Ethos (home)

4 min read Original article ↗

For decades, Operating Systems (OSs) have stressed backward compatibility and extraordinary flexibility. Thus the semantics of today's widely-used OSs dates back to the 1970s. In contrast, over this time Programming Langugages (PLs) have adopted higher level, more abstract, semantics. As a consequence of this semantic gap, PLs have been incorporating more OS semantics. But PLs are not OSs; and a PL-as-OS approach forfeits advantages which result from new OSs.

An OS's system calls (and other interfaces) define its semantics. This semantics includes its security services (authentication, authorization, isolation) and its abstractions. Ethos provides stronger security services which are more resistant to attack and abstractions which are less prone to abuse by attackers. As an example of the former, all networking in Ethos is encrypted, authenticated, and authorized. As an example of the later, Ethos I/O is typed (as in programming languages) ensuring that I/O conforms to declared typed and thus preventing many attacks based on ill-formed input. Together, the security services and abstraction provide security properties which are guaranteed to hold for all applications which are built on top of Ethos.

We believe that a new generation of OS semantics is both necessary and possible. The need which will drive new OS adoption is security. Ethos indicates what is possible with such a design philosophy.

Software release plans

Ethos will be released as open source. We are targetting MinimaLT, a secure network protocol, as our first release. MinimaLT is developed within Ethos, and will be ported to POSIX. We intend to release a research prototype in the Spring Semester, followed by a production code.

Help Wanted!

We are looking for help to build Ethos and its ecosystem, including

  • kernel hackers to build the Ethos kernel;
  • compiler/programming language people to build new languages and better tool chains;
  • systems people to help build the user space components and abstractions;
  • application people to build the next generation of innovative and secure applications

We are looking for both open source developers and students.

  • Since our new network protocol, MinimaLT has been described, we've begun to work with open source developers.
  • Amongst students, PhD students are preferred, although we have had valuable contributions from BS, MS, and PhD student. If you are a superb student, consider coming to UIC to work on Ethos and get a degree.

We are also would appreciate and acknowledge financial sponsorship, see donations. Sponsorship would help speed release of project.

Project history

In 2007, we set out to build an operating system which would give rise to far more secure systems than are available today. The genesis for this work was a 2006 panel at Computer and Communications Security (CCS) on botnets. It became clear that our computing base has been broadly compromised by attackers. These attackers are professional, highly skilled, and in it for the money. The operate overseas, beyond the reach of their victim's national law enforcement and are largely anonymous.

In the war against these attackers we have clearly lost, each year we fall further behind. Its time to change the rules of the game.

Ethos is our answer to this threat. Ethos means "gathering place" and the "characteristics or virtues of a people". Our purpose is to build a system ("gathering place") in which more highly robust applications result ("characteristics or virtues"). We hope to craft an environment which will lead to a whole ecosystem which is more secure. In this goal, we are inspired by UNIX--which is far more than just an operating system--it also deeply influences user space.

Building an operating system is an enormous undertaking. It is estimated that even "free" operating systems such as Linux are amazingly costly, costing over one billion dollars. (Almost all this expense is in device drivers and multiple architectures.) Building sufficient applications is a far larger goal. This is one reason why new operating systems have been unsuccessful.

In addition, new operating systems face the application trap: there are no users for a system because there are no applications; and no one will write applications because there are no users.

The solution to both of these problems is Virtual Machines (VMs). Since VMs allow multiple OS to run on a computer, it is no longer necessary to choose one OS; multiple OSs can be used simultaneously. Hence, one significant application can justify running an OS. Second, the VM provides an abstract hardware architecture which is far simpler then the vast variety of computers extant. The drivers for the real hardware are provided by the VM. We are using Xen as our VM because we believe it is a good security architecture on which to build an OS.