Ethos: an operating system which creates a culture of security

In 2007, we set out to build an operating system which would give rise to far more secure systems than are available today. The genesis for this work was a 2006 panel at Computer and Communications Security (CCS) on botnets. It became clear that our computing base has been broadly compromised by attackers. These attackers are professional, highly skilled, and in it for the money. The operate overseas, beyond the reach of their victim's national law enforcement and are largely anonymous.

In the war against these attackers we have clearly lost, each year we fall further behind. Its time to change the rules of the game.

Ethos is our answer to this threat. Ethos means "gathering place" and the "characteristics or virtues of a people". Our purpose is to build a system in which these virtues are encouraged. We hope to craft an environment which will lead to a whole ecosystem which is more secure. In this goal, we are inspired by UNIX--which is far more than just an operating system--it also influences deeply user space.

Building an operating system is an enormous undertaking. It is estimated that even "free" operating systems such as Linux are amazingly costly, costing over one billion dollars. (Almost all this expense is in device drivers and multiple architectures.) Building sufficient applications is a far larger goal. This is one reason why new operating systems have been unsuccessful.

In addition, new operating systems face the application trap: there are no users for a system because there are no applications; and no one will write applications because there are no users.

The solution to both of these problems is Virtual Machines (VMs). Since VMs allow multiple OS to run on a computer, it is no longer necessary to choose one OS; multiple OSs can be used simultaneously. Hence, one significant application can justify running an OS. Second, the VM provides an abstract hardware architecture which is far simpler then the vast variety of computers extant. The drivers for the real hardware are provided by the VM. We are using Xen as our VM because we believe it is a good security architecture on which to build an OS.

We are looking for kernel hackers to help us build this architecture. PhD students are preferred, although we have had valuable contributions from BS, MS, and PhD student. Of course, it will be released as open source.

If you are interested in joining the project, here is a reading list to get the needed background. For more books, see Readings.

  • Maurice Bach, The design of the UNIX operating System, Prentice-Hall, 1986. This book is old, before OSs got so complex. That's a good thing, so this is the first book I recommend on OS kernel internals.
  • David Chisnall, The definitive guide to the Xen hypervisor, Prentice-Hall. If your going to hack an OS on top of Xen (this is the way Ethos is implemented), this is the book you need.

Project contributors include

  • Ameet Kotian
  • Prasad Patil
  • Satya Popuri
  • Balamurugan Prabakaran
  • Mani Radhakrishnan
  • Sunil Shivanand
  • Andrew Trumbo, and
  • Andrei Warkentin.