The L4Re microkernel uses an evolved L4 microkernel interface based on object capabilities. The microkernel manages and protects capabilities as object references with virtual (protection-domain-local) names. L4Re microkernel and runtime environment constitute a seamless capability system that names all (kernel and userspace-implemented) objects and resources and provides a uniform and secure access method for them (invoke system call).
The L4Re Microkernel serves as the heart of the L4Re system and functions as a microhypervisor, separation kernel, and real-time microkernel. It implements only those mechanisms that need to reside in the CPU’s privileged mode: address spaces, threads, and inter-process communication. All other operating-system components, including all device drivers and access policies, are implemented in user-mode application programs or encapsulated in virtual machines.
Unlike traditional L4 kernels, the L4Re microkernel provides access control (through local naming) and security enhancements aimed at preventing resource exhaustion.
The L4Re microkernel supports various modern hardware platforms with
ARM, MIPS, and x86 CPUs (32 and 64 bits), multicore and SMP multiprocessing, and hardware virtualization.
• 3rd-generation, minimal, security-centric real-time microkernel
• Supports both static and dynamic system designs
• Supports open, yet confined, systems with user-installed apps
• Access control and uniform resource access with kernel-protected object capabilities
• Device drivers and VMMs are untrusted user-level components
• Open-source code builds trust, allows custom development, and eases evaluations
Visit us: https://github.com/kernkonzept