Exokernel: an operating system architecture for application-level
Dawson R. Engler, M. Frans Kaashoek and James O’Toole Jr.
M.I.T. Laboratory for Computer Science
Cambridge, MA 02139
March 24, 1995
We describe an operating system architecture that securely
multiplexes machine resources while permitting an unprece-
dented degree of application-specific customization of tradi-
tional operating system abstractions. By abstracting physical
hardware resources, traditional operating systems have sig-
nificantly limited the performance, flexibility, and function-
ality of applications.
The exokernel architecture removes
these limitations by allowing untrusted software to imple-
ment traditional operating system abstractions entirely at
We have implemented a prototype exokernel-based sys-
tem that includes Aegis, an exokernel, and ExOS, an un-
trusted application-level operating system.
the low-level interface to machine resources.
can allocate and use machine resources, efficiently handle
events, and participate in resource revocation.
ments show that most primitive Aegis operations are 10–100
times faster than Ultrix,a mature monolithic UNIX operating
ExOS implements processes, virtual memory, and
inter-process communication abstractions entirely within a
Measurements show that ExOS’s application-level
virtual memory and IPC primitives are 5–50 times faster
than Ultrix’s primitives. These results demonstrate that the
exokernel operating system design is practical and offers an
excellent combination of performance and flexibility.
Operating systems define the interface between applications
and physical resources.
Unfortunately, this interface can
significantly limit the performance and implementation free-
dom of applications.
This problem arises because the op-
erating system abstracts the details of hardware resources
to provide a more portable and more full-featured interface
than is directly implemented by the hardware. The end result
of such a full-featured interface is an approach to resource
This work was supported in part by the Advanced Research Projects
Agency under contracts N00014-94-1-0985 and by a NSF National Young
management that is strongly centralized. Centralized man-
agement can conflict with application needs, limiting both
performance and flexibility. We believe these problems can
be solved through distributed,
management. To this end, we have designed a kernel that se-
curely multiplexes machine resources and permits traditional
operation system abstractions to be implemented efficiently
at application-level, so that they can easily be extended, spe-
cialized, or even replaced.
Traditionally, operating systems hide information about