DOCSLIB.ORG

Security Analysis and !Enhancements of Computer Operati Ng Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

If you have issues viewing or accessing this file contact us at NCJRS.gov. U.S. DEPARTMENT OF COMMERCE " 1="""""--~-""""'~":""""~"- "'''"n'''''''~ ,-.-"'- ''''''''=~'''-='1 National Technical Information Service 1 {,t,ll, 1:"1 ~ d<:: .... !" '1,~, *"'~~ T:"'~~ ;t'il .,-'po, r" ~ ~.",.. ,-! ~ ,f;..-:; ,'I • "rt, "',. ," ,... :.... l\ ~: , ... 1(" f.,.; I ~!~~r~j ~j ,,~~., (.;", -:~;, t,l" b , • .: : .. ': :',.:1 [ PB-257 087 I p;=a!ilO'tt.at#.~~~:,"'.=c.=~~~=-,.:.~~· [\ ~ Security Analysis and !Enhancements of Computer Operati ng Systems California University ~-.. '-~--' . ! 'NcJRS 1 ~~J\R 3 0 ~9ri Prepared for National Bureau of Standards, Washington, D C Inst for Computer Sciences and Technology Apr 76 ! \) o j 257 '= PB IB3m~rrr'. ~~JLl1mlE.~• . ' 0 FRO:,1 NATIONAL TeCHNICAL ,INFORMATION ~~WiCE, Product Uablllty Insurance: Assellment of Related i for t~~ ASS, estine,nt Df 'O~8an Outfalls .' " Probfeml3.'nd ISlues.Steff Study liJ) ADP::t')235,14(PAT 34 P PC$4.00/MF$3.00 i;.,:::,;"PB-252 2t14/PAT 181 P PC$9.50/MF$3.00~ 'Gul~~lInes fOr Documentation of Computer Pro- ~,. EvalUation of Home Solar Heating System granls and Automated Data Systems " UCRL-51 711t~AT 154 P PC$6.75/MF$3.00 PB-i~50 867/PAT 54 P PC$4.50/ME=$3;OO :~ny~g$ ~&lld Developing Noise Exposure C~>ntours for General II , ,. AVJation Airp,prts ,,'NOlif Abatement for Stationary' Sources In Japan ADA-D23 429/PAT205 p', PC$7.75/MF$3.00 PB-!~50 586/PAT 116 pc PC$5.50/MF$3.00 of COtrFifU Cooling Tower Environment, 1974. Proceedlngsfjof (,' U.S\\ Coal Resourcei and RQsentes . ' c a Sympollum Held at the UWverslty of Maryland PB-~52 752/P. AT. 16 p PC$3.50/MF$3.00. " ~~@M~ Adult Education Center on 'Mar. W, 1974 II ""= ..... CONF-140302/PAT 648 p PC$13.60/MF$3.00 Structured Programming Series. Vol. XI. Estil'naHg ,Software Project Resource Requirements >' . ..'C Biological Servlcei Program. Fiscal Year 1975 ADA-D16 416/PAT 70 cp PC$4.50/MF$3.00 .' P6-251 738/PAT 52 P f>C$4.50/MF$3.00 " " II of a· Singh! Family· Residence Solar An Ailas ,of Radlallon Histopathology Assess,~ent' d TIOw26-676/PAi 234 p PC$7.60/MF$3.00 Heating System In a Suburban Development Salting PB-246 141JPAT 244 P PC$8.0Q/MF$3.00 . r:.lderal Funding of Civilian (F,tesearch 8ndDevelop­ Q mint. Vol. 1. Summary Technical and, Economic Study of an Un~erground PB-251 266/PAT 61 p PC$4.5Q/MF$3.00 \) D Mining, RubbJlzatlo"""nd In "Situ Retorting System for Deep Oil Shale Deposits. Phase I Report Federal Funding Qf Civilian Research arid Develop- 0 PB-2ij9 3441 PAT 223p PC$7.75/MF$3.0Q Ment.Vol. 2:. Case Studies' "" " , , PB-251 683FPAT 336 P PC$10.00/Mr:$3.00 A Prelimil1aryForecast of ~nergy Consumption " Handbook on Aerosols ,Through 1985 TID-26-600/PAT 141 P PC$6.00/MF$3.00 pa..251 445/PAi 69 p PC$4.50/MF$3.00 , . a .' '1-10'W TO ORDER or your order 'Will be, manually flUed,.jr.t- "You Ir~ aisoplace your order by tele­ !