Asterinas: A Linux ABI-Compatible, Rust-Based Framekernel OS with a Small and Sound TCB

TL;DR

Asterinas is a Linux ABI-compatible, Rust-based OS built with a minimal, sound TCB using a novel framekernel architecture and safe Rust, achieving Linux-like performance with enhanced safety.

Contribution

The paper introduces the framekernel architecture and OSTD framework, enabling safe Rust OS development with Linux ABI compatibility and minimal TCB.

Findings

Supports over 210 Linux system calls

Achieves Linux-level performance

Maintains a TCB of about 14% of the codebase

Abstract

How can one build a feature-rich, general-purpose, Rust-based operating system (OS) with a minimal and sound Trusted Computing Base (TCB) for memory safety? Existing Rust-based OSes fall short due to their improper use of unsafe Rust in kernel development. To address this challenge, we propose a novel OS architecture called framekernel that realizes Rust's full potential to achieve intra-kernel privilege separation, ensuring TCB minimality and soundness. We present OSTD, a streamlined framework for safe Rust OS development, and Asterinas, a Linux ABI-compatible framekernel OS implemented entirely in safe Rust using OSTD. Supporting over 210 Linux system calls, Asterinas delivers performance on par with Linux, while maintaining a minimized, memory-safety TCB of only about 14.0% of the codebase. These results underscore the practicality and benefits of the framekernel architecture in building safe and efficient OSes.