible. The need which will drive new OS adoption is security. Ethos indicates what is possible with such a design philosophy.
Recent news events
- I'm starting to tweet news @JonSolworth.
- UIC is searching for Systems Faculty.
- Jon Solworth presented a talk on Ethos at You broke the Internet at the 30th Chaos Computer Congress.
- Dan Bernstein, Tanja Lange, and Nadia Heninger presented "The Year In Crypto" at the 30th Chaos Computer Congress.
- Mike Petullo presented MinimaLT at ACM Computer and Communications Conference in Nov. 2013.
- I've just put a slew of Ethos papers on-line, see this
- We've released Ethos's network protocol "MinimaLT: Minimal-latency Networking Through Better Security" by W. Michael Petullo, Xu Zhang, Jon A. Solworth, Daniel J. Bernstein, and Tanja Lange.
- Jon A. Solworth gave a talk on May 21st at IEEE Security and Privacy: Clean slate vs. compatibility: The struggle for new system software layers
- Jon A. Solworth gave a talk on May 3rd at Greater Chicago Area Systems Research Workshop, Ethos: A layered approached to secure applications
- W. Michael Petullo defended his Ph.D. thesis on May 15th, 2013.
- An Ethos paper on secure networking has been accepted to the EuroSec workshop at EuroSys in Prague. Mike Petullo is lead author and presenter.
- Wenyuan and Muxuan Fei's son Daniel was born on March 12th.
- Two more Ethos papers have been accepted, this time to the Resolve Workshop at ASPLOS. Mike Petullo is the lead author and presenter.
- Mike Petullo gave a talk at University of Wisconsin, Madison on Ethos.
- Ethos now runs on 64-bit, the result of 6 months determined effort to root out bugs in the the 64-bit port which made it unusable. Kudos to Xu Zhang and Mike Petullo and to Pat Gavlin and Andrei Warkentin for the original port.
- CS 486, Secure Operating System Design and Implementation course has been approved by the department's graduate and undergraduate committees.
- The first Ethos paper has been published at ACM DIM, the ACM workshop on Digital Identity Management.
Software release plans
Ethos will be released as open source. We are targetting MinimaLT, a secure network protocol, as our first release. MinimaLT is developed within Ethos, and will be ported to POSIX. We intend to release a research prototype in the Spring Semester, followed by a production code.
We are looking for help to build Ethos and its ecosystem, including
- kernel hackers to build the Ethos kernel;
- compiler/programming language people to build new languages and better tool chains;
- systems people to help build the user space components and abstractions;
- application people to build the next generation of innovative and secure applications
We are looking for both open source developers and students.
- Since our new network protocol, MinimaLT has been described, we've begun to work with open source developers.
- Amongst students, PhD students are preferred, although we have had valuable contributions from BS, MS, and PhD student. If you are a superb student, consider coming to UIC to work on Ethos and get a degree.
We are also would appreciate and acknowledge financial sponsorship, see donations. Sponsorship would help speed release of project.
In 2007, we set out to build an operating system which would give rise to far more secure systems than are available today. The genesis for this work was a 2006 panel at Computer and Communications Security (CCS) on botnets. It became clear that our computing base has been broadly compromised by attackers. These attackers are professional, highly skilled, and in it for the money. The operate overseas, beyond the reach of their victim's national law enforcement and are largely anonymous.
In the war against these attackers we have clearly lost, each year we fall further behind. Its time to change the rules of the game.
Ethos is our answer to this threat. Ethos means "gathering place" and the "characteristics or virtues of a people". Our purpose is to build a system ("gathering place") in which more highly robust applications result ("characteristics or virtues"). We hope to craft an environment which will lead to a whole ecosystem which is more secure. In this goal, we are inspired by UNIX--which is far more than just an operating system--it also deeply influences user space.
Building an operating system is an enormous undertaking. It is estimated that even "free" operating systems such as Linux are amazingly costly, costing over one billion dollars. (Almost all this expense is in device drivers and multiple architectures.) Building sufficient applications is a far larger goal. This is one reason why new operating systems have been unsuccessful.
In addition, new operating systems face the application trap: there are no users for a system because there are no applications; and no one will write applications because there are no users.
The solution to both of these problems is Virtual Machines (VMs). Since VMs allow multiple OS to run on a computer, it is no longer necessary to choose one OS; multiple OSs can be used simultaneously. Hence, one significant application can justify running an OS. Second, the VM provides an abstract hardware architecture which is far simpler then the vast variety of computers extant. The drivers for the real hardware are provided by the VM. We are using Xen as our VM because we believe it is a good security architecture on which to build an OS.