~" t ", suring a delay. You can opt for airf!,Ulilphone or TELEX. The order desk number amvery for a $2.00 charge per itemP-lust is (703) "'557·46-50 and the TELEX nU'mber che!llc the Airmail Service box. If you're is 89·9405. When you indicate the method of pay- reatly pressed 1,01' time, call the NTIS Rush Whenever a foreian s~les price is ti0T Mento p1ea~ note if apun:hase order is not Order Service:; (703) 557-4700. For a specified in the !istinls. al~ foreilfl buyers accomJ:lllnied1 by payment, you will be ~illed $10.00 charge p~t item. your order will he Jnust add the folJowiq wrces to each or- ~an addltlon $$.00 ship an(l bill charge. And airmailed within 48 hoUrs. Or, you can ~r: $2.50 for tach paper COPY. ~i.5().·for please include the card expiration date :;vhen pick up your onter in the Washington In- tach microfiche; and SIO.OO £or ~ Pub- I!usina American ExpresS. (orm,ltioo Cerrter " Bookstore or at ouro lUbed.Search. " .' Normal delivery time takes three to five Sprinafield OperatiOftS. Center within 2<4 Thank you for your interest in NTIS. We ~ :~~:}~:::~::_:~n~~:~:~~_::~ ~~·::~~:~~~ .lI 'H__ __ ff ' _______ a q METHOD O~PA YMENT D ,""' o Charge my NTIS£ieposit accountno. ______-...,.._ SNAMEc __~ __~ ________________------- ___ ----- tl Purcha~e order no._""--_"..-___..__------- o Chclekenclosed for $ __---.,,----------.,.. ~.~. ----~----------------~--------.--~~------- o (.hargclo my American Express Card account number o ClTY. "STAT£, ZlP__ · -'--.-----';.,--------7i!2l1i:!'-' 01, I") II" II II lIt II 11 Card expiration l,Iate _______---:...---- " . Sijna1ure_....... ________------ " hem Number Paper" Copy ,M""evfiche" Unit {Price- o Airmail Service .. ,requested ~(PC) .'(MF) Clip and (Ollit to! H •• o (; 0. Q o· o Q 1 I ~ 1 ! i '8257087 I ,,) ( I U.S. OEPT. 01'" r.;OMM. l. PUBLICATION OR REPORT NO. 2. Govlt Acces\;ion 3. Recipient'.s Accessioll No. ! BIGLIOGRAP~lIC DATA No. ,! , ~BSIR... 76"'1041 ~ ij SHEET J It 4. TITLE AND SUBTlTLE S. Publication Date !l \\ ;j ,I" 1 I ) f..--!.A~'O:ril 12Z§ ~ t Secur,ity AnalysiS & Enhancements 6. Performing Orgariizl1ti\1n Code r ,I of dJmputer Operating Systems ! ii 7. AUTHOR(S) The RISOS P~Qj oct ., S. P~rIotming Orgaa. Report No. ,~; I La~rence Livermore Laooratorv (~; 9. PERFORMING ORGANIZATION NAME AND ADDRESS 10. Project/Task/Work Unit No. The RISOS Project 640.1112 11. Conml¢t/Grl1l1t No. \ Lawrence Livermore Laboratory '-'I Livermore, California 94550 12. Sponlloring Ot&a~h:ation Name and Complete Address (Street, City, State, ZIP) 13. Type"of Report /1( Peciod Covered ~ationa1 Bureau of Standards :, (, Department of Commerce Final "7/74-12/7:5 ,.; ~, liashington~ D.C. 20234 14. Sponsoring Agency G<fde is. SUPPu'~MENTARY NOTES I-____...... ___ ~ __~ ___~ _____._._'___"..;..;.. .... ·'.... ·~~l= _____.. -, __~~~. ,-" -- "--';;;.lI~.~. -~"""'''''''''''''''1'' 16. ABSTRACT (A 20(]...word ok' less factual BUmmDk'Y of mOllt sit1;nificant information. If docunwnt iJl¢ludes a si/1nificF.l(.il biblioSt'sphy Of litE::rsllqe survey. mention it here.) () The p1.'otection of computer resources. data of value, and indi'triclual privacy has mo~~vated a conce:rn for security of EDP. installations, especiaJl.1y of the operating systems. In this report , three commercial operating systems are analyzed and security enhancements suggested .'':, Because of the similarity of operating systems and their security proble.nm~ specific security flaws are formally classiHed accor:ding to a taxonomy developed here. This classification leads to a clearer understanding of «security flaws and aids in analyzing new systems.. o The discussions Gof security flaws and the security enhancel.nents " offer a starting reference for planning a securityinvesti~ation of an EDP installation's operating system. 