The Jury Is In: Monolithic OS Design Is Flawed [pdf]

I wonder if there exists a parallel dimension where linux is microkernel design and folks are pushing for monolothic citing the driver friendliness and performance

The jury was in in the mid 1990's, but Linus Torvalds doesn't know when he's wrong and to listen to his betters. Linux succeeded because of its community, not because of its architecture. QnX has shown the strength of microkernels for decades, they are far more stable and much easier to work on than monoliths. The (small) speed penalty should be well worth the price of admission.

Reminds me of the famous Torvalds Tanenbaum debate. https://groups.google.com/forum/m/#!topic/comp.os.minix/wlhw...

There is a reason why kernel code run in privileged mode, speed! If you run more kernel code in privileged mode then you do not need to copy as much data between the kernel and user space. Vs a micro kernel you will have to copy more data up to user space. Copying data to user space causes context switches and gives less performance.

Larger mono kernels: Speed

Micro kernels have advantages such as: smaller privileged attack surface and thus more secure, more crash proof as you can restart user land processes for example device drivers

https://en.wikipedia.org/wiki/Microkernel

OK so seL4 is safer than Linux, that's not really news.. I have questions about seL4 though: is it able to manage several multicore CPU efficiently? What about power management, does it work?

The title is missing "from a security standpoint". Of course, everything is a tradeoff. TLDR:

> We have presented what is, to the best of our knowledge, the first quantitative empirical assessment of the security implications of operating system structure, i.e. monolithic vs microkernel-based design.

> Our results provide very strong evidence that operating- system structure has a strong effect on security. 96% of crit- ical Linux exploits would not reach critical severity in a microkernel-based system, 57% would be reduced to low severity, the majority of which would be eliminated alto- gether if the system was based on a verified microkernel. Even without verification, a microkernel-based design alone would completely prevent 29% of exploits.

> Given the limited number of documented exploits, we have to assume our results to have a statistical uncertainty of about nine percentage points. Taking this into account, the results remain strong. The conclusion is inevitable:

> From the security point of view, the monolithic OS design is flawed and a root cause of the majority of compromises. It is time for the world to move to an OS structure appropriate for 21st century security requirements

Well, the obvious solution is to design our Kernel's on Kubernetes.

IMO a microkernel isn't a design worth pursuing as there will always be overhead. Instead an exokernel with a simple monolithic 'multiplexing' kernel or a language that has 100% safety (not really possible).

Still waiting for GNU hurd.

In a perfect wrold microkernel OSes would be perfect but then it's all pointless.

In real life there are certain parts of the OS that have to work or the whole device stops working. Furthermore: the isolation of dynamic and less tested application code from these parts is generally a good idea, that's why monolithic OSes are so popular; they're simply less demanding.