DOCSLIB.ORG

Bibliography

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Bibliography Bibliography [Ackerman 671 W. B. Ackerman and W. W. Plummer. An Implementation of a Multiprocessing Computer System. In Proceedings of the ACM Symposium on Operating System Principles. October 1967. [Almes 781 G. Almes and G. Robertson. An Extensible File System for Hydra. In Proceedings of 3rd International Conference on Software Engi- neering, pages 288-294. ACM, May 1978. [Almes 801 G. T. Almes. Garbage Collection in an Object-Oriented System. Ph.D. thesis, Carnegie-Mellon University, June 1980. [Bell 761 G. Bell and W. D. Strecker. Computer Structures: What Have We Learned From the PDP-ll? In Proceedings of the 3rd Annual Symposium on Computer Architecture, pages 1-14. January 1976. [Bennett 821 J. K. Bennett. A Comparison of Four Object-Oriented Systems. Tech- nical Report TR 82-11-03, Department of Computer Science, University of Washington, 1982. [Berstis 80a] V. Berstis. Security and Protection of Data in the IBM Systemi38. In Proceedings of the 7th Symposium ‘on Computer Architecture, pages 245-252. May 1980. [Berstis 80b] V. Berstis, C. D. Truxal and J. G. Ranweller. System/38 Address- ing and Authorization. In IBM System138 Technical Develop- ments. IBM GSD G580-0237-1, 1980. 207 Bibliography [Bierman 811 E. M. Bierman. A Comparative Study of Network-Based Object-Ori- ented File Systems. Master’s thesis, University of Washington, 1981. [Birrell 781 A. D. Birrell and R. M. Needham. An Asynchronous GarbageCol- lector for the CAP Filing Systems. Operating Systems Review 12(2):31-33, April 1978. [Bishop 771 P. B. Bishop. Computer Systems with a Very Large Address Space and Garbage Collection. Ph.D. thesis, MIT, May 1977. [Brinch Hansen 781 P. B. Hansen. Distributed Processes:A Concurrent Programming Concept. Communications of the ACM 24(11):934-941, Novem- ber 1978. [Burroughs 611 The Descriptor-a Definition of the BSOOO Information Processing System. Burroughs Corporation, Detroit, Michigan, 1961. [Cohen 751 E. Cohen and D. Jefferson. Protection in the Hydra Operating Sys- tem. In Proceedings of the 5th Symposium on Operating Systems Principles, pages 141-160. November 1975. [Cohen 761 E. Cohen, W. Corwin, D. Jefferson, T. Lane, R. Levin, J. New- comer, F. Pollack, and W. Wulf. Hydra Kernel Reference Manual. Department of Computer Science, Carnegie-Mellon University, 1976. [Cook 78a] D. Cook. The Cost of Using the CAP Computer’s Protection Facili- ties. Operating Systems Review 12(l), April 1978. [Cook 78b] D. J. Cook. The Evaluation of a Protection System. Ph.D. thesis, University of Cambridge, 1978. [Cook 791 D. Cook. In Support of Domain Structure for Operating Systems. In Proceedings of the 7th Symposium on Operating Systems Princi- ples, pages 128-130. December 1979. [Cosserat 721 D. C. Cosserat. A Capability Oriented Multi-Processor System for Real-Time Applications. In Proceedings of the International Con- ference on Computer Communications. October 1972. [Cosserat 741 D. C. Cosserat. A Data Model Based on the Capability Protection Mechanism. In Proceedings of the International Workshop on Pro- 208 tection in Operating Systems. August 1974. [Cox 831 Bibliography G. W. Cox, W. M. Corwin, K. K. Lai, and F. J. Pollack. Inter- process Communication and Processor Dispatching on the Intel 432. ACM Transactions on Computer Systems l(l), February 1983. [Dahl 661 