The contributions of this paper are:
1. A case for isolation kernels, an OS structure for isolating untrusted software services;
2. A set of design principles for isolation kernels, arguing for a VMM-like structure, but with strategic modifications to the virtual architecture for scalability, performance, and simplicity;
3. The design, implementation, and evaluation of the Denali
isolation kernel, focusing on the challenges of scale, and
demonstrating that Denali can scale to over 10,000 VMs on commodity
hardware.
The rest of this paper is organized as follows. In
Section 2, we describe the various classes of
applications we hope to enable, and derive design principles of
isolation kernels. Section 3 discusses the
design and implementation of the Denali isolation kernel. In
Section 4, we evaluate our implementation, focusing on
issues of scale. We compare Denali to related work in
Section 5, and we conclude in Section 6.