kernelthread.com

Projects

This page contains a loosely-categorized list of software I've created and that I can talk about more openly. It's not an exhaustive list.

File Systems

Security and Trusted Computing

Miscellaneous Low-Level Software

Virtualization, Sandboxing, and Quality of Service

A Virtualized Solaris Operating System with Quality of Service, 1999—2000

I created a "virtualized" version of Sun's Solaris operating system. The idea is to divide the operating system into multiple virtual environments by creating a software layer in the kernel. Each virtual environment is capable of running arbitrarily complicated existing applications unmodified. A complicated application, say the Oracle database suite, would typically exercise most components/subsystems of the operating system. Resources are made available to a virtual instance with Quality of Service. Moreover, applications in one virtual system instance are in complete isolation from applications in other instances on the same "real" machine.

Each virtual instance can be managed—administered, configured, rebooted, shutdown etc.—completely independently of the others and is visible as the "normal" operating system to applications within it. Note that this is different from an emulator: there is only one instance of the system kernel, but the APIs have been virtualized within the kernel. This results in a much higher virtual instance performance than would be possible with an emulator.

Specific virtualization components include, but are not limited to, the following:

Note that this was product quality software and all work was done without ever having seen the source code for Solaris, which was closed and proprietary to Sun at that time and their source license had enough "wrong" strings attached from my company's point of view.

I've been asked sometimes how this virtualization project (referred to as "V" from now on) relates to, or is different from the "Zones" feature in Solaris 10, or the FreeBSD "jail" subsystem. Here are some thoughts on this, assuming the reader is familiar with Solaris Zones and FreeBSD "jail":

Resource Management for Quality of Service in a Custom Operating System, 1998—1999

I worked on introducing Resource Management for Quality of Service in a custom operating system derived from FreeBSD. This included work on schedulers for CPU, network, and disk; a pseudo file system based resource management API; and a resource management layer to provide seamless quality of service to legacy, unmodified applications.

Quality of Service Support for Legacy Applications, 1998—1999

While working on a FreeBSD-derived operating system with Quality of Service (QoS), I extended the NFS, HTTP, and FTP protocols to make them QoS-enabled. The extensions were such that legacy user applications could benefit from QoS without having to be modified in any way.

Networking

Socket Credential Query Mechanism, 2006

I created a kernel mechanism for Mac OS X to allow a user-space caller to query the credentials (such as the user and process identifiers) of the peer of a TCP socket involved in a local connection. The interface is easy-to-use, lightweight, unspoofable, and extensible.

Signaled Receiver Processing, 1998—1999

Protocol processing of received packets in BSD Unix is interrupt-driven and may cause scheduling anomalies that are unacceptable in systems that provide Quality of Service (QoS) guarantees. In collaboration with other researchers, I implemented an alternate mechanism—Signaled Receiver Processing (SRP)—that generates a signal to the receiving process when a packet arrives. The default action of this signal is to perform protocol processing asynchronously. However, a receiving process may catch, block or ignore the signal and defer protocol processing until a subsequent receive call. In any case, protocol processing occurs in the context of the receiving process and is correctly charged. Therefore, SRP allows the system to enforce and honor QoS guarantees.

Embedded Software/Firmware Programming, 1998—

I've created software for various embedded/firmware environments over the years. My Towers Of Hanoi hobby project includes software for the Sega Dreamcast Game Console, the Nintendo Gameboy Advance Hand-held System, and the RioCar MP3 Player. My other related experiments include creating software for the ProGear WebPad, running TCP/IP over Infra-red, and populating a Debian Linux distribution on an ARM-based embedded system for on-board software development, running 5th edition UNIX on the Nintendo Game Boy Advance, and projects involving MIPS, PowerPC, and x86 development boards.

For examples of programming in the firmware environment, see:

For examples of low-level bringup, see:

High Level Software

A Linux/Unix Software Stack for Implementing and Deploying Arbitrary Web Services, 2002

This is a highly extensible system for implementing, deploying, and managing web services and their APIs. I envisioned, designed, and implemented this system. Later I led the project's further development and management. Its key components and features include the following:

Linux Miscellany

Flexible and Automated System Installation, 1997

I extended the "kick-start" installation procedure of Red Hat Linux to simplify it and to support additional installation methods. I designed a hands-off installation scheme for x86 systems wherein special-purpose boot code can be placed in the PROM of the network card and upon booting, the user is given the option of either installing an operating system on the computer, running a minimal system in RAM, or booting entirely off the network with an NFS root filesystem.

An Audit and System Call Interception Mechanism for the Linux Kernel, 1997

I designed and implemented a dynamically loadable system call audit mechanism for the Linux kernel. Using this mechanism, it is possible to arrange for arbitrary context sensitive operations to happen upon execution of a system call. For example, a set of system calls can be denied to certain users. Arbitrary system time can be returned to specific applications—for testing time related bugs, say, like the erstwhile Y2K. It is also possible to associate the execution of certain user level programs when certain actions occur. For example, users can associate passwords with files, etc.

Other Esoteric Pursuits

Many Systems on a PowerBook, 2003

A large number of operating systems running in virtual machines.

Hanoimania, 1994—

I created myriad implementations of the Towers Of Hanoi program. Please go to the Hanoimania page for details.

Obfuscated Escapes, 1994—

Some examples of code obfuscated on purpose.