Starting from the bottom, there is a micro-kernel running in privileged mode. In the de-privileged mode above some basic services provide the foundation for more advanced applications. Those basic services include a memory manager, a name server, a program loader and some more components. L4Linux utilizes those core services. By the way, the GUI you currently see is also a native service which is used by L4Linux for graphical interaction.
L4Linux can be used in different scenarios, among them:
The following pages will show some scenarios in more detail.
In this scenario two L4Linux instances are used to build a Virtual Private Network gateway. One L4Linux, the outer one, sends and receives data from the public interned while the inner L4Linux sends and receives data from the internal intra-net. The en- and decryption of the data stream is done by a small component that runs independent from the Linuxes and is the only path for communication and has a very low profile for attacks.
The Viaduct is a small component that only relies on a few other L4 components. It is therefore quite easy to understand and audit. An attacker may take over the outer Linux but has very little chances to corrupt either the Viaduct or the inner Linux. Its trusted computing base (TCB) is small compared to the code involved when placing the encryption component into a conventional legacy operating system.
The code reused from the legacy operating system are mainly the network card driver and the networking software, namely the TCP/IP stack.
L4Linux can be started multiple times and thus run several virtual machines in parallel on one physical machine. Depending on the needs an L4Linux instance may be granted access to the physical hardware of the machine, relaying device access for the other instances. Hardware access may also be implemented by specialized L4 components.
In this example the L4 driver may be a network server which handles all network traffic for the virtual machines. The device L4Linux may have an IDE driver compiled in and accesses the disk on behalf of the green L4Linux instances. Disk virtualization will then be done in the device L4Linux. The green instances without hardware access need to have device drivers that talk to the corresponding servers. For example, there needs to be a virtual disk driver in the green L4Linux-es that talks to the device Linux. Such a driver is usually called "stub driver".
The simplest way to run L4Linux is to use a hardware independent setup as it is done for this demo.
This demo boots up an L4Linux with a simple and small RAM disk, it will not touch the disks in the host system. The RAM disk is small and only contains a very basic set of programs. For a demo with a more complete user land, please refer to the other setups.
By clicking here (in the Demo-CD version of this document) a new window should come up, showing the Tux in the left upper corner and the familiar Linux boot up scrolling. A shell prompt should appear shortly after that.
Click into the window with your mouse to enter commands.
In the window you can switch virtual Linux console with Alt-F2, Alt-F3 and so on, as usual.
To close the virtual machine, just issue "halt" and the machine will shut down and the window will close. All resources will be freed.
Running Multiple Instances of L4Linux
There is nothing special about running multiple instances of L4Linux. Just start another copy (in the Demo-CD version of this document), and another one (in the Demo-CD version of this document)...
If no more resources like free memory are available no more instances will appear. Just shut down a currently running instance and you should be able to start another one.
Reboot the machine
Click here (in the Demo-CD version of this document) to reboot your machine.