17. liEY WORDS (six to twelve enfrHls; a(phab4tical order; capitall~e oMy the li'tsl I"Uer of the first key wotd Unless s proper name; separated by semicolons) " BBN... TENEX; IBM OS/360; operating system security; ~.~cur::lty flaws; software security; taxonomy of integrity flaws; UNlVAC 1100 Series OS lB. AVAILABILITY ~Unlimited 19. SECU.RIT~/fLASS '''''1~11. NO. OF PAGES (THIS REPORT) l o For OffiCial Distribution. Do Not Release to NTIS f) UNCL ASSIFll?:D . o Order From Sup. of Doc::., U,S. Government Printing Office 20. SECURITY ((j.ASS Washington. D.C. 20402, S.,p Cat. No. C13 . .. (THIS PAGE) .lKJ O;der From. NatiOl1;>.! Tec::.:hnic::rtJ Information Servi~e (NTIS) Springfield, Yirginianlil UNCLASSIFIED a I USCOMM-DC o 2~042.P74 Ii o & t o o If G II 1" 1 d . !i a ! i I ~,f I NBSIR 76·1041 SECURITY ANALYSIS AND ENHANCI;:MENTS OF COMPUTER OPERATING.,> SYSTEMS R. P. Abbott J. S. Chin J. E. DonneJley W. L. Konigsford S. Tckubo I( D. A. Webb jr The RISOS PJQject . Lawrence LIvermore Laboratory Livermore, California 94550 )) t t:' T. A. Linden, Editor ,7 I~~titute for ~omputer Sciences and Tech~OI09Y N~~al Bureau of .Standards 'I Was'hmgJon, D. C. 20234 o April 1976 Final Report i) " o o o o U.s. DEPARTMENT OF COMMERCE, Elliot L. Rief"ardson, Secretary ~). Jam~4'A~"B8ker. I'll. Under Secretary l'i .' Dr. Betsv Aocker-Jotmson. A,'ssistantSecretary faT Science and Technology " "';r I> o '.!.> NATIONAL BUREAU OF STANDARDS~Eme8t Ambler. Acting Director". .. ... 6 if .\\ /J (\ '"~ ____ ~':"' __,_~~""'_~v_~~._._of"l-""--""'_< _____':"~~."'':''''''~''''''''_~_· --,~ ... --~-~",~ ... ----.:--.--+::-~""'-~--~"--- 1l~ I \ This is one of a series of documentaprepared as part of a project on compt..'Pftr secu~;1ty and privacy at the Institute f~r Computer Sciences and Technology of the National Bureau of Standards. This docl...'lllent is intended primarily fCl~ uae by those who are responsible for managing arid operating government dat~ processing inota11ationa. It provides an understanding of the types of'security problems that arise 1n current computer operating systems, and it suggests ways 1n which the security , u of thelle operating sy.stems can be enhanced. The -:;locument may also be of use to: (1) those engaged in the development of computer ',security techniques, (2) the manufacturers of computer systems and software, and (3) those responsible,_~or mana&ing and operating computer systema in the private sector. This document concerns the security problelD8 that arise in computer operating systems. In order to develop a balanced set of security safeguards, one should use it in conjunction with ;;!ocuments that treat other specific aspects of the security problem.
Recommended publications
  • Getting Started Computing at the Al Lab by Christopher C. Stacy Abstract

