Can We Make Operating Systems Reliable and Secure?
2014-10-20 21:35
155 查看
Andrew S. Tanenbaum, Jorrit N. Herder, and Herbert Bos
Vrije Universiteit, Amsterdam
Microkernels—long discarded as unacceptable because of their lower performance
compared with monolithic kernels—might be making a comeback in operating systems
due to their potentially higher reliability,which many researchers now regard as more
important than performance.
When was the last time your TV set crashed
or implored you to download some emergency
software update from the Web? After
all, unless it is an ancient set, it is just a computer
with a CPU, a big monitor, some analog
electronics for decoding radio signals, a couple of
peculiar I/O devices—a remote control, a built-in VCR
or DVD drive—and a boatload of software in ROM.
This rhetorical question points out a nasty little secret
that we in the computer industry do not like to discuss:
Why are TV sets, DVD recorders, MP3 players, cell
phones, and other software-laden electronic devices reliable
and secure but computers are not? Of course there
are many “reasons”—computers are flexible, users can
change the software, the IT industry is immature, and
so on—but as we move to an era in which the vast
majority of computer users are nontechnical people,
increasingly these seem like lame excuses to them.
What consumers expect from a computer is what they
expect from a TV set: You buy it, you plug it in, and it
works perfectly for the next 10 years. As IT professionals,
we need to take up this challenge and make computers
as reliable and secure as TV sets.
The worst offender when it comes to reliability and
security is the operating system. Although application
programs contain many flaws, if the operating system
were bug free, bugs in application programs could do
only limited damage, so we will focus here on operating
systems.
However, before getting into the details, a few words
about the relationship between reliability and security
are in order. Problems with each of these domains often
have the same root cause: bugs in the software. A buffer
overrun error can cause a system crash (reliability problem),
but it can also allow a cleverly written virus or
worm to take over the computer (security problem).
Although we focus primarily on reliability, improving
reliability can also improve security.
WHY ARE SYSTEMS UNRELIABLE?
Current operating systems have two characteristics
that make them unreliable and insecure: They are huge
and they have very poor fault isolation. The Linux kernel
has more than 2.5 million lines of code; the Windows
XP kernel is more than twice as large.
One study of software reliability showed that code
contains between six and 16 bugs per 1,000 lines of executable
code,1 while another study put the fault density
at two to 75 bugs per 1,000 lines of executable code,2
depending on module size
.................................
全文可以直接下载附件。。。。。。。。。。。。。。。
Vrije Universiteit, Amsterdam
Microkernels—long discarded as unacceptable because of their lower performance
compared with monolithic kernels—might be making a comeback in operating systems
due to their potentially higher reliability,which many researchers now regard as more
important than performance.
When was the last time your TV set crashed
or implored you to download some emergency
software update from the Web? After
all, unless it is an ancient set, it is just a computer
with a CPU, a big monitor, some analog
electronics for decoding radio signals, a couple of
peculiar I/O devices—a remote control, a built-in VCR
or DVD drive—and a boatload of software in ROM.
This rhetorical question points out a nasty little secret
that we in the computer industry do not like to discuss:
Why are TV sets, DVD recorders, MP3 players, cell
phones, and other software-laden electronic devices reliable
and secure but computers are not? Of course there
are many “reasons”—computers are flexible, users can
change the software, the IT industry is immature, and
so on—but as we move to an era in which the vast
majority of computer users are nontechnical people,
increasingly these seem like lame excuses to them.
What consumers expect from a computer is what they
expect from a TV set: You buy it, you plug it in, and it
works perfectly for the next 10 years. As IT professionals,
we need to take up this challenge and make computers
as reliable and secure as TV sets.
The worst offender when it comes to reliability and
security is the operating system. Although application
programs contain many flaws, if the operating system
were bug free, bugs in application programs could do
only limited damage, so we will focus here on operating
systems.
However, before getting into the details, a few words
about the relationship between reliability and security
are in order. Problems with each of these domains often
have the same root cause: bugs in the software. A buffer
overrun error can cause a system crash (reliability problem),
but it can also allow a cleverly written virus or
worm to take over the computer (security problem).
Although we focus primarily on reliability, improving
reliability can also improve security.
WHY ARE SYSTEMS UNRELIABLE?
Current operating systems have two characteristics
that make them unreliable and insecure: They are huge
and they have very poor fault isolation. The Linux kernel
has more than 2.5 million lines of code; the Windows
XP kernel is more than twice as large.
One study of software reliability showed that code
contains between six and 16 bugs per 1,000 lines of executable
code,1 while another study put the fault density
at two to 75 bugs per 1,000 lines of executable code,2
depending on module size
.................................
全文可以直接下载附件。。。。。。。。。。。。。。。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 【操作系统】Can We Make Operating Systems Reliable and Secure?
- 对Can We Make Operating Systems Reliable and Secure 的翻译
- Difference between HashMap and HashTable? Can we make hashmap synchronized?
- Issue 12(Anyone can make things bigger and more complex. What require more effort and courage is to move in the opposite directi
- How to get FlexPaper’s Instance and some methods can we called
- Kettle解析JSON错误,We MUST have the same number of values for all paths,We can not find and data with path [$.
- Secure Computer and Network Systems: Modeling, Analysis and Design
- Yes Small Companies Can – and Should – Build Secure Software
- Can and LIN Bus Systems
- We Loaded 1TB in 30 Minutes with SSIS, and So Can You (一)转
- Operating Systems Design and Implementation
- Can I get rid of the "This page contains both secure and nonsecure items" warning?
- What About Flash? Can We Really Make Games With It?
- We can all make a difference!
- Operating Systems Design and Implementation (3rd Edition)
- 解决 `manpath: can't set the locale; make sure $LC_* and $LANG are correct`
- Operating Systems Design and Implementation, Third Edition
- Use LDAP over TLS and make connection be secure.
- Ultra-wideband (UWB) secure wireless device pairing and associated systems
- How do I remove all partitions, data and create clean empty hard disk under Linux operating systems?