Download - User-Centric Computing
![Page 1: User-Centric Computing](https://reader036.vdocument.in/reader036/viewer/2022062310/56815f6d550346895dce7508/html5/thumbnails/1.jpg)
User-Centric ComputingBryan Parno
Microsoft Research
JD Douceur Jon HowellJay Lorch James Mickens
![Page 2: User-Centric Computing](https://reader036.vdocument.in/reader036/viewer/2022062310/56815f6d550346895dce7508/html5/thumbnails/2.jpg)
2
Goal: Free users from all administrative tasks
Approach: Remove user’s ability to perform admin tasks
Examples: Problems:Install a program
Install a driver
Configure the firewall
Install malware
Install a rootkit
Create a hole in the firewall
![Page 3: User-Centric Computing](https://reader036.vdocument.in/reader036/viewer/2022062310/56815f6d550346895dce7508/html5/thumbnails/3.jpg)
3
Is This Acceptable?
User-CentricComputing
![Page 4: User-Centric Computing](https://reader036.vdocument.in/reader036/viewer/2022062310/56815f6d550346895dce7508/html5/thumbnails/4.jpg)
4
Ability/Control MismatchBubbleUp
Now with more bubbles!
• Full system control• Limited expertise
• High expertise in BubbleUp• No system control
Welcome to BubbleSoft!
![Page 5: User-Centric Computing](https://reader036.vdocument.in/reader036/viewer/2022062310/56815f6d550346895dce7508/html5/thumbnails/5.jpg)
5
Correct Alignment:
• Can make high-level decisions– Do I like BubbleSoft?– Do I want to share this picture with my coworkers?
• Can reliably present an experience to the user• Cannot be affected by other vendors’ decisions
User:
Vendor:
![Page 6: User-Centric Computing](https://reader036.vdocument.in/reader036/viewer/2022062310/56815f6d550346895dce7508/html5/thumbnails/6.jpg)
6
Foundations of User-Centric Computing
1. Strong Isolation + Minimal TCB
2. Disaggregation
3. “Protocol”-Based Communication
![Page 7: User-Centric Computing](https://reader036.vdocument.in/reader036/viewer/2022062310/56815f6d550346895dce7508/html5/thumbnails/7.jpg)
7
1) Strong Isolation + Minimal TCB
OS
App App…
Drivers Modules
Kernel
VendorVendor
KernelKernel
OS LoC
Windows NT 3.1 4-5 M
Windows NT 4.0 11-12M
Windows 2000 >29 M
Windows XP 40 M
Windows Server 2003 50 M
OS LoCLinux Kernel 2.6.0 5.2 M
Linux Kernel 2.6.29 11.0 M
Linux Kernel 2.6.32 12.6 M
VMM LoCXen – 2003 42 K
Xen – 2005 83 K
Xen – 2010 250 K
![Page 8: User-Centric Computing](https://reader036.vdocument.in/reader036/viewer/2022062310/56815f6d550346895dce7508/html5/thumbnails/8.jpg)
8
2) Disaggregation
VendorNetwork
File System
Windowing
Vendor3D Graphics
File System
Physics Lib
Ext4NTFSBlob Store IPC
![Page 9: User-Centric Computing](https://reader036.vdocument.in/reader036/viewer/2022062310/56815f6d550346895dce7508/html5/thumbnails/9.jpg)
9
3) “Protocol”-Based Communication
• All communication happens via network protocols
Kernel
VendorVendor
Key Point: No special privileges from being co-located!
![Page 10: User-Centric Computing](https://reader036.vdocument.in/reader036/viewer/2022062310/56815f6d550346895dce7508/html5/thumbnails/10.jpg)
10
User-Driven Sharing• Leverage existing delegation metaphors
• When querying user, questions should be:– Rare– Narrow in scope– User-meaningful
![Page 11: User-Centric Computing](https://reader036.vdocument.in/reader036/viewer/2022062310/56815f6d550346895dce7508/html5/thumbnails/11.jpg)
11
Conclusions• Removing a user’s admin powers can
improve security and usability
• Disaggregate and formalize communication to avoid TCB bloat
• Many questions remain, esp. regarding user-driven sharing
Thank [email protected]