    Getting Started Computing at the Al Lab by Christopher C. Stacy Abstract

    MASSACHUSETTS INSTITUTE OF TECHNOLOGY ARTIFICIAL INTELLI..IGENCE LABORATORY WORKING PAPER 235 7 September 1982 Getting Started Computing at the Al Lab by Christopher C. Stacy Abstract This document describes the computing facilities at the M.I.T. Artificial Intelligence Laboratory, and explains how to get started using them. It is intended as an orientation document for newcomers to the lab, and will be updated by the author from time to time. A.I. Laboratory Working Papers are produced for internal circulation. and may contain information that is, for example, too preliminary or too detailed for formal publication. It is not intended that they should be considered papers to which reference can be made in the literature. a MASACHUSETS INSTITUTE OF TECHNOLOGY 1982 Getting Started Table of Contents Page i Table of Contents 1. Introduction 1 1.1. Lisp Machines 2 1.2. Timesharing 3 1.3. Other Computers 3 1.3.1. Field Engineering 3 1.3.2. Vision and Robotics 3 1.3.3. Music 4 1,3.4. Altos 4 1.4. Output Peripherals 4 1.5. Other Machines 5 1.6. Terminals 5 2. Networks 7 2.1. The ARPAnet 7 2.2. The Chaosnet 7 2.3. Services 8 2.3.1. TELNET/SUPDUP 8 2.3.2. FTP 8 2.4. Mail 9 2.4.1. Processing Mail 9 2.4.2. Ettiquette 9 2.5. Mailing Lists 10 2.5.1. BBoards 11 2.6. Finger/Inquire 11 2.7. TIPs and TACs 12 2.7.1. ARPAnet TAC 12 2.7.2. Chaosnet TIP 13 3.
  • Access Control and Operating System

    Access Control and Operating System

    Outline (may not finish in one lecture) Access Control and Operating Access Control Concepts Secure OS System Security • Matrix, ACL, Capabilities • Methods for resisting • Multi-level security (MLS) stronger attacks OS Mechanisms Assurance • Multics • Orange Book, TCSEC John Mitchell – Ring structure • Common Criteria • Amoeba • Windows 2000 – Distributed, capabilities certification • Unix Some Limitations – File system, Setuid • Information flow • Windows • Covert channels – File system, Tokens, EFS • SE Linux – Role-based, Domain type enforcement Access control Access control matrix [Lampson] Common Assumption Objects • System knows who the user is File 1 File 2 File 3 … File n – User has entered a name and password, or other info • Access requests pass through gatekeeper User 1 read write - - read – OS must be designed monitor cannot be bypassed User 2 write write write - - Reference Subjects monitor User 3 - - - read read User process ? Resource … User m read write read write read Decide whether user can apply operation to resource Two implementation concepts Capabilities Access control list (ACL) File 1 File 2 … Operating system concept • “… of the future and always will be …” • Store column of matrix User 1 read write - Examples with the resource User 2 write write - • Dennis and van Horn, MIT PDP-1 Timesharing Capability User 3 - - read • Hydra, StarOS, Intel iAPX 432, Eros, … • User holds a “ticket” for … • Amoeba: distributed, unforgeable tickets each resource User m read write write • Two variations References – store
  • Research Purpose Operating Systems – a Wide Survey

