The theoretical advantages of kernel security check failure – systems are the consequence of using the service-protected mode that accompanies the micro-kernel. Indeed, by placing the services in the user space, they benefit from the protection of the memory. The stability of the assembly is improved: an error of a protected mode service has little effect on the stability of the whole machine
In addition, by reducing the possibilities for services to be able to intervene directly on the equipment, the security of the system is reinforced. The system also gains in configuration possibilities. Thus, only useful services must actually be started at startup. The interdependencies between the different services are weak. Adding or removing a service does not disrupt the entire system. The complexity of the whole is reduced.
The development of akernel security check failure system is also simplified by taking advantage of both memory protection and low interdependence between services. Errors caused by user-mode applications are handled more simply than in kernel mode and do not jeopardize the overall stability of the system. The intervention on a faulty feature consists in stopping the old service and then launching the new one, without having to restart the entire machine.
Micro-nuclei have another advantage: they are much more compact than monolithic nuclei. 6 million lines of code for the kernel security check failure against typically less than 50,000 lines for micro-kernels. The maintenance of the code executed in kernel mode is thus simplified. The reduced number of lines of code can increase the portability of the system.
The first micro-nuclei (like Mach ) did not immediately reach these theoretical advantages. The use of many services in the user space creates the following two problems:
Most services are outside the kernel and generate a very large number of system calls;
Inter-Service Communication Interfaces ( IPCs ) are complex and too time-consuming.
The large number of system calls and the underlying communication is an inherent flaw in the design of micro-cores. In L4 , it has been solved by placing even more services in user space. The speed of processing CPIs could be improved by simplifying communications to a minimum, for example by removing any permission checks, leaving this to external servers.
These radical changes have achieved good performance but they must not forget that a micro-kernel must be accompanied by a large number of services to provide functionality equivalent to that of monolithic cores. In addition, the great freedom of services in terms of security and memory management increases the difficulty and time of their development (they must provide their own interfaces).
Example of micro-kernel associations – rich kernels – operating system (OS)
The term “hybrid nuclei” refers primarily to nuclei that incorporate concepts of both monolithic nuclei and micro-nuclei to combine the advantages of both.
When, in the early 1990s , developers and designers realized the weaknesses of the first micro-cores, some reintegrated various non-core features in the kernel security check failure to gain performance. The “pure” micro-nuclei seemed doomed to failure.
While the general philosophy of the micro-kernel systems is maintained (only the fundamental functions are in the kernel space), some non-critical functions, but very generating system calls, are reintegrated into the kernel space. This compromise significantly improves performance by retaining many properties of micro-core systems. An example of this type of hybrid kernel is the kernel XNU of Mac OS X . It is based on the Mach 3.0 micro-kernel , but includes BSD monolithic kernel code within the kernel space.
This name is also used to designate other types of cores, including monolithic nuclei on micro-cores (real time or not) such as L4Linux (Linux on L4), MkLinux (the Linux kernel on Mach), Adeos , RTLinux and RTAI .
More rarely, we can meet the term “hybrid nucleus” to improperly replace “modular monolithic nucleus” or “enriched micro-nucleus” .