DOCSLIB.ORG

P-1935-J-Conc-Biblio

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

5.0 Conclusions The intent of this document has been: (1) to provide a comprehensive overview of the important properties of traditional capability-based systems, (2) to point out the advantages and deficiencies of such systems with regard to the NCSC [TCSEC83] requirements, (3) to outline some possible approaches for the elimination of such deficiencies, and (4) to compare the properties of such systems to those of descriptor-based systems (with which the computer security community has been somewhat more familiar). Thus, this document can be used as a background document by both evaluators and designers of capability-based systems. 'In both cases, the reader should make use of the references provided in this document in order to help him understand some of its more subtle conclusions. [For the readers with special research and/or development interests in this area, an extensive bibliography is also provided as an appendix to this paper.] The research work necessary for this paper has led to the following findings. First, the notion of a "traditional" capability-based system can be defined based on a set of properties which are common to many capability-based systems. These properties are found in the areas of capability-based addressing and protection, and they support a number of general security and integrity policies. The discussion of the set of common properties has been essential to the investigation of the TCSEC impact on traditional capability systems. Without such a defmition, the impact and corresponding analysis would be questionable at best, because no general conclusions could be drawn from individual case studies. Second, traditional capability-based systems prevent the implementation of security policy and accountability as required by the TCSEC, and make some aspects of trusted facility management and recovery more difficult than those of other systems. However, tl}ereare extensions (to what is defmed as traditional capability-based systems) that have been proposed for, and implemented in, experimental systems which allow the support of security policies and accountability mechanisms similar to those of TCSEC. All such extensions are well within the limits of present-day technology. This suggests that one cannot rule out a priori a system based on capabilities from environments where the requirements of the TCSEC are important. Careful analysis of such systems must be performed to determine that the problems presented above have indeed been solved. Third, there are advantages and disadvantages of capability-based systems in comparison with descriptor-based systems. Such a comparison is important to the understanding of the fundamental and technological advantages and disadvantages of traditional capability-based systems. The results of such a comparison are easily derived from the discussion of the previous sections. Descriptor-based systems are superior to traditional capability-based systems in support of DoD policies and accountability. Traditional capability-based systems appear superior to descriptor-based systems from the point of view of support for operating system architecture and stnicturing because of their support for protection domains. However, one must note that the additional mechanisms for the support of protection domains in descriptor-based systems are well within the present-day technology. Similarly, extensions to traditional capability systems are possible to alleviate some of their fundamental problems with discretionary and mandatory policy, and with audit. 71 References Almes78 Almes, G. and G. Robertson, "An Extensible File System for HYDRA", Proceedings of the 3rd International Conference on Software Engineering, Atlanta, Georgia, (May 1978),288-294. Be1l76 . Bell, D. E. and L. J. LaPadu1a,"Secure Computer Systems: Unified Exposition andMULTICS Interpretation", Mitre Corporation, No. MTR-2997, Revision 1, (March 1976). Benze184 Benze1-Vickers, T., "Overview of the SCOl\1PArchitecture and Security Mechanisms", Technical Report (Draft), MITRE-9071, (September 1984). Birre180 BiITe1,A. D. and R. M. Needham, "A Universal File Server", IEEE Transactions on Software Engineering, (September 1980),450-453. Bishop77 Bishop, P. B., "Computer Systems With a Very Large Address Space and Garbage Collection", Ph.D. Thesis, Massachusetts Institute ofTechno1ogy (available as MIT LCS TR-178), (May 1977). Boebert82 Boebert, E., "Random Notes", Proceedings of the Workshop on Implementing DoD Multilevel Security Policy on Capability-Based Operating Systems, Mitre TR., M 83-17 (restricted distribution), (October 1982). Buckingham81 Buckingham, B. R. S., "The SWARD Command Language (CLISWARD)", IBM Systems Research Institute, TR-73-011, New York, NY, (February 1981). Burroughs78 Burroughs Corp., "B6800 System Reference Manual", Order Form No. 5001290, Detroit, Mich., (1978). Burroughs82 Burroughs Corp., "B6700 Information Processing Systems - Reference Manual", Order Form No. 1058633, Detroit, Mich., (1982). 