    Research Purpose Operating Systems – a Wide Survey

    GESJ: Computer Science and Telecommunications 2010|No.3(26) ISSN 1512-1232 RESEARCH PURPOSE OPERATING SYSTEMS – A WIDE SURVEY Pinaki Chakraborty School of Computer and Systems Sciences, Jawaharlal Nehru University, New Delhi – 110067, India. E-mail: [email protected] Abstract Operating systems constitute a class of vital software. A plethora of operating systems, of different types and developed by different manufacturers over the years, are available now. This paper concentrates on research purpose operating systems because many of them have high technological significance and they have been vividly documented in the research literature. Thirty-four academic and research purpose operating systems have been briefly reviewed in this paper. It was observed that the microkernel based architecture is being used widely to design research purpose operating systems. It was also noticed that object oriented operating systems are emerging as a promising option. Hence, the paper concludes by suggesting a study of the scope of microkernel based object oriented operating systems. Keywords: Operating system, research purpose operating system, object oriented operating system, microkernel 1. Introduction An operating system is a software that manages all the resources of a computer, both hardware and software, and provides an environment in which a user can execute programs in a convenient and efficient manner [1]. However, the principles and concepts used in the operating systems were not standardized in a day. In fact, operating systems have been evolving through the years [2]. There were no operating systems in the early computers. In those systems, every program required full hardware specification to execute correctly and perform each trivial task, and its own drivers for peripheral devices like card readers and line printers.
  • Storage Organization and Management in TENEX I. Introduction

    Storage Organization and Management in TENEX I. Introduction

    Storage Organization and Management in TENEX http://www.linique.com/dlm/tenex/fjcc72/ Storage Organization and Management in TENEX by Daniel L. Murphy Presented at the Fall Joint Computer Conference, 1972. Originally published in AFIPS Conference Proceedings Volume 41. I. Introduction In early 1969, BBN began an effort aimed at developing a new time-shared operating system. It was felt at the time that none of the commercially available systems could meet the needs of the research planned and in progress at BBN. The foremost requirement of the desired operating system was that it support a directly addressed process memory in which large list-processing computations could be performed. The cost of core storage prohibited the acquisition of sufficient memory for even one such process, and the problems of swapping such very large processes in a time-sharing environment made that solution technically infeasible as well. Paging was therefore the logical alternative, and our study and experience with list processing systems(1,2) led us to believe that using a demand-paged virtual memory system for such computations was a feasible approach. With demand paged process virtual memory added to our requirements, we found no existing system which could adequately meet our needs. Our approach was to take an existing system which was otherwise appropriate and add the necesary hardware to support paging. The system chosen was the DEC PDP-10 (3), which, although not paged, was available with a time-shared operating system and substantial support software. Consideration was given to modifying the existing PDP-10 operating system to support demand paging, but that approach was rejected because of the substantial amount of work which would be required, because of the inherent constraints imbedded in the architecture of any large system, and because development of a new operating system would allow the inclusion of a great many other features and facilities which were judged desirable.
  • NWG/RFC# 752 MRC 2-Jan-79 01:22 Nnnnn a Universal Host Table

    NWG/RFC# 752 MRC 2-Jan-79 01:22 Nnnnn a Universal Host Table

    NWG/RFC# 752 MRC 2-Jan-79 01:22 nnnnn A Universal Host Table Network Working Group Mark Crispin Request for Comments 752 SU-AI NIC nnnnn 2 January 1979 A Universal Host Table ABSTRACT: The network host table in use at MIT and Stanford is described. This host table is superior to the NIC and Tenex host tables in several ways. A binary file, compiled from this host table, is also described. This file is used by subsystems on MIT's ITS and Stanford's WAITS timesharing systems for efficiency in host and network lookups. HISTORY: As with many other sites on the Arpanet, we found the NIC's host table unsuited to our needs. Part of the problem was because the NIC host table was often inaccurate and all too often failed to include several nicknames in common usage in our communities. In addition, the NIC host table's format was awkward for user programs to use, especially those which wanted to have the host table mapped into memory in some sort of structured binary form for efficient lookups. Finally, the NIC host table neglects to include some essential information. The ITS host table was originally designed to be compiled along with a network handling program (MIDAS, the PDP-10 assembler used, has a pseudo-op to insert a file into an assembly). In order to make the host table palatable to the assembler, every comment line began with a semicolon, and every actual data line began with the word HOST. Each program which used the host table defined HOST as an assembly macro before inserting the host table into the assembly.
  • Engineering Strategy Overview Preliminary