0. J. Dahl and K. Nygaard. Simula-An Algol-Based Simulation Language. Communications of the ACM 9(9), September 1966. [Dahlby 801 S. H. Dahlby, G. G. Henry, D. N. Reynolds, and P. T. Taylor. System/38-a High-Level Machine. In IBM System138 Technical Developments. IBM GSD G580-0237-1, 1980. [Denning 761 I?. J. Denning. Fault-Tolerant Operating Systems. Computing Sur- veys 8(4), December 1976. [Dennis 661 J. B. Dennis and E. C. Van Horn. Programming Semantics for Multiprogrammed Computations. Communications of the ACM 9(3), March 1966. [Dennis 801 T. D. Dennis. A Capability Architecture. Ph.D. thesis, Purdue Uni- versity, May 1980. [Dijkstra 781 E. W. Dijkstra, L. Lamport, A. M. Martin, C. S. Scholten, and E. F. M. Steffens. On-the-Fly Garbage Collection: An Exercise in Cooperation. Communications of the ACM 21(1 l), November 1978. [DOD SO] Reference Manual for the Ada Programming Language. United States Department of Defense, 1980. [England 72a] D. M. Eng!and. Architectural Features of System 250. In Infotech State of the Art Report on Operating Systems. Infotech, 1972. [England 72b] D. M. England. Operating System of System 250. In Proceedings of International Switching Symposium. June 1972. [England 741 D. M. England. Capability Concept Mechanism and Structure in System 250. In Proceedingsof the International Workshop on Pro- tection in Operating Systems. August 1974. [Fabry 671 R. Fabry. A User’s View of Capabilities. In ICR Quarterly Report, pages Cl-C8. U. of Chicago Institute for Computer Research, November 1967. 209 Bibliography [Fabry 681 R. S. Fabry. Preliminary Description of a Supervisor for a Machine Oriented Around Capabilities. In ICR Quarterly Report, pages Bl-B97. U. of Chicago Institute for Computer Research, August 1968. [Fabry 711 R. S. Fabry. List-Structured Addressing. Ph.D. thesis, University of Chicago, March 1971. [Fabry 741 R. S. Fabry. Capability-Based Addressing. Communications of the ACM 17(7):403-412, July 1974. [Feustel 721 E. A. Feustel. The Rice ResearchComputer-A Tagged Architec- ture. In Proceedings of the Spring Joint Computer Conference, pages 369-377. IFIPS, 1972. [Feustel 731 E. A. Feustel. On the Advantages of Tagged Architectures. IEEE Transactions on Computers C-22(7):644-656, July 1973. [Fuller 781 S. H. Fuller and S. P. Harbison. The C.mmp Multiprocessor. Tech- nical Report, Department of Computer Science, Carnegie-Mel- lon University, 1978. [Gehringer 791 E. F. Gehringer. Variable-Length Capabilities as a Solution to the Small-Object Problem. In Proceedings of the 7th Symposium on Operating Systems Principles, pages 131-142. December 1979. [Gehringer 8 l] E. F. Gehringer and R. J. Chansler, Jr. STAROS User and System Structure Manual, Department of Computer Science, Carnegie- Mellon University, 1981. [Gehringer 821 E. F. Gehringer. Capability Architectures and Small Objects. UMI Research Press, 1982. [Goldberg 831 A. Goldberg and D. Robson. Smalltalk-80: The Language and Its Implementation. Addison-Wesley, 1983. [Goodenough 751 J. B. Goodenough. Exception Handling: Issues and a Proposed Notation. Communications of the ACM 18(12):683-696, Decem- ber 1975. [Graham 721 G. S. Graham and P. J. Denning. Protection-Principles and Prac- tice. In Proceedings of the SpringJoint Computer Conference, pages 210 417-429. 