73 Carnall78 Carnall, J. J., "Detail Specification Part I of n for the Security Protection Module I' (SPM)", Honeywell Inc., Aerospace Division, (May 1978). ~ Carnall79 Carnall, J. J., "Detail Specification Part n of n for the Security Protection Module (SPM)", Honeywell Inc., Aerospace Division, (March 1979). ~I I Chaum78 Chaum, D. L. and R. S. Fabry, "Implementing Capability-Based Protection Using Encryption", Univ. of California, Berkeley, Memo. UCB/ERLM78/46, (July 1978). CohenE74 Cohen, E., et. al., "HYDRA User's Manual", Internal Paper, Carnegie-Mellon University, (November 1974). CohenE75 . Cohen, E. and D. Jefferson, "Protection in the HYDRA Operating System", Proceedings of the Fifth Symposium on Operating Systems Principles, The University of Texas at Austin, (November 1975), 141-160. CohenF84 Cohen, F., "Computer Viruses", Proceedings of the Seventh DoDINBS Computer Security Conference, Gaithersburg, MD, (September 1984),240-263. Cook78a '" Cook, D. J., "The Evaluation of a Protection System", Ph.D. Thesis, Cambridge University Computer Laboratory, (April 1978). Cook78b Cook, D. J., "Measuring Memory Protection", Proceedings of the 3rdInternationai Conference on Software Engineering, Atlanta, Georgia, (May 1978),281-287. Cook78c Cook, D. J., "Measuring Memory Protection in the CAP Computer", Proceedings of the 2nd International Symposium on Operating Systems, IRIA, France, (October 1978). Cook79 Cook, D. J., "In Support of Domain Structure for Operating Systems", Proceedings of the 7th Symposium on Operating System Principles, Asilomar, California, (1979). 74 ~F Cosserat72 Cosserat, D. c., "A Capability Oriented Multi-Processor System for Real-Time Applications",Proceedings of theInternational Conference on Computer Communications, Washington, D.C., (October 1972), 282-289. Cosserat74 Cosserat, D. c., "A Data Model Based on the Capability Protection Mechanism", Proceedings of the International Workshop on "Protection in Operating Systems", INRIA, Rocquencourt, France, (August 1974). Cox82 . Cox, G., "Extensions to Support Policy", Proceedings of the Workshop on Implementing DoD Multilevel SecurityPolicy on Capability-BasedOperating Systems, Mitre TR., M 83-17 (restricted distribution), (October 1982). Dahlby82 Dahlby, S., "Security Features of System/38", Proceedings of the Workshop on Implementing DoD Multilevel SecurityPolicy on Capability-BasedOperating Systems, Mitre TR., M 83-17 (restricted distribution), (October 1982). DenningP76 Denning, P. J., "Fault-Tolerant Operating Systems", Computing Surveys, 8:4, . (December1976),359-389. Deutsch76 Deutsch, L. P. and D. G. Bobrow, "An Efficient Incremental, Automatic Garbage Collector", Communications of the ACM, 19, (September 1976), 522-526. t. Donne1i'80 bonnelley, J. E. and J.E. Fletcher, "Resource Access Control in a Network Operating System", Proceedings of ACM Pacific '80, Moon-Lith Press, Mountain View, CA, (1980), 115-125. England72a England, D. M., "Operating System of System 250", Proceedings of the International Switching Symposium, Boston, Massachusetts, (June 1972); 525- 529. England72b England, D. M., "Architectural Features of System 250", INFOTECH State of the Art Report on Operating Systems, (1972). 75 England74 England, D. M., "Capability Concept Mechanisms and Structure in System 250", Proceedings of the International Workshop on Protection in Operating Systems, IRIA, Paris, France, (August 1974), 63-82. -f- Fabry74 Fabry, R. S., "Capability-Based Addressing", Communications of the ACM, 17:7, (July 1974), 403-412. Feiertag77 Feiertag, R. J., K. N. Levitt and L. Robinson, "Proving Multilevel Security of a System Design", ACM SIGOPS Review, (November 1977),57-65. Feiertag79 Feierta~, R. J. and P. G. Neumann, "The Foundations of a Provably Secure Operating System", Proceedings of AFIPS NCC79, (1979), 329. Fenie74 . Ferrie, J., et al., "An Extensible Structure for Protected Systems Design", Proceedings of the International Workshop on Protection in Operating Systems, IRIA, Paris, France, (August 1974), 83-105. Galie75 Galie, L., R. Linder, and K. Wilson, "Security Analysis of the TI~ASC", Systems Development Corporation, Technical Memo, TM-WD-6505/000/00, (June 1975). Gligor76 Gli~or, y. D., "A Study of Extensible Architectures", Ph.D. Thesis, University of CalifornIa, Berkeley, California, (1976). Gligor77 Gligor, V. D., "Architectural Aspects of Type Extendability",Proceedings of Trends and Applications 1977: Computer Security and Integrity, NBS, Gaithersburg, Maryland, (May 1977). Gligor79a . if Gligor, V. D., "ArchitecturalImplications
Recommended publications
  • Object Management System Concepts: Supporting Integrated Office Workstation Applications