    Engineering Strategy Overview Preliminary

    March 1982 Engineering Preliminary Strategy Company Overview Confidential If.-t8···· L..4L ~ \:')' j.~.! / .;.' ' 1985 1990 1995 2000 - P,O S SIB L E DEC PRO Due T S - $lJOO cellular radio net discontinouous.100 word ~ lim! ted context HANDHELD speaker independent speaker independent $1.0K speech recogn. • sketchpad , interpretation Glata structures , ' & relat~onsh~ps object filing natural languaqe (invisible, protected structures) $40K I CAB I NET I ,4 (dedicated fixture) ~~~n limited context [:~~~~e~ ~~~:~~i:ti~n ~ ak rind pendent • voice ~tuate~ retrieval spe ~ e _ .. • te1econferenc1ng center cont1nued speechlrecogn~tion " ;., encryption associa tiveJparallel a;;;'e'los (, ..j." .---~ provide CAtt= ASSISTANT -------...--- .. • LIBRARlj\N ~ ?ertified "best match" retrieval ~ (secure) os (holographic? ) $650K BD 1/15/81 PRELIMINARY ENGINEERING STRATEGY OVERVIEW MARCH lYtil SECONIJ IJRAFT PRELIMINARY ENGINEERING STRATEGY OVERVIEW TABLE OF CONTENTS ,Preface Chapter I fhe Product Strategy and Transitioning to the Fifth Generation - Product Strategy Overview - The Transitions - Personal Computer Clusters, PCC, Are An Alternative to Timeshared Computers - The Product Strategy - Fifth and Sixth Computer Technology Generations - Uistributed Processing and Limits to Its Growth Chapter II Essays on the Criteria for Allocation of Engineering Resources - Overview, - Heuristics for Building Great Products, - Proposed Resource Allocation Criteria - UEC's Position in the VAN - Buyout Philosophy/Process/Criteria - Example of a "Make vs Buy" Analysis - Engineering Investment Sieve Chapter III Essays on Strategic Threats and Opportunities - Uverview, - Strategic Threats - Getting Organized in Engineering and Manufacturing to Face Our Future Competitors p - View of Competitors ---~,.~".~.-~ l f;t-1) IPrT Co?"! v. 7U/L, / IJ ...J - Te-Iecommunications Environment ) ;2f e-c.. - Competitive TeChnology Exercise, ltv • Chapter IV TeChnology Managers Committee Report ,MC- .
  • Lisp: Program Is Data

    Lisp: Program Is Data

    LISP: PROGRAM IS DATA A HISTORICAL PERSPECTIVE ON MACLISP Jon L White Laboratory for Computer Science, M.I.T.* ABSTRACT For over 10 years, MACLISP has supported a variety of projects at M.I.T.'s Artificial Intelligence Laboratory, and the Laboratory for Computer Science (formerly Project MAC). During this time, there has been a continuing development of the MACLISP system, spurred in great measure by the needs of MACSYMAdevelopment. Herein are reported, in amosiac, historical style, the major features of the system. For each feature discussed, an attempt will be made to mention the year of initial development, andthe names of persons or projectsprimarily responsible for requiring, needing, or suggestingsuch features. INTRODUCTION In 1964,Greenblatt and others participated in thecheck-out phase of DigitalEquipment Corporation's new computer, the PDP-6. This machine had a number of innovative features that were thought to be ideal for the development of a list processing system, and thus it was very appropriate that thefirst working program actually run on thePDP-6 was anancestor of thecurrent MACLISP. This earlyLISP was patterned after the existing PDP-1 LISP (see reference l), and was produced by using the text editor and a mini-assembler on the PDP-1. That first PDP-6 finally found its way into M.I.T.'s ProjectMAC for use by theArtificial lntelligence group (the A.1. grouplater became the M.I.T. Artificial Intelligence Laboratory, and Project MAC became the Laboratory for Computer Science). By 1968, the PDP-6 wasrunning the Incompatible Time-sharing system, and was soon supplanted by the PDP-IO.Today, the KL-I 0, anadvanced version of thePDP-10, supports a variety of time sharing systems, most of which are capable of running a MACLISP.

