# Asterinas OS: Breaking the OS Kernel Performance–Security Trade-off
**Date:** 2025-10-31
**Location:** Jiangsu
A **safer**, **more efficient**, and **more universal** OS kernel design is emerging — and it just received top global recognition.
At **SOSP 2025** — known as the *"Olympics"* of computer systems — the open-source Chinese OS **Asterinas** won the **Best Paper Award** for its research on **highly scalable memory management**. Only three papers receive such honors, making the recognition especially significant.
Founded in 1967, **SOSP** stands alongside **OSDI** as one of the two most prestigious operating systems conferences. In a field often considered "mature" with little room for fundamental breakthroughs, Asterinas’s work challenges that perception.
The winning paper — *CortenMM: Efficient Memory Management with Strong Correctness Guarantees* — does more than solve a technical puzzle. It **validates a completely new OS architecture**: the **Framekernel**, forming the foundation of Asterinas OS.
---
## 1. The Classic OS Design Dilemma
For decades, OS kernel engineers have wrestled with a **performance vs. security** trade-off.
### 1.1 Monolithic Kernels: High Performance, Lower Security
- **Examples:** Linux, Windows
- **Design:** Run *all* OS services (process management, file systems, drivers) in **kernel mode**
- **Strength:** Very **fast** due to internal function calls
- **Weakness:** Large kernel code bases (tens of millions of C/C++ lines) lead to inevitable security flaws
→ Around **70% of critical vulnerabilities** involve memory safety issues
→ Example: In July 2024, a faulty CrowdStrike driver caused **global Windows BSODs**
### 1.2 Microkernels: High Security, Lower Performance
- **Examples:** seL4, Zircon
- **Design:** Minimal kernel mode code — isolates most services to **user mode**
- **Strength:** Smaller **Trusted Computing Base (TCB)**; fewer memory-unsafe execution paths
- **Weakness:** Lots of **IPC overhead** → performance hit
### 1.3 Partial Solutions (Still Flawed)
- **Sandboxing:** gVisor, but with major performance costs
- **Detection Tools:** KASAN — helps but doesn’t remove fundamental risks
---
## 2. Asterinas OS’s Answer — The Framekernel
The team leveraged **Rust’s memory safety** to design **Framekernel** — aiming for:
> **Monolithic-level performance + Microkernel-level safety**
**Core Concept:** Keep *all* code in kernel mode for speed but **isolate risk** with two internal layers.
### 2.1 Layer 1 — OS Framework (Privileged)
- **Only part** allowed to contain `unsafe` Rust or C
- Encapsulates:
- Hardware and MMU control
- Register-level operations
- **Minimal by design** to shrink attack surface
- Exposes **safe APIs** to the next layer
### 2.2 Layer 2 — OS Services (De-privileged)
- Implements:
- File systems
- Network stacks
- Process management
- Writes **only in Safe Rust**
- Cannot call `unsafe` directly — only **through OS Framework APIs**
---
### Benefits of Framekernel
**Security Gains:**
- Shrinks **TCB** to ~30% of non-critical code size (and grows slower than non-TCB code)
- Lower proportion of memory-unsafe code as the kernel evolves
**Performance Gains:**
- Both layers reside in kernel mode → function-call speed
- Avoids IPC slowdowns seen in microkernels
---
## 3. CortenMM — The Award-Winning Milestone
Within Framekernel, **CortenMM** rethinks OS memory management.
### 3.1 Problem with Traditional Designs
- Linux retains a **software abstraction layer** for MMU differences → But modern architectures (x86, ARM, RISC-V) are now similar.
- This legacy abstraction:
- Adds synchronization overhead (slower performance)
- Introduces concurrency vulnerabilities (security risk)
### 3.2 CortenMM Innovations
- Removes redundant software abstraction → direct hardware interface
- Single-layer abstraction increases efficiency
- Uses a **transactional API** and **formal verification** (Verus) to guarantee correctness
### 3.3 Results
1. **Performance:** Up to **26× faster** than Linux in real applications
2. **Safety:** Mathematical proof of core concurrency correctness — eliminating whole classes of bugs
---
## 4. The "Moonshot" Spirit
Dr. Tian Hongliang, founder of Asterinas/StarZhan OS, emphasizes:
- Desire to create a **Chinese-led OS kernel**
- Backed by **Ant Group** — freedom to focus on correctness and safety over short-term monetization
- Joint effort with:
- Zhongguancun Laboratory
- Peking University
- Southern University of Science and Technology
---
## 5. Leveraging the "Latecomer Advantage"
**Rust** is the team's generational opportunity:
- **All-in Rust** from day one (2022)
- Avoids the **legacy C baggage** Linux/Windows face integrating Rust
- Architecturally leverages **Rust’s type safety & borrow checking** for kernel design
---
## 6. Roadmap — Long-termism
### Phase 1 (Cloud Era)
- By 2026: Data centers, confidential computing
- By 2028: Partial Linux replacement in critical security scenarios
### Phase 2 (Ubiquitous Era)
- By 2029–2030: Expansion into safety-critical intelligent systems
---
## 7. Current Performance & Compatibility
- **LMbench benchmark:** 1.05× Linux performance (with higher safety)
- **Binary compatibility:** Supports x86 & RISC-V, 220+ Linux syscalls; runs nginx, redis
- **Open-source:** 3,700+ GitHub stars; featured on HackerNews, LWN
---
## 8. Conclusion — Toward an Auditable White Box OS
Asterinas/StarZhan OS transforms the kernel from an **opaque black box** into an **auditable white box**:
- Balances **performance** and **security**
- Offers an **open-source template** for future trusted computing platforms
---
### Related: AI-Driven Content and Open Technology
Platforms like [AiToEarn官网](https://aitoearn.ai/) mirror these principles — integrating:
- **AI-assisted creation**
- **Multi-platform publishing** (Douyin, Kwai, WeChat, Bilibili, LinkedIn, YouTube, X)
- **Analytics & ranking**
They enable innovators to scale ideas like Framekernel globally.
---
**References:**
[Read Original](2247824620)
[Open in WeChat](https://wechat2rss.bestblogs.dev/link-proxy/?k=a40e9636&r=1&u=https%3A%2F%2Fmp.weixin.qq.com%2Fs%3F__biz%3DMzkzMDY1NDgyOQ%3D%3D%26mid%3D2247824620%26idx%3D2%26sn%3Dd076b4af0094c278efb913fbb45082c7)