    Object Management System Concepts: Supporting Integrated Office Workstation Applications

    Object Management System Concepts: Supporting Integrated Office Workstation Applications by Stanley Benjamin Zdonik, Jr. S.B., Massachusetts Institute of Technology (1970) S.M., Massachusetts Institute of Technology (1980) E.E., Massachusetts Institute of Technology (1980) Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy at the Massachusetts Institute of Technology May 1983 © Massachusetts Institute of Technology 1983 Signature of Author............... .. ..... .... Department of Electric~l Eng~neering and Computer Science May 13, 1983 Certified by . .* .* .. Michael Hammer Thesis Supervisor Accepted . ...... .-.----4 p . Arthur C. Smith Chairman, Departmental Committee on Graduate Students Object Management System Concepts: Supporting Integrated Office Workstation Applications by Stanley B. Zdonik, Jr. Submitted to the Department of Electrical Engineering and Computer Science on May 13, 1983, in partial fulfillment of the requirements for the Degree of Doctor of Philosophy Abstract The capabilities of a system for storing and retrieving office style objects are described in this work. Traditional file systems provide facilities for the storage and retrieval of objects that are created in user programs, but the semantics of these objects are not available to the file system. Database management systems provide a means of describing the semantics of objects using a single basic paradigm, the record. This model is inadequate for describing the richer semantics of office objects. An object management system combines the advantages of both a file system and a database management system in that it can store arbitrarily defined programming language objects and at the same time maintain a high-level description of their meaning. This work presents a high-level model of data that can be used to describe office objects more effectively than data processing oriented models.
  • A VLSI Architecture for Enhancing Software Reliability Kanad Ghose Iowa State University

    A VLSI Architecture for Enhancing Software Reliability Kanad Ghose Iowa State University

    Iowa State University Capstones, Theses and Retrospective Theses and Dissertations Dissertations 1988 A VLSI architecture for enhancing software reliability Kanad Ghose Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/rtd Part of the Computer Sciences Commons Recommended Citation Ghose, Kanad, "A VLSI architecture for enhancing software reliability " (1988). Retrospective Theses and Dissertations. 9345. https://lib.dr.iastate.edu/rtd/9345 This Dissertation is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Retrospective Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. INFORMATION TO USERS The most advanced technology has been used to photo­ graph and reproduce this manuscript from the microfilm master. UMI films the original text directly from the copy submitted. Thus, some dissertation copies are in typewriter face, while others may be from a computer printer. In the unlikely event that the author did not send UMI a complete manuscript and there are missing pages, these will be noted. Also, if unauthorized copyrighted material had to be removed, a note will indicate the deletion. Oversize materials (e.g., maps, drawings, charts) are re­ produced by sectioning the original, beginning at the upper left-hand comer and continuing from left to right in equal sections with small overlaps. Each oversize page is available as one exposure on a standard 35 mm slide or as a 17" x 23" black and white photographic print for an additional charge.
  • SCALABLE CAPABILITY-BASED AUTHORIZATION for HIGH- PERFORMANCE PARALLEL FILE SYSTEMS Nicholas Mills Clemson University, Nlmills@G.Clemson.Edu

    SCALABLE CAPABILITY-BASED AUTHORIZATION for HIGH- PERFORMANCE PARALLEL FILE SYSTEMS Nicholas Mills Clemson University, [email protected]

