Singularity OS

好长时间不来更新博客了，口译，考核一直缠身，实在是懒得写文章。

最近在搞驱动方面的编程，看了点，其实我倒是对WRK更情有独钟。

 

今天无意间看到微软的开源OS，这可是新闻啊。

About Singularity

Singularity is a research project focused on the construction of dependable systems through innovation in the areas of systems, languages, and tools. We are building a research operating system prototype (called Singularity), extending programming languages, and developing new techniques and tools for specifying and verifying program behavior.

Advances in languages, compilers, and tools open the possibility of significantly improving software. For example, Singularity uses type-safe languages and an abstract instruction set to enable what we call Software Isolated Processes (SIPs). SIPs provide the strong isolation guarantees of OS processes (isolated object space, separate GCs, separate runtimes) without the overhead of hardware-enforced protection domains. In the current Singularity prototype SIPs are extremely cheap; they run in ring 0 in the kernel’s address space.
Singularity uses these advances to build more reliable systems and applications. For example, because SIPs are so cheap to create and enforce, Singularity runs each program, device driver, or system extension in its own SIP. SIPs are not allowed to share memory or modify their own code. As a result, we can make strong reliability guarantees about the code running in a SIP. We can verify much broader properties about a SIP at compile or install time than can be done for code running in traditional OS processes. Broader application of static verification is critical to predicting system behavior and providing users with strong guarantees about reliability.

重点主意蓝字表示的地方，很邪恶。。。

 

软件以及信息安全在我看来以后绝对会成为重点，就拿驱动的东西ROOTKIT来说吧，从老早的SSDT HOOK.INLINE HOOK到内核直接修改，再到一些高端的利用内存的一些特性（eg，PTE）来隐藏rootkit，不能不说技术的提高。

其实，背后我觉得，还是主要是操作系统的缘故，提供了太多的特性以供我们去得以利用。以至于我不得不向虚拟机方向靠拢，以祈求能靠虚拟机的与真实OS的isolation来保证所谓的软件安全。

 

别的不说了，看网页吧

 

[url]http://www.codeplex.com/singularity[/url]