Despite decades of research building secure operating systems, many deployed systems must still choose between flexible application APIs and security. As a result, the vast majority of programmers are unable to improve these systems. This is not merely a result of poor system building. It is hard to design highly extensible systems that are both secure and useful. Moreover, evaluating novel designs with actual developers is critical in order to make sure system builders can adopt research systems in practice.
Fortunately, in emerging application domains, such as the Internet of Things, there are no entrenched operating systems and application portability is less important. This makes it possible evaluate research techniques for building more secure and extensible systems with developers who are willing to adopt them.
I'll describe Tock, an operating system for microcontrollers that enables third-party developers to extend the system. Tock uses the Rust type-system to isolate kernel extensions and the hardware to isolate applications. I'll discuss how we continuously evaluate Tock by engaging with practitioners, and how lessons from practitioners have fed back into the system's design.
Amit Levy is a PhD candidate in Computer Science at Stanford University. He build secure operating system kernels, web platforms, and network systems thathelp make computers more programmable by third-party application developers.