What can anyone give you greater than now" - William Stafford
SLIC: An Extensibility System for Commodity Operating Systems
Modern commodity operating systems are large and complex systems developed over many years by large teams of programmers, containing many hundreds of thousands of lines of code. Consequently, it is extremely difficult to add significant new functionality to these systems. In response to this problem, a number of recent research projects have explored novel operating system architectures to support untrusted extensions; these include SPIN, VINO, Exokernel, Lipto, and Fluke. Unfortunately, the architectures employed by these projects required substantial implementation effort and are not generally available in commodity systems. In contrast, by leveraging the technique of interposition, our extension mechanism requires only trivial operating system changes to enable a large class of trusted extensions for existing commodity operating systems such as Solaris and Linux, while retaining full compatibility with existing application binaries. By interposing trusted extensions on existing kernel interfaces, our solution enables extensions which are protected from malicious applications, enforced upon non-cooperating applications, composable with extensions from other third-party sources, and significantly easier to develop than traditional kernel modifications.
We have designed and implemented a prototype extension mechanism called Slic which utilizes interposition to efficiently insert trusted extension code into a commodity operating system kernel. We have used Slic to implement a number of useful operating system extensions: a patch to fix a security hole described in a CERT advisory, a simple encryption file system, and a restricted execution environment for arbitrary untrusted binaries. Performance measurements of the Slic prototype show that interposition on existing kernel interfaces can be accomplished efficiently.