Increasingly, substantial data path processing is happening on devices within the network. At or near the edges of the network, data rates are low enough that commodity workstations may be used to process packet flows. However, the operating systems such machines use are not suited to the needs of data-driven processing. This dissertation shows why this is a problem, how current work fails to address it, and proposes a new approach. The principal problem is that crosstalk occurs in the processing of different data flows when they contend for a shared resource and their accesses to this resource are not scheduled appropriately; typically the shared resource is located in a server process. Previous work on vertically structured operating systems reduces the need for such shared servers by making applications responsible for performing as much of their own processing as possible, protecting and multiplexing devices at the lowest level consistent with allowing untrusted user access.

However, shared servers remain on the data path in two circumstances: firstly, dumb network adaptors need non-trivial processing to allow safe access by untrusted user applications. Secondly, shared servers are needed wherever trusted code must be executed for security reasons. This dissertation presents the design and implementation of Expert, an operating system which avoids crosstalk by removing the need for such servers. This dissertation describes how Expert handles dumb network adaptors to enable applications to access them via a low-level interface which is cheap to implement in the kernel, and retains application responsibility for the work involved in running a network stack. Expert further reduces the need for application-level shared servers by introducing paths which can trap into protected modules of code to perform actions which would otherwise have to be implemented within a server.

Expert allows traditional compute-bound tasks to be freely mixed with these I/O-driven paths in a single system, and schedules them in a unified manner. This allows the processing performed in a network element to be resource controlled, both for background processing tasks such as statistics gathering, and for data path processing such as encryption.