1972. [Halton 721 Bibliography D. Halton. Hardware of the System 250 for Communication Con- trol. In Proceedings of International Switching Symposium. June 1972. [Hamer-Hodges 721 K. J. Hamer-Hodges. Fault Resistance and Recovery Within Sys- tem 250. In Proceedings of the International Conference on Com- puter Communications. October 1972. [Hamilton 791 J. Hamilton. Location Dependencies in Distributed Operating Sys- tems. In Proceedings of the Louisiana Computer Exposition. March 1979. [Hansen 821 I?. M. Hansen, M. A. Linton, R. N. Mayo, M. Murphy, and D. A. Patterson. A Performance Evaluation of the Intel iAPX 432. Computer Architecture News 10(4):17-26, June 1982. [Harrison 751 M. A. Harrison, W. L. RUZZO,and J. D. Ullman. On Protection in Operating Systems. In Proceedings of the 5th Symposium on Oper- ating Systems Principles, pages 14-24. November 1975. [Herbert 77a] A. J. Herbert, editor. CAP Hardware Manual. Computer Labora- tory, University of Cambridge, 1977. [Herbert 77b] A. J. Herbert, editor. CAP System Programmer’s Manual. Com- puter Laboratory, University of Cambridge, 1977. [Herbert 77~1 A. J. Herbert, editor. CAP Operating System Manual. Computer Laboratory, University of Cambridge, 1977. [Herbert 78a] A. J. Herbert. A New Protection Architecture for the Cambridge Capability Computer. Operating Systems Review 12(l), January 1978. [Herbert 78b] A. J. Herbert. A Microprogrammed Operating System Kernel. Ph.D. thesis, University of Cambridge, 1978. [Herbert 791 A. J. Herbert. A Hardware-Supported Protection Architecture. In D. Lanciaux, editor, Operating Systems. North Holland, 1979. [Hoare 741 C. A. R. Hoare. Monitors: An Operating System Structuring Con- cept. Communications of the ACM 17(10):549-557, October 1974. 271 Bibliography [Hoch 801 C. Hoch and J. C. Browne. An Implementation of Capabilities on the PDF’-11145. Operating Systems Review 14(3), July 1980. [Hoffman 801 R. L. Hoffman and F. G. Soltis. Hardware Organization of the Systemi38. In IBM System138 Technical Developments. IBM GSD G580-0237-1, 1980. [Houdek 801 M. E. Houdek and G. R. Mitchell. Translating a Large Virtual Address. In IBM System138 Technical Developments. IBM GSD G580-0237-1, 1980. [Houdek 811 M. E. Houdek, F. G. Soltis, and R. L. Hoffman. IBM System/38 Support for Capability-Based Addressing. In Proceedings of the 8th Symposium on Computer Architecture. ACM/IEEE, May 1981. w 74 HP 3000 Computer System Reference Manual. Hewlett-Packard Company, Cupertino, California, 1972. [IBM 801 IBM System138 Functional Reference Manual. IBM GA21-9331-3, 1982. [IBM 82a] IBM System138 Technical Developments. IBM GSD G580-0237-1, 1980. (A collection of 30 short papers on Systemi38). [IBM 82b] IBM System138 Functional Concepts Manual. IBM GA21-9330-1, 1982. [Iliffe 621 J. K. Iliffe and J. G. Jodeit. A Dynamic Storage Allocation Scheme. Computer Journal 5(3):200-209, October 1962. [Iliffe 681 J. K. Iliffe. Basic Machine Principles. American Elsevier, Inc., New York, 1968. [Iliffe 691 J. K. Iliffe. Elements of BLM. Computer Journal 12(3):251-258, August 1969. [Iliffe 821 J. K. Iliffe. Advanced Computer Design. Prentice/Hall Interna- tional, 1982. [Ingalls 781 D. H. H. Ingalls. The Smalltalk- Programming System Design and Implementation. In Proceedings of the 5th ACM Symposium 212 on Principles of Programming Languages. January 1978. [Ingalls 811 Bibliography D. H. H. Ingalls. Design Principles Behind Smalltalk. Byte 6(8), 1981. [Intel 811 iAPX 432 General Data Processor Architecture Reference Manual.
