| dc.identifier.uri | http://hdl.handle.net/11401/78243 | |
| dc.description.sponsorship | This work is sponsored by the Stony Brook University Graduate School in compliance with the requirements for completion of degree. | en_US |
| dc.format | Monograph | |
| dc.format.medium | Electronic Resource | en_US |
| dc.language.iso | en_US | |
| dc.type | Dissertation | |
| dcterms.abstract | Compatibility challenges occur when sharing an application across system interfaces such as Linux and Windows APIs, or reusing an application on a disruptive hardware such as Intel SGX. Existing approaches require either exhaustively porting applications to new APIs or preserving all previous APIs for backward compatibility. Since both approaches are time-consuming, developers urgently need a solution to the compatibility issues on innovative OSes or hardware, to promptly benefit average users. This thesis demonstrates a library OS approach for reusing unmodified applications on a new OS or hardware. The approach starts with defining a host ABI which is simple to port and also sufficiently contains essential OS abstractions such as file and page management. The host ABI divides the development of a compatibility layer into API emulation in a library OS and encapsulating host distinction with a PAL (platform adaption layer). This thesis presents the Graphene library OS, which demonstrates the simplicity and sufficiency of its host ABI by enumerating host abstractions used for emulating Linux system calls and the related porting efforts. For instance, Graphene emulates multi-process abstractions using two host abstractions: creating a new process, and a simple RPC stream. Leveraging a distributed coordination model, multiple Graphene instances across processes collaboratively present a united OS view to an application. Two main porting targets of Graphene, Linux, and SGX, each present challenges to enforcing security isolation. On a Linux host, Graphene isolates mutually-untrusting applications. On SGX, Graphene protects a security-sensitive application against an untrusted OS. From a security perspective, Graphene restricts the attack surface through system interfaces and simplifies security checks against unexpected exploitations. Finally, this thesis presents quantitative measurements to evaluate the partial compatibility of OS prototypes and importance of APIs, to help to prioritize API porting. | |
| dcterms.available | 2018-06-21T13:38:41Z | |
| dcterms.contributor | Porter, Donald E | en_US |
| dcterms.contributor | Sekar, R | en_US |
| dcterms.contributor | Ferdman, Michael | en_US |
| dcterms.contributor | Roscoe, Timothy | en_US |
| dcterms.creator | Tsai, Chia-Che | |
| dcterms.dateAccepted | 2018-06-21T13:38:41Z | |
| dcterms.dateSubmitted | 2018-06-21T13:38:41Z | |
| dcterms.description | Department of Computer Science | en_US |
| dcterms.extent | 201 pg. | en_US |
| dcterms.format | Monograph | |
| dcterms.format | Application/PDF | en_US |
| dcterms.identifier | http://hdl.handle.net/11401/78243 | |
| dcterms.issued | 2017-12-01 | |
| dcterms.language | en_US | |
| dcterms.provenance | Made available in DSpace on 2018-06-21T13:38:41Z (GMT). No. of bitstreams: 1
Tsai_grad.sunysb_0771E_13608.pdf: 3269217 bytes, checksum: 2b6a339b3ad050a80c9912705473d7eb (MD5)
Previous issue date: 12 | en |
| dcterms.subject | Application Programming Interfaces | |
| dcterms.subject | Computer science | |
| dcterms.subject | Compatibility | |
| dcterms.subject | Library Operating System | |
| dcterms.subject | Operating System | |
| dcterms.subject | Security Isolation | |
| dcterms.title | A Library Operating System for Compatibility | |
| dcterms.type | Dissertation | |