    Clemson University TigerPrints All Theses Theses 5-2011 SCALABLE CAPABILITY-BASED AUTHORIZATION FOR HIGH- PERFORMANCE PARALLEL FILE SYSTEMS Nicholas Mills Clemson University, [email protected] Follow this and additional works at: https://tigerprints.clemson.edu/all_theses Part of the Computer Engineering Commons Recommended Citation Mills, Nicholas, "SCALABLE CAPABILITY-BASED AUTHORIZATION FOR HIGH-PERFORMANCE PARALLEL FILE SYSTEMS" (2011). All Theses. 1131. https://tigerprints.clemson.edu/all_theses/1131 This Thesis is brought to you for free and open access by the Theses at TigerPrints. It has been accepted for inclusion in All Theses by an authorized administrator of TigerPrints. For more information, please contact [email protected]. SCALABLE CAPABILITY-BASED AUTHORIZATION FOR HIGH-PERFORMANCE PARALLEL FILE SYSTEMS A Thesis Presented to the Graduate School of Clemson University In Partial Fulfillment of the Requirements for the Degree Master of Science Computer Engineering by Nicholas L. Mills May 2011 Accepted by: Dr. Walter B. Ligon III, Committee Chair Dr. Richard R. Brooks Dr. Adam W. Hoover Abstract As the size and scale of supercomputers continues to increase at an exponential rate the number of users on a given supercomputer will only grow larger. A larger number of users on a supercomputer places a greater importance on the strength of information security. Nowhere is this requirement for security more apparent than the file system, as users expect their data to be protected from accidental or deliberate modification. In spite of the ever-increasing demand for more secure file system access the majority of parallel file systems do not implement a robust security protocol for fear it will negatively impact the performance and scalability of the file system.
  • Secure Foundational Exabyte Hpc Systems for 2020 and Beyond Sv/128 - Risc-V

    Secure Foundational Exabyte Hpc Systems for 2020 and Beyond Sv/128 - Risc-V

    SECURE FOUNDATIONAL EXABYTE HPC SYSTEMS FOR 2020 AND BEYOND SV/128 - RISC-V Steven J. Wallach ([email protected]) Presentation Outline • Background Material (Part 1) • Previous efforts/research on protection • Full Proposal (Part 2) • 128 bit logical address • 64 bit Unique Object ID • First implementation (Part 3 & 4) • RISC-V SV128 ([21] Github) • 32 bit Object ID • Programmer Visible State • Hardware 훍-State [19] • Contemporary security issues March 2020 - SV128 - BSC 2 What’s Next • “The end of Moore’s law could be the best thing that has happened in computing since the beginning of Moore’s law. Confronting the end of an epoch should enable a new era of creativity by encouraging computer scientists to invent biologically inspired devices, circuits, and architectures implemented using recently emerging technologies. “ [6] R. Stanley Williams, “The End of Moore’s Law”, Computing in Science & Engineering, IEEE CS and AIP, March/April 2017 March 2020 - SV128 - BSC 3 OBJECTIVES THE BEST BENCHMARK IS THE ONE YOUR COMPETITION CAN NOT RUN • Why a 128 bit address space? • Security • Cluster wide shared virtual address • Heterogeneous Nodes • Time to do something different not just keep adding more bits • Begin the decade of Exascale computing on a scalable technology • Software/OS oriented • Upward Compatible with RV32 and RV64 • Otherwise we will continue to implement and support the sins of our parents/grandparents. • We can now begin to design & build SECURE PROGRAMMABLE EXABYTE (ZETABYTE) distributed memory systems March 2020 - SV128
  • Intel 432 System Summary: Manager's Perspective

    Intel 432 System Summary: Manager's Perspective

    INTEL 432 SYSTEM SUMMARY: MANAGER'S PERSPECTIVE Manual Order Number: 171867-001 Copyright © 1981 Intel Corporation Intel Corporation, 3065 Bowers Avenue, Santa Clara, California 95051 Additional copies of this manual or other Intel literature may be obtained from: Literature Department Intel Corporation 3065 Bowers Avenue Santa Clara, CA 95051 The information in this document is subject to change without notice. Intel Corporation makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Intel Corporation assumes no responsibility for any errors that may appear in this document. Intel Corporation makes no commitment to update nor to keep current the information contained in this document. Intel Corporation assumes no responsibility for the use of any circuitry other than circuitry embodied in an Intel product. No other circuit patent licenses are implied. Intel software products are copyrighted by and shall remain the property of Intel Corporation. Use, duplication or disclosure is subject to restrictions stated in Intel's software license, or as defined in ASPR 7-104.9(a)(9). No part of this document may be copied or reproduced in any form or by any means without the prior written consent of Intel Corporation. The following are trademarks of Intel Corporation and its affiliates and may be used only to identify Intel products: BXP Intelevision Micromap CREDIT Intellec Multibus i iRMX Multimodule ICE iSBC Plug-A-Bubble iCS iSBX PROMPT im Library Manager Promware INSITE MCS RMX/80 Intel Megachassis System 2000 Intel Micromainframe UPI pScope and the combination of ICE, iCS, iMMX, iRMX, iSBC, iSBX, MCS, or RMX and a numerical suffix.
  • On Access Checking in Capability-Based Systems1