  • Non Unix Family Tree and Timeline Version 0.3.2

    Non Unix family tree and Timeline Version 0.3.2 1958 FMS SOS 1958 Late 1950's Late 1950's 1960 1960 IBM 1410/1710 OS Early 1960's CTSS 1961-1962 1962 IBSYS PDP-1 OS 1962 Early 1960's 1962 SABRE 1962-64 EXEC I 1964 Tops-10 1.4 1964 1964 Early 1960's OS/360 Multics TOS (BOS, TOS,DOS) 1965 1965 EXEC II Early 1960's DOS CP-40 1966 (CP-67) Tops-10 1.9 MS/8 1966 1966 1966 1966 CAL BPS/360 CP/CMS Tops-10 2.18 Late 1960's ITS WAITS EXEC 3 Late 1960's 1967 1967 1967 1967 Late 1960's DOS/VSE 1968 PARS Tops-10 3.27 1968 1968 SCOPE TDOS 1968 Late 1960's EXEC 4 Late 1960's Late 1960's VMOS ACP v4 EXEC 8 OS/MFT Tops-10 4.50 ACP TENEX Unix Late 1960's 1969 1969 1969 1969 MSS 4.0 1969 Late 1960's Tops-10 4.72 10/1969 1969 MSS 5.0 1970 12/1969 1970 Tops-10 5.01 DOS/Batch 11 MSS 6.0 1970 1970 3/1970 MSS 7.0 3/1970 MSS 8.0 6/1970 1971 RSTS-11 1971 1971 Tops-10 5.02 Tape Scope 2 KRONOS 1971 OS/8 Early 1970's Early 1970's VS/9 Chios 1971 VM/CMS Earl 1970's Early 1970's 1972 OS/VS1 Tops-10 5.03 BKY 1972 1972 1972 Early 1970's Tops-10 5.04 5/1972? KI-TELNEX Tops-10 5.05 mid 1972 7/1972? Tops-10 5.06 1973 11/1972 1973 VSE RSX-11D 5/1973 RT-11 OS/12 Alto 7/1973 1973 OS/VS2 r1 1974 1974 MSS 22.0 1974 RSX-11M 1/1974 1974 Tops-10 5.07 Tops-10 6.01 MR 1.0 CP/M 1.0 5/1974 5/1974 6/1974 1974 OS/VS2 r2 7/1974 1975 1975 OS/VS2 MVS r3 3/1975 Tops-10 5.07A Tops-10 6.01A 5/1975 5/1975 CP/M 1.3 1976 Tops-10 6.02 1975 RSX-11M Plus 1976 Tops-20 1 MSS 28.0 1976 2/1976 2/1976 Tops-20 1A 4/1976 Tops-20 1B 10/1976 Tops-20 101B 12/1976 1977 1977 Tops-10 6.03 p-System I.0 3/1977
  • Mixed-Criticality Scheduling and Resource Sharing for High-Assurance Operating Systems

    Mixed-Criticality Scheduling and Resource Sharing for High-Assurance Operating Systems

    Mixed-Criticality Scheduling and Resource Sharing for High-Assurance Operating Systems Anna Lyons Submitted in fulfilment of the requirements for the degree of Doctor of Philosophy School of Computer Science and Engineering University of New South Wales Sydney, Australia September 2018 Abstract Criticality of a software system refers to the severity of the impact of a failure. In a high-criticality system, failure risks significant loss of life or damage to the environ- ment. In a low-criticality system, failure may risk a downgrade in user-experience. As criticality of a software system increases, so too does the cost and time to develop that software: raising the criticality also raises the assurance level, with the highest levels requiring extensive, expensive, independent certification. For modern cyber-physical systems, including autonomous aircraft and other vehicles, the traditional approach of isolating systems of different criticality by using completely separate physical hardware, is no longer practical, being both restrictive and inefficient. The result is mixed-criticality systems, where software applications with different criticalities execute on the same hardware. Sufficient mechanisms are required to ascertain that software in mixed-criticality systems is sufficiently isolated, otherwise, all software on that hardware is promoted to the highest criticality level, driving up costs to impractical levels. For mixed-criticality systems to be viable, both spatial and temporal isolation are required. Current aviation standards allow for mixed-criticality systems where temporal and spatial resources are strictly and statically partitioned in time and space, allowing some improvement over fully isolated hardware. However, further improvements are not only possible, but required for future innovation in cyber-physical systems.
  • The UNIX Time- Sharing System