Load more

Recommended publications
  • Operating Systems and Virtualisation Security Knowledge Area (Draft for Comment)
    OPERATING SYSTEMS AND VIRTUALISATION SECURITY KNOWLEDGE AREA (DRAFT FOR COMMENT) AUTHOR: Herbert Bos – Vrije Universiteit Amsterdam EDITOR: Andrew Martin – Oxford University REVIEWERS: Chris Dalton – Hewlett Packard David Lie – University of Toronto Gernot Heiser – University of New South Wales Mathias Payer – École Polytechnique Fédérale de Lausanne © Crown Copyright, The National Cyber Security Centre 2019. Following wide community consultation with both academia and industry, 19 Knowledge Areas (KAs) have been identified to form the scope of the CyBOK (see diagram below). The Scope document provides an overview of these top-level KAs and the sub-topics that should be covered under each and can be found on the project website: https://www.cybok.org/. We are seeking comments within the scope of the individual KA; readers should note that important related subjects such as risk or human factors have their own knowledge areas. It should be noted that a fully-collated CyBOK document which includes issue 1.0 of all 19 Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas. Operating Systems and Virtualisation Security Herbert Bos Vrije Universiteit Amsterdam April 2019 INTRODUCTION In this knowledge area, we introduce the principles, primitives and practices for ensuring security at the operating system and hypervisor levels. We shall see that the challenges related to operating system security have evolved over the past few decades, even if the principles have stayed mostly the same. For instance, when few people had their own computers and most computing was done on multiuser (often mainframe-based) computer systems with limited connectivity, security was mostly focused on isolating users or classes of users from each other1.
    [Show full text]
  • CHERI Instruction-Set Architecture
    UCAM-CL-TR-876 Technical Report ISSN 1476-2986 Number 876 Computer Laboratory Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son September 2015 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2015 Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son, SRI International Approved for public release; distribution is unlimited. Sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 (“CTSRD”) and FA8750-11-C-0249 (“MRC2”) as part of the DARPA CRASH and DARPA MRC research programs. The views, opinions, and/or findings contained in this report are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government. Additional support was received from St John’s College Cambridge, the SOAAP Google Focused Research Award, the RCUK’s Horizon Digital Economy Research Hub Grant (EP/G065802/1), the EPSRC REMS Programme Grant (EP/K008528/1), the Isaac Newton Trust, the UK Higher Education Innovation Fund (HEIF), and Thales E-Security. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Abstract This technical report describes CHERI ISAv4, the fourth version of the Capability Hardware Enhanced RISC Instructions (CHERI) Instruction-Set Architecture (ISA)1 being developed by SRI International and the University of Cambridge.
    [Show full text]
  • A VLSI Architecture for Enhancing Software Reliability Kanad Ghose Iowa State University
    Iowa State University Capstones, Theses and Retrospective Theses and Dissertations Dissertations 1988 A VLSI architecture for enhancing software reliability Kanad Ghose Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/rtd Part of the Computer Sciences Commons Recommended Citation Ghose, Kanad, "A VLSI architecture for enhancing software reliability " (1988). Retrospective Theses and Dissertations. 9345. https://lib.dr.iastate.edu/rtd/9345 This Dissertation is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Retrospective Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. INFORMATION TO USERS The most advanced technology has been used to photo­ graph and reproduce this manuscript from the microfilm master. UMI films the original text directly from the copy submitted. Thus, some dissertation copies are in typewriter face, while others may be from a computer printer. In the unlikely event that the author did not send UMI a complete manuscript and there are missing pages, these will be noted. Also, if unauthorized copyrighted material had to be removed, a note will indicate the deletion. Oversize materials (e.g., maps, drawings, charts) are re­ produced by sectioning the original, beginning at the upper left-hand comer and continuing from left to right in equal sections with small overlaps. Each oversize page is available as one exposure on a standard 35 mm slide or as a 17" x 23" black and white photographic print for an additional charge.
    [Show full text]
  • Privacy Engineering for Social Networks
    UCAM-CL-TR-825 Technical Report ISSN 1476-2986 Number 825 Computer Laboratory Privacy engineering for social networks Jonathan Anderson December 2012 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2012 Jonathan Anderson This technical report is based on a dissertation submitted July 2012 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Trinity College. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Privacy engineering for social networks Jonathan Anderson In this dissertation, I enumerate several privacy problems in online social net- works (OSNs) and describe a system called Footlights that addresses them. Foot- lights is a platform for distributed social applications that allows users to control the sharing of private information. It is designed to compete with the performance of today’s centralised OSNs, but it does not trust centralised infrastructure to en- force security properties. Based on several socio-technical scenarios, I extract concrete technical problems to be solved and show how the existing research literature does not solve them. Addressing these problems fully would fundamentally change users’ interactions with OSNs, providing real control over online sharing. I also demonstrate that today’s OSNs do not provide this control: both user data and the social graph are vulnerable to practical privacy attacks. Footlights’ storage substrate provides private, scalable, sharable storage using untrusted servers. Under realistic assumptions, the direct cost of operating this storage system is less than one US dollar per user-year.