    On Access Checking in Capability-Based Systems1

    On Access Checking in Capability-Based Systems1 Richard Y. Kain Carl E. Landwehr University of Minnesota Naval Research Laboratory ABSTRACT Public descriptions of capability-based system designs often do not clarify the necessary details concerning the propagation of access rights within the sys- tems. A casual reader may assume that it is adequate for capabilities to be passed in accordance with the rules for data copying. A system using such a rule cannot enforce either the military security policy or the Bell and LaPadula rules. The paper shows why this problem arises and provides a taxonomy of capability-based designs. Within the space of design options de®ned by the tax- onomy we identify a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement. Index Terms--Access control, capabilities, capability-based architectures, secu- rity policy, *-property, taxonomy. 1. Introduction Capability systems were ®rst described in the literature in the mid-1960's. Their informal descriptions are typically based upon the notion that a capability is equivalent to a ``ticket,'' in the sense that possession of the ticket allows the possessing process access to the object described in the capability, provided that the access mode is compatible with the ``access rights'' stored within the capability. Several systems using the capability concept have been marketed (IBM System 38, CAP, i432, Plessey S250) [1]. Whether a computer system based upon capabilities can provably enforce the DoD security policy [2] has been a matter of discussion for some time. Boebert [3] has argued that an ``unmodi®ed'' capability machine must be incapable of enforcing the *-property de®ned by Bell and LaPadula [4].
  • Secure Capability Systems

    Secure Capability Systems

    141 CHAPTER 10 Secure Capability Systems A capability system [181] is an operating system that represents its access control policy from the subjects’ perspectives. Recall from Chapter 2 that Lampson’s access ma- trix [176] identified two views of an access control policy: (1) an object-centric view, called access control lists, where the policy is defined in terms of which subjects can access a particular object (the columns of the matrix) and (2) a subject-centric view, called capabilities, where the policy is defined in terms of which objects can be accessed by a particular subject (the rows in the matrix). Although the access control decisions made by capability and access control list systems are the same, the capability perspective provides some opportunities to build more secure systems, but this perspective also introduces some challenges that must be overcome to ensure enforcement of security goals. In this chapter, we identify these opportunities and challenges, and describe capability system designs that can leverage the opportunities while mitigating the challenges. 10.1 CAPABILITY SYSTEM FUNDAMENTALS A capability is a reference to an object and a set of operations that the capability enti- tles the holder, first formalized by Dennis and van Horn [72]. Such capability references are extended memory references in that they not only provide location or naming in- formation, but they may also provide access rights for that reference [333]. This form of addressing is known as capability-based addressing [89]. Thus, a capability is like a house key [128] in that it permits the holder the access associated with the key.
  • 210620-004 Literature Guide Sep Oct 1984.Pdf

