Building an OS requires building a kernel. We are implementing a kernel in C on top of Xen. Ethos started from a small OS in Xen called Mini-OS which provided low-level facilties which we extended to make a full OS supporting processes, a network stack, filesystem, authentication, etc. Kernel hacking divides into architecture dependent code (eg., for interrupts, context switching, paging) and architecture independent code (eg., authorization, authentication, file systems, etc.)

We’re working on building highly secure distributed services. The first service is SayI, an authentication service, which will be used in conjunction with MinimaLT.

El. El is intended to combine the best part of shells with the best part of scripting languages. Also, the building of tools to use with the shell.

Em. Em is Ethos’ graphic markup language, intended to make it very simple to build smartphone-type applications.

Much of an OS is written in user space. There are many user-space components to build, including package management, tools (see El), and OS abstractions. We’re using Go and El to write these routines.

An OS without applications is incomplete. We need to see what effect Ethos has on application code. The first application will probably be secure messaging.

Ethos relies on NaCL, a high speed crypto library which provides all Ethos’ crypto primitives (PI: Daniel J. Bernstein).

Paper List by Themes Heading link

  1. Authentication in the Taos operating system (wobber94authentication). Edward Wobber et al. Jan. 24, 2013 (Presented by Dr. Solworth)
  2. Kerberos: An Authentication Service for Open Network Systems (steiner88kerberos). Jennifer G. Steiner et al. Jan. 30, 2013 (Presented by Yaohua)
  3. Ten Risks of PKI: What You’re not Being Told about Public Key Intrustructure (ellison00pkiRisks). Carl Ellison and Bruce Schneier. Feb. 6, 2013 (Presented by Wenyuan)
  4. Building Secure High-Performance Web Services with OKWS (krohn04okws). Maxwell Krohn. Feb. 27, 2013 (Presented by Mike)
  5. Labels and Event Processes in the Asbestos Operating System (efstathopoulos05labels). Petros Efstathopoulos et al. Mar. 6, 2013 (Presented by Yaohua)
  1. Ethos’ Distributed Types (git repo sent in email). W. Michael Petullo et al. Mar. 13, 2013 (Presented by Xu)
  2. Authentication in Ethos (git repo sent in email). W. Michael Petullo and Jon A. Solworth. Mar. 21, 2013 (Presented by Siming)
  3. Simple-to-use, Secure-by-design Networking in Ethos (git repo sent in email). W. Michael Petullo and Jon A. Solworth. Mar. 27, 2013 (Presented by Yaohua)
  4. MinimaLT: Minimal-latency Networking Through Better Security (git repo sent in email). Anonymous. Apr. 3, 2013 (Presented by Xu)
  5. gAuth: Internet-Scale User Authentication (git repo sent in email). Anonymous. Apr. 17, 2013 (Presented by Giovanni)
  6. gRev: Efficient and Timely Certificate Revocation at Global Scale (git repo sent in email). Anonymous. Apr. 24, 2013 (Presented by Luca)
  1. Design of a General Purpose Memory Allocator for the 4.3BSD UNIX Kernel (mckusick88kernelMalloc). Marshall Krik McKusick and Michael J. Karels. May 1, 2013

In 2007, we set out to build an operating system which would give rise to far more secure systems than are available today. The genesis for this work was a 2006 panel at Computer and Communications Security (CCS) on botnets. It became clear that our computing base has been broadly compromised by attackers. These attackers are professional, highly skilled, and in it for the money. The operate overseas, beyond the reach of their victim’s national law enforcement and are largely anonymous.

In the war against these attackers we have clearly lost, each year we fall further behind. Its time to change the rules of the game.

Ethos is our answer to this threat. Ethos means “gathering place” and the “characteristics or virtues of a people”. Our purpose is to build a system (“gathering place”) in which more highly robust applications result (“characteristics or virtues”). We hope to craft an environment which will lead to a whole ecosystem which is more secure. In this goal, we are inspired by UNIX–which is far more than just an operating system–it also deeply influences user space.

Building an operating system is an enormous undertaking. It is estimated that even “free” operating systems such as Linux are amazingly costly, costing over one billion dollars. (Almost all this expense is in device drivers and multiple architectures.) Building sufficient applications is a far larger goal. This is one reason why new operating systems have been unsuccessful.

In addition, new operating systems face the application trapthere are no users for a system because there are no applications; and no one will write applications because there are no users.

The solution to both of these problems is Virtual Machines (VMs). Since VMs allow multiple OS to run on a computer, it is no longer necessary to choose one OS; multiple OSs can be used simultaneously. Hence, one significant application can justify running an OS. Second, the VM provides an abstract hardware architecture which is far simpler then the vast variety of computers extant. The drivers for the real hardware are provided by the VM. We are using Xen as our VM because we believe it is a good security architecture on which to build an OS.