On the Proof-Oriented Design of a Context-Switching Service in the Pip Protokernel
Sur la conception d'un service de changement de contexte et de sa preuve dans le proto-noyau Pip
Résumé
The Pip protokernel is a kernel whose trusted computing base is reduced to its bare bones. The goal of such minimisation is twofold: reduce the attack surface and reduce the cost of the formal proof of security. In particular, multiplexing is not implemented in the kernel but in a partition whose code is executed in user mode. This of course assumes that the kernel provides minimal services dedicated to signal sending. In this paper, we describe a streamlined service designed to allow for inter-partition communication through userland structures that mimic the traditional Interrupt Descriptor Table.
Origine : Fichiers produits par l'(les) auteur(s)
Loading...