    210620-004 Literature Guide Sep Oct 1984.Pdf

    INTRODUCTiON Welcome to tile intel Ut,~raHm~ Cwcie --- a full·fledged libfilry of ter.hnical support documenta­ tion for today's leadino .nemary ano ITIlcroproC8?sor component and system products. This comprehensive literature selection guide is a tool to help you, the Intel customer, during product selection, desiqn and operation. It is for this reason tha'l we \ieep its contents up to date. THE NEED FOR SUPPORT DOCUMENTATION As systems design becomes mcr'easlngi\! software-dependent, development time and costs will continue to rise. To help reduce, both systems ilnd en9ill8ering costs, Intel will be deslgn- ami manufacturing products Wilich will integrate more and mors software functions into system hardware. ThiS ('I' complex, hlgflly inte9rated product 'will require substantial support clocumentation, Wli! tY' incoi'poraleC) into the Intel Literature, Guilie as !11ese products emerge. - HOW TO ORDER When ordering from Tim; Utera(uP?, GUide. please use ~he order form located at the front of thio; bookiet. To 'facjHtat~} on1t;(, pleas6 tH:: SUit'} to endose H'j8 You \lv~a always receive the editjop (Y: Hny PUhUc2tion you or~jer. to change.) PleaSE} \Ilif:jte (ntt~i's Literatufe Departil~ent JOu[; Bc:vvers /\venue, Santa C1a(8., CA 95051, lol' additionai infonllation. Please note and as.',umes riO r,::!~;pol;:,ib;iity tor Ci~I}' err~)fS wl"lIe!llnay appear in ;i'formCltlon cnntc'iinecl h,~'ein :ntel retain::, thE: nghr tc. make any wirnout notice MUL­ PROMPT, MCS "0 code and i~:, 110t Sci.:::nces Corp0railon Intei ~~:o~poration LITERATURE In addition to the product line Handbooks listed below.
  • Capability-Based Computer Systems Capability-Based Computer Systems

    Capability-Based Computer Systems Capability-Based Computer Systems

    Capability-Based Computer Systems Capability-Based Computer Systems Henry M. Levy BBmoBc1” DIGITAL PRESS Copyright 0 1984 Digital Equipment Corporation All rights reserved. Reproduction of this book, in part or in whole, is strictly prohibited. For copy information contact: Digital Press, 12 Crosby Dr., Bedford, Mass. 01730 Printed in the United States of America 10987654321 Documentation Number: EY-00025-DP ISBN: O-932376-22-3 Library of CongressCataloging in Publication Data Levy, Henry M., 1952- Capability-based computer systems. Bibliography: p. 205 Includes index. 1. Computer architecture. 2. Operating systems (Com- puters) 3. System design. I. Title. QA76.9.A73L48 1983 621.3819’58 83-21029 ISBN O-932376-22-3 Trademarks Bell Laboratories: UNIX. Burroughs Corporation: B5000. Cam- bridge University: CAP. Control Data Corporation: CDC 6400, SCOPE. Digital Equipment Corporation: DEC, LSI-11, PDP-1, PDP-11, TOPS-20. Hewlett-Packard Company: HP 3000. Intel Cor- poration: iAPX 432, iMAX, Intel 8086. IBM: CPF, IBM 370, IBM Systemi38, SWARD. International Computers Ltd.: Basic Language Machine. Plessey Telecommunications Ltd. Plessey System 250. Xerox Corporation: Smalltalk. In Memory of Manny and Sonia Preface The purpose of this book is to provide a single source of infor- mation about capability-based computer systems. Although capability systems have existed for nearly two decades, only recently have they appeared in architecture and operating sys- tem textbooks. Much has been written about capability sys- tems in the technical literature, but finding this information is often difficult. This book is an introduction, a survey, a history, and an evaluation of capability- and object-based computer systems.
  • Arxiv:1904.12226V1 [Cs.NI] 27 Apr 2019

    Arxiv:1904.12226V1 [Cs.NI] 27 Apr 2019

    The Ideal Versus the Real: Revisiting the History of Virtual Machines and Containers Allison Randal, University of Cambridge Abstract also have greater access to the host’s privileged software (kernel, operating system) than a physically distinct ma- The common perception in both academic literature and chine would have. the industry today is that virtual machines offer better se- curity, while containers offer better performance. How- Ideally, multitenant environments would offer strong ever, a detailed review of the history of these technolo- isolation of the guest from the host, and between guests gies and the current threats they face reveals a different on the same host, but reality falls short of the ideal. The story. This survey covers key developments in the evo- approaches that various implementations have taken to lution of virtual machines and containers from the 1950s isolating guests have different strengths and weaknesses. to today, with an emphasis on countering modern misper- For example, containers share a kernel with the host, ceptions with accurate historical details and providing a while virtual machines may run as a process in the host solid foundation for ongoing research into the future of operating system or a module in the host kernel, so they secure isolation for multitenant infrastructures, such as expose different attack surfaces through different code cloud and container deployments. paths in the host operating system. Fundamentally, how- ever, all existing implementations of virtual machines and containers
  • The Design and Application of an Extensible Operating System

