Sandboxed ClockMorph and GameOfLifeMorph

From AWiki

Jump to: navigation, search

This kernel executes two untrusted components:

  • ClockMorph (displays the number of hours, minutes and seconds from boot-time in HH:MM:SS format)
  • GameOfLifeMorph (classical Conway's Game of Life whose initial configuration comprises from a single "glider")

Both these components are running in a sandbox. Each of these morphs can scribble only to a small screen area, nowhere else, despite the fact that they both run in the same address space in Ring 0.

[edit]

Kernel structure

This kernel is composed from multiple subsystems:

  • trusted subsystems
    • IRQ
    • IO
    • Memory
    • Main
  • sandboxed (untrusted) subsystems
    • Timer
    • VGA
    • ClockMorph
    • GameOfLifeMorph

Image:Testclockandgameoflifemorph-kernel-structure.png

Trusted subsystems (in this case IRQ, IO, Memory and Main) have ambient authority. They can access whatever object or any other resource in the computer visible from kernel-space (Ring 0).

The authority of sandboxed (untrusted) subsystems is determined by the principle of the least authority (POLA) by design. During implementation of a particular untrusted subsystem we gradually reveal to whichi other external objects it must have access. This determines the authority we (i.e. trusted modules on our behalf) are willing to grant it.

The literate documentation of our kernel, for all sandboxed modules, describes:

  • services provided by the sandboxed subsystem
  • capabilities required by the sandboxed subsystem (to be able to provide expected services)
  • authority of the sandboxed subsystem
[edit]

QEMU image

You can download QEMU image of this kernel and use it: 

 qemu -fda TestClockAndGameOfLifeMorphs.img -boot a
[edit]

Source code

This kernel is part of the Backwater project. Its commented source code can be found in Section 6.1 in the literate documentation.

Retrieved from "http://altair.fiit.stuba.sk/mediawiki/index.php/Sandboxed_ClockMorph_and_GameOfLifeMorph"
Personal tools