For decades, Operating Systems (OSs) have stressed backward compatibility and extraordinary flexibility. Thus the semantics of today’s widely-used OSs dates back to the 1970s. In contrast, over this time Programming Languages (PLs) have adopted higher level, more abstract, semantics. As a consequence of this semantic gap, PLs have been incorporating more OS semantics. But PLs are not OSs; and a PL-as-OS approach forfeits advantages which result from new OSs.

An OS’s system calls (and other interfaces) define its semantics. This semantics includes its security services(authentication, authorization, isolation) and its abstractions. Ethos provides stronger security services which are more resistant to attack and abstractions which are less prone to abuse by attackers. As an example of the former, all networking in Ethos is encrypted, authenticated, and authorized. As an example of the later, Ethos I/O is typed (as in programming languages) ensuring that I/O conforms to declared typed and thus preventing many attacks based on ill-formed input. Together, the security services and abstraction provide security properties which are guaranteed to hold for all applications which are built on top of Ethos.

We believe that a new generation of OS semantics is both necessary and possible. The need which will drive new OS adoption is security. Ethos indicates what is possible with such a design philosophy.

Ethos is first of all about programming, the central phenomenon of computer science. Programming is an extraordinarily difficult intellectual challenge, it is the twin pursuit of functionality and perfection. The two forms of programming which are most sensitive are Systems programming and Secure programming: The Ethos project combines both these aspects.

Such programming requires tremendous precision. This requires study, reading, thinking, and always learning about how to be a better programmer. No matter how good you are at programming, you still have many things to learn. If programming is not a passion for you, then Ethos is not the right project for you.

Its not just about programming skill. Ethos is designed to have far fewer security holes than other systems as well as very highly polished security services. Producing such software requires a broad computer science base, intensive study into areas related to the target software, extraordinary careful design, and analysis of design and issues. Producing secure software has proved elusive, it cannot happen without intense preparation, and careful evaluation of the result.

It can seem overwhelming to get involved in a project like Ethos. First of all, there are many ways to participate. Second, here are some suggestions of things you can do to enable you to work on Ethos.

We recommend the following courses at UIC

  • CS 385: Operating Systems Concepts and Design
  • CS 486: Secure Operating System Design and Implementation
  • CS 473: Compiler Design
  • CS 450: Introduction to Networking
  • CS 466: Advanced Computer Architecture
  • CS 487: Building Trustworthy Computer Systems
  • CS 587: Computer Systems Security
  • CS 588: Security and Privacy in Distributed and Networkd Systems

If you are interested in joining the project, here is a reading list to get the needed background

  • Maurice Bach, The design of the UNIX operating System, Prentice-Hall, 1986. This book is old, before OSs got so complex. That’s a good thing, so this is the first book I recommend on OS kernel internals.
  • David Chisnall, The definitive guide to the Xen hypervisor, Prentice-Hall. If your going to hack an OS on top of Xen (this is the way Ethos is implemented), this is the book you need.

Background Heading link

Here is the ideal programming background, but you can be useful to Ethos with a subset of these skills. The skills are listed from most general to least general.

Most of our programming is done in C (kernel) or Go (user space).

For almost everyone, Go is a new language, and thus students generally start out learning Go for Linux. We like Go because it is a well thought out language, is carefully layered (and thus was easy to port to Ethos), and its aimed at systems programming.

C programming, especially in the kernel, requires a great deal of care. Kernel programming is one of the most rigorous types of programming, and hence precision in understanding C is essential.

We use Git as a revision control system to manage Ethos source repositories. These have grown in number in the last few years as we better partition the project. If you program you should be using a revision control system: It provides backup, safe sharing, and change history. Even for a course project it enables those last minute mistakes to be avoided.

Debuggers such as GDB enable efficient tracking down of programs. In the kernel, in particular it is much faster to use a debugger. In this case, the debugger runs on one host and Ethos on a second host.

While performance is not a primary goal, profiling is still necessary to determine and fix performance bottlenecks.

Compiler tools are needed for two reasons. First, implementing an OS kernel requires a detail knowledge of how programming languages are implemented, because in the kernel there does not exist the facilities that user space programs rely upon. Secondly, we are implementing a scripting language for Ethos, call El.

Ethos has been targetted at x86 (32-bit and 64-bit) architectures. Every OS requres some assembly language programming, particularly to deal with privileged instructions. Typically, one person handles these issues for the project.

To get good code, you need to think hard about what it needs to do and how it will do it. Documentation not only communicates to other team members, it also is a method to think about design. We use latex.