Despite decades of research building secure operating sys-tems, many deployed systems must still choose between flexible application APIs and security. As a result, the vast majority of programmers are unable to improve these sys-tems. This is not merely a result of poor system building. It is hard to design highly extensible systems that are both secure and useful. Moreover, evaluating novel designs with actual developers is critical in order to make sure system builders can adopt research systems in practice.
Fortunately, in emerging application domains, such as the Internet of Things, there are no entrenched operating systems and application portability is less important. This makes it possible evaluate research techniques for building more secure and extensible systems with developers who are willing to adopt them.
This talk will describe Tock, an operating system for micro-controllers that enables third-party developers to extend the system. Tock uses the Rust type-system to isolate kernel extensions and the hardware to isolate applications. This talk will discuss how we continuously evaluate Tock by engaging with practitioners, and how lessons from practi-tioners have fed back into the system’s design.