Enhancing a Dependable Multiserver Operating System with Temporal Protection via Resource Reservations

Abstract : MINIX 3 is a microkernel-based, multiserver operating system for uniprocessors that is designed to be highly dependable. Servers are restricted according to the principle of least privilege. For example, access to resources such as system memory and device I/O is fully protected. Although MINIX 3 is a potential candidate for embedded platforms, it currently cannot safeguard processes with stringent timing requirements, such as real-time applications. In this paper, we present the design and the implementation of a user-space resource-reservation framework (RRES) in order to augment MINIX 3's dependability infrastructure with temporal protection. In particular, we implemented the Constant Bandwidth Server (CBS), either in Soft or in Hard Reservation (CBS-HR) mode and the Idle-time Reclaiming Improved Server (IRIS) resource reservation algorithms. Important, practical applications of temporal protection include real-time computing as well as prevention of certain denial of service (DoS) attacks that monopolize the CPU. Experiments on a prototype implementation showed improved dependability in the temporal domain.