    The Design and Application of an Extensible Operating System

    THE DESIGN AND APPLICATION OF AN EXTENSIBLE OPERATING SYSTEM Leendert van Doorn VRIJE UNIVERSITEIT THE DESIGN AND APPLICATION OF AN EXTENSIBLE OPERATING SYSTEM ACADEMISCH PROEFSCHRIFT ter verkrijging van de graad van doctor aan de Vrije Universiteit te Amsterdam, op gezag van de rector magnificus prof.dr. T. Sminia, in het openbaar te verdedigen ten overstaan van de promotiecommissie van de faculteit der Exacte Wetenschappen / Wiskunde en Informatica op donderdag 8 maart 2001 om 10.45 uur in het hoofdgebouw van de universiteit, De Boelelaan 1105 door LEENDERT PETER VAN DOORN geboren te Drachten Promotor: prof.dr. A.S. Tanenbaum To Judith and Sofie Publisher: Labyrint Publication P.O. Box 662 2900 AR Capelle a/d IJssel - Holland fax +31 (0) 10 2847382 ISBN 90-72591-88-7 Copyright © 2001 L. P. van Doorn All rights reserved. No part of this publication may be reproduced, stored in a retrieval system of any nature, or transmitted in any form or by any means, electronic, mechani- cal, now known or hereafter invented, including photocopying or recording, without prior written permission of the publisher. Advanced School for Computing and Imaging This work was carried out in the ASCI graduate school. ASCI dissertation series number 60. Parts of Chapter 2 have been published in the Proceedings of the First ASCI Workshop and in the Proceedings of the International Workshop on Object Orientation in Operat- ing Systems. Parts of Chapter 3 have been published in the Proceedings of the Fifth Hot Topics in Operating Systems (HotOS) Workshop. Parts of Chapter 5 have been published in the Proceedings of the Sixth SIGOPS Euro- pean Workshop, the Proceedings of the Third ASCI Conference, the Proceedings of the Ninth Usenix Security Symposium, and filed as an IBM patent disclosure.
  • An Overview of Ada 202X 159

    An Overview of Ada 202X 159

    TThehe journaljournal forfor thethe internationalinternational AdaAda communitycommunity AdaAda UserUser Volume 41 Journal Number 3 Journal September 2020 Editorial 121 Quarterly News Digest 122 Conference Calendar 149 Forthcoming Events 156 Special Contribution J. Cousins An Overview of Ada 202x 159 Articles from the 20th International Real-Time Ada Workshop L.M. Pinho, S. Royuela, E. Quiñones Real-Time Issues in the Ada Parallel model with OpenMP 177 J. Garrido, D. Pisonero Fuentes, J.A. de la Puente, J. Zamorano Vectorization Challenges in Digital Signal Processing 183 Puzzle J. Barnes The Problem of the Nested Squares 187 In memoriam: Ian Christopher Wand 188 Produced by Ada-Europe Editor in Chief António Casimiro University of Lisbon, Portugal [email protected] Ada User Journal Editorial Board Luís Miguel Pinho Polytechnic Institute of Porto, Portugal Associate Editor [email protected] Jorge Real Universitat Politècnica de València, Spain Deputy Editor [email protected] Patricia López Martínez Universidad de Cantabria, Spain Assistant Editor [email protected] Kristoffer N. Gregertsen SINTEF, Norway Assistant Editor [email protected] Dirk Craeynest KU Leuven, Belgium Events Editor [email protected] Alejandro R. Mosteo Centro Universitario de la Defensa, Zaragoza, Spain News Editor [email protected] Ada-Europe Board Tullio Vardanega (President) Italy University of Padua Dirk Craeynest (Vice-President) Belgium Ada-Belgium & KU Leuven Dene Brown (General Secretary) United Kingdom SysAda Limited Ahlan Marriott (Treasurer) Switzerland White Elephant GmbH Luís Miguel Pinho (Ada User Journal) Portugal Polytechnic Institute of Porto António Casimiro (Ada User Journal) Portugal University of Lisbon Ada-Europe General Secretary Dene Brown Tel: +44 2891 520 560 SysAda Limited Email: [email protected] Signal Business Center URL: www.ada-europe.org 2 Innotec Drive BT19 7PD Bangor Northern Ireland, UK Information on Subscriptions and Advertisements Ada User Journal (ISSN 1381-6551) is published in one volume of four issues.