Researchers at the University of Illinois at Chicago have received a $1.15 million grant from the National Science Foundation to build a new computer operating system based on virtual machines and the concept of isolation.
The new OS project, called Ethos, is the brainchild of UIC associate professor Jon A. Solworth (left) an associate professor in UIC’s department of computer science. Daniel Bernstein, the noted cryptographer behind djbdns, is helping to secure the operating system.
Ethos, which is billed as an OS based on the Xen hypervisor, is being created with security as the trump card. At its core, the new OS will run on VMs that run one or more operating systems together, like Windows and Mac.
Older applications written for those OS systems where security is not a big issue, like games, will continue to work, but new OS like Ethos will simultaneously handle applications such as online banking and other sensitive business transactions as part of the evolution to tomorrow’s more secure operating systems.
Solworth explains a bit more:
Since VMs allow multiple OS to run on a computer, it is no longer necessary to choose one OS; multiple OSs can be used simultaneously. Hence, one significant application can justify running an OS. Second, the VM provides an abstract hardware architecture which is far simpler then the vast variety of computers extant. The drivers for the real hardware are provided by the VM. We are using Xen as our VM because we believe it is a good security architecture on which to build an OS.
Solworth’s group is now looking for kernel hackers to help build out the architecture.
[ SEE: Researcher Releases ‘Qubes’ Hardened OS ]
The news of funding for Ethos comes just days after virtualization security specialist and renowned rootkit researcher Joanna Rutkowska released an early version of Qubes, a new open-source operating system based on Xen, X Window System, and Linux.
Qubes OS relies on virtualization to separate applications running on the OS and also places many of the system-level components in sandboxes to prevent them from affecting each other.
The Qubes OS architecture is described in this PDF document.