Matching micro-kernels to modern applications using fine-grained memory protection

Scalable distributed systems, systems which suffer no degradation as the number of computing nodes becomes larger, require a programming methodology where an application developer may take existing software modules and plug them together to form a new application. To allow mistrusting modules to interact, the underlying kernel support must offer protection barriers which do not impede performance. The wide-ranging nature of modern applications used on larger scale systems means that existing kernel functions may not necessarily be the most efficient for an application. The kernel must therefore allow an application to dynamically install a function in the kernel; this is one aspect of customization. This paper argues that customization support is one aspect of fine-grained protection for modules needing CPU supervisor privilege. We describe the kernel support required for fine grained protection. Basically, our approach relies on the assignment of a single address space to an application with application modules having their own domain of protection. An experiment was made by modifying the Mach kernel; results show that inter-domain communication by protected procedure call is up to 5 times faster than Mach 3.0 IPC.