For decades, Operating Systems (OSs) have stressed backward compatibility and extraodinary flexibility. Thus the semantics of today's widely-used OSs dates back to the 1970s. In contrast, over this time Programming Langugages (PLs) have adopted higher level, more abstract, semantics. As a consequence of this semantic gap, PLs have been incorporating more OS semantics. But PLs are not OSs; and a PL-as-OS approach forfeits advantages which result from new OSs.
We believe that a new generation of OS semantics is both necessary and possible. The need which will drive new OS adoption is security. To obtain better security we will need much stronger security services (authentication, authorization, isolation) and better abstractions which are less prone to abuse by attackers. Ethos is intended to address this need.
Recent news events
- I've just put a slew of Ethos papers on-line, see this
- We've released Ethos's network protocol "MinimaLT: Minimal-latency Networking Through Better Security" by W. Michael Petullo, Xu Zhang, Jon A. Solworth, Daniel J. Bernstein, and Tanja Lange.
- Jon A. Solworth gave a talk on May 21st at IEEE Security and Privacy: Clean slate vs. compatibility: The struggle for new system software layers
- Jon A. Solworth gave a talk on May 3rd at Greater Chicago Area Systems Research Workshop,
Ethos: A layered approached to secure applications
- W. Michael Petullo defended his Ph.D. thesis on May 15th, 2013.
- An Ethos paper on secure networking has been accepted to the EuroSec workshop at EuroSys in Prague. Mike Petullo is lead author and presenter.
- Wenyuan and Muxuan Fei's son Daniel was born on March 12th.
- Two more Ethos papers have been accepted, this time to the Resolve Workshop at ASPLOS. Mike Petullo is the lead author and presenter.
- Mike Petullo gave a talk at University of Wisconsin, Madison on Ethos.
- Ethos now runs on 64-bit, the result of 6 months determined effort to root out bugs in the the 64-bit port which made it unusable. Kudos to Xu Zhang and Mike Petullo and to Pat Gavlin and Andrei Warkentin for the original port.
- CS 486, Secure Operating System Design and Implementation course has been approved by the department's graduate and undergraduate committees.
- The first Ethos paper has been published at ACM DIM, the ACM workshop on Digital Identity Management.
In 2007, we set out to build an operating system which would give rise to far more secure systems than are available today. The genesis for this work was a 2006 panel at Computer and Communications Security (CCS) on botnets. It became clear that our computing base has been broadly compromised by attackers. These attackers are professional, highly skilled, and in it for the money. The operate overseas, beyond the reach of their victim's national law enforcement and are largely anonymous.
In the war against these attackers we have clearly lost, each year we fall further behind. Its time to change the rules of the game.
Ethos is our answer to this threat. Ethos means "gathering place" and the "characteristics or virtues of a people". Our purpose is to build a system ("gathering place") in which more highly robust applications result ("characteristics or virtues"). We hope to craft an environment which will lead to a whole ecosystem which is more secure. In this goal, we are inspired by UNIX--which is far more than just an operating system--it also deeply influences user space.
Building an operating system is an enormous undertaking. It is estimated that even "free" operating systems such as Linux are amazingly costly, costing over one billion dollars. (Almost all this expense is in device drivers and multiple architectures.) Building sufficient applications is a far larger goal. This is one reason why new operating systems have been unsuccessful.
In addition, new operating systems face the application trap: there are no users for a system because there are no applications; and no one will write applications because there are no users.
The solution to both of these problems is Virtual Machines (VMs). Since VMs allow multiple OS to run on a computer, it is no longer necessary to choose one OS; multiple OSs can be used simultaneously. Hence, one significant application can justify running an OS. Second, the VM provides an abstract hardware architecture which is far simpler then the vast variety of computers extant. The drivers for the real hardware are provided by the VM. We are using Xen as our VM because we believe it is a good security architecture on which to build an OS.
We are looking for help to build Ethos and its ecosystem, including
- kernel hackers to build the Ethos kernel;
- compiler/programming language people to build new languages and better tool chains;
- systems people to help build the user space components and abstractions;
- application people to build the next generation of innovative and secure applications