Decomposing isolation mechanisms

General Purpose Isolation Mechanisms

Grand unified theory of isolation mechanisms in an operating system.


After sixty years of operating systems evolution, we continue to find new and different isolation mechanisms: threads, processes, containers, virtual machines, lightweight contexts. Even applications provide isolation mechanisms: a JVM is a user-level process that provides isolation units whose API is Java bytecodes; some browsers offer units of isolation between each browser tab.

We ask whether we really need to have N different isolation mechanisms or whether instead, we could develop a framework in which all these different mechanisms represent points on a continuum. If we could do that, then perhaps
  • We could implement such a unified framework
  • The framework might allow us to discover new and useful isolation mechanisms (that could be created seamlessly rather than requiring an entirely new implementation)
The project has three main goals:
  • Develop a theoretical model or framework to unify existing isolation mechanisms
  • Identify novel points in the model that are useful
  • Implement the model in seL4
arrow_back Back

Systopia lab is supported by a number of government and industrial sources, including Cisco Systems, the Communications Security Establishment Canada, Intel Research, the National Sciences and Engineering Research Council of Canada (NSERC), Network Appliance, Office of the Privacy Commissioner of Canada, and the National Science Foundation (NSF).