    The UNIX Time- Sharing System

    1. Introduction There have been three versions of UNIX. The earliest version (circa 1969–70) ran on the Digital Equipment Cor- poration PDP-7 and -9 computers. The second version ran on the unprotected PDP-11/20 computer. This paper describes only the PDP-11/40 and /45 [l] system since it is The UNIX Time- more modern and many of the differences between it and older UNIX systems result from redesign of features found Sharing System to be deficient or lacking. Since PDP-11 UNIX became operational in February Dennis M. Ritchie and Ken Thompson 1971, about 40 installations have been put into service; they Bell Laboratories are generally smaller than the system described here. Most of them are engaged in applications such as the preparation and formatting of patent applications and other textual material, the collection and processing of trouble data from various switching machines within the Bell System, and recording and checking telephone service orders. Our own installation is used mainly for research in operating sys- tems, languages, computer networks, and other topics in computer science, and also for document preparation. UNIX is a general-purpose, multi-user, interactive Perhaps the most important achievement of UNIX is to operating system for the Digital Equipment Corpora- demonstrate that a powerful operating system for interac- tion PDP-11/40 and 11/45 computers. It offers a number tive use need not be expensive either in equipment or in of features seldom found even in larger operating sys- human effort: UNIX can run on hardware costing as little as tems, including: (1) a hierarchical file system incorpo- $40,000, and less than two man years were spent on the rating demountable volumes; (2) compatible file, device, main system software.
  • David Walden and Raymond Nickerson

    David Walden and Raymond Nickerson

    Chapter 18 Distributed Computing at BBN Network Computing Software Infrastructure and Distributed Applications from 1970-1995 Richard Schantz In this article we review highlights of the history of BBN and distributed computing from a number of different perspectives: early investigations, distributed systems infrastructure (later to be more commonly known as Middleware), and network-centric applications which utilized the emerging distributed systems capabilities in new and innovative ways, with lasting impact. 18.1 Introduction The innovations being pursued in the area of packet switching and inter-computer communications (see Chapter 17 on networking) spawned a simultaneous interest and investigation into how to utilize this emerging new data oriented communication capability. To complement its activities in pioneering network communications, from the earliest conception of the ARPANET and continuing to this day, BBN initiated and participated in a number of the leading edge, innovative activities aimed at delivering value from the increasing interconnectivity through network centric applications and by providing the network centric infrastructure needed to more easily build these types of applications (see also Chapter 19 on email and 20 relating to distributed simulation). We use the term “Distributed Computing” to loosely tie together these activities covering both advanced, higher levels of multi-host1 infrastructure and the innovative distributed applications themselves, and to distinguish it from the lower level capabilities (e.g.,
  • Operating System Verification—An Overview

    Operating System Verification—An Overview

    Sadhan¯ a¯ Vol. 34, Part 1, February 2009, pp. 27–69. © Printed in India Operating system verification—An overview GERWIN KLEIN Sydney Research Laboratory, NICTA,∗ Australia, School of Computer Science and Engineering, University of New South Wales, Sydney, Australia e-mail: [email protected] Abstract. This paper gives a high-level introduction to the topic of formal, interactive, machine-checked software verification in general, and the verification of operating systems code in particular. We survey the state of the art, the advantages and limitations of machine-checked code proofs, and describe two specific ongoing larger-scale verification projects in more detail. Keywords. Formal software verification; operating systems; theorem proving. 1. Introduction The fastest, cheapest and easiest way to build something is properly the first time (Parker 2007). This engineer’s credo has made it into popular literature, but it seems to be largely ignored in the world of software development. In the late 1960s a software crisis was diagnosed on a summit in the Bavarian Alps (Naur & Randell 1969): Software was getting more and more complex, and we had no structured way of building it. We ended up with projects that took significantly longer than planned, were more expensive than planned, delivered results that did not fully address customer needs, or at worst were useless. This summit in the late 1960s is widely seen as the birth of the discipline of software engineering. Now, almost 40 years later, we have come a long way. There are numerous books on software engineering, a plenitude of methodologies, programming languages, and processes to choose from.