Genode – Operating System Framework

by neodypsis on 8/29/2015, 5:56 AM with 23 comments
  • by krylon on 8/29/2015, 8:39 AM

    I've read a little about Genode before, so I am familiar with the name. But I have to admit that I have no clue what this project is trying to achieve (or has achieved already).

    Could someone explain to me in not-overly-complicated terms what this project is all about? What is an "operating system framework" supposed to be?

    (EDIT: I found the "about" link on their home page! :) Consider my question answered! This sounds like a very interesting interesting project.)

  • by nickpsecurity on 8/29/2015, 5:14 PM

    Good to see one I've praised here before. Genode comes from the line of research that tries to reduce the Trusted Computing Base (i.e. attack surface) of systems by leveraging microkernels, better resource management, and better architecture. It came from this research [1] into real-time, secure GUI's, virtualization, and so on. The architecture itself is more than just a microkernel or virtualization scheme: it's structured in a hierarchical way that's supposed to support its security and reliability goals. Like with other things, I really want some smart researchers to give that architecture strong peer review and verification to test its claim before I trust it. However, the Nizza Security Architecture [2] it borrows from is based on solid, simple principles.

    The best thing about GenodeOS is they learn from the past. Many mainstream approaches to INFOSEC seems like they've never heard of any prior R&D results. Some do, but this is the rule. For instance, the Rump kernels are similar to what OKL4 already did (and deployed) with their device driver reuse. QubesOS added their secure GUI scheme after I forwarded this team's work to them showing what's already been achieved in this space. Many are still building monolithic systems despite the fact that not a single one has ever shown to be remotely secure. And so on.

    Unlike the rest, the Genode team seems to carefully watch the academic and industrial space to find any best-of-breed component to integrate into their system. They've attempted to use Nitpicker, NOVA, seL4, proven UNIX components, and so on. This attitude, along with tiny TCB, is why volunteers wanting to build secure, reliable systems should contribute to GenodeOS rather than most others. Done right, the component-based approach means your contributions might be easier to port to other projects (esp microkernels) as well.

    [1] http://genode.org/about/publications

    [2] http://genode-labs.com/publications/nizza-2005.pdf

  • by mtgx on 8/29/2015, 9:37 AM

    Is this a complete step-up from unikernel-based OSs such as MirageOS or could it also use unikernels for improved security?