    [Show full text]
  • Operating Systems & Virtualisation Security Knowledge Area
    Operating Systems & Virtualisation Security Knowledge Area Issue 1.0 Herbert Bos Vrije Universiteit Amsterdam EDITOR Andrew Martin Oxford University REVIEWERS Chris Dalton Hewlett Packard David Lie University of Toronto Gernot Heiser University of New South Wales Mathias Payer École Polytechnique Fédérale de Lausanne The Cyber Security Body Of Knowledge www.cybok.org COPYRIGHT © Crown Copyright, The National Cyber Security Centre 2019. This information is licensed under the Open Government Licence v3.0. To view this licence, visit: http://www.nationalarchives.gov.uk/doc/open-government-licence/ When you use this information under the Open Government Licence, you should include the following attribution: CyBOK © Crown Copyright, The National Cyber Security Centre 2018, li- censed under the Open Government Licence: http://www.nationalarchives.gov.uk/doc/open- government-licence/. The CyBOK project would like to understand how the CyBOK is being used and its uptake. The project would like organisations using, or intending to use, CyBOK for the purposes of education, training, course development, professional development etc. to contact it at con- [email protected] to let the project know how they are using CyBOK. Issue 1.0 is a stable public release of the Operating Systems & Virtualisation Security Knowl- edge Area. However, it should be noted that a fully-collated CyBOK document which includes all of the Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas KA Operating Systems & Virtualisation Security j October 2019 Page 1 The Cyber Security Body Of Knowledge www.cybok.org INTRODUCTION In this Knowledge Area, we introduce the principles, primitives and practices for ensuring se- curity at the operating system and hypervisor levels.
    [Show full text]
  • Object Capabilities and Isolation of Untrusted Web Applications
    Object Capabilities and Isolation of Untrusted Web Applications Sergio Maffeis John C. Mitchell Ankur Taly Imperial College London Stanford University Stanford University [email protected] [email protected] [email protected] Abstract—A growing number of current web sites combine Intel iAPX423, the Amoeba operating system, and others active content (applications) from untrusted sources, as in (see [10], [11]). The main idea is that code possessing a so-called mashups. The object-capability model provides an capability, such as an unforgeable reference to a file or appealing approach for isolating untrusted content: if separate applications are provided disjoint capabilities, a sound object- system object, is allowed to access the resource by virtue of capability framework should prevent untrusted applications possessing the capability. If a system is capability safe, and from interfering with each other, without preventing interaction a process possesses only the capabilities that it is explicitly with the user or the hosting page. In developing language-based given, then isolation between two untrusted processes may foundations for isolation proofs based on object-capability con- be achieved granting them non-overlapping capabilities. cepts, we identify a more general notion of authority safety that also implies resource isolation. After proving that capability An attractive adaptation to programming language con- safety implies authority safety, we show the applicability of texts is the object-capability model [12], [13], which replaces our framework for a specific class of mashups. In addition the traditional subject-object dichotomy with programming to proving that a JavaScript subset based on Google Caja language objects that are both subjects that initiate access is capability safe, we prove that a more expressive subset of and objects (targets) of regulated actions.
    [Show full text]
  • Great Principles of Computing
    Great Principles of Computing Great Principles of Computing Peter J. Denning and Craig H. Martell The MIT Press Cambridge, Massachusetts London, England © 2015 Massachusetts Institute of Technology All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the publisher. MIT Press books may be purchased at special quantity discounts for business or sales promotional use. For information, please email [email protected]. This book was set in Stone Sans Std and Stone Serif Std by Toppan Best-set Premedia Limited, Hong Kong. Printed and bound in the United States of America. Library of Congress Cataloging-in-Publication Data Denning, Peter J., 1942 – Great principles of computing / Peter J. Denning and Craig H. Martell. pages cm Includes bibliographical references and index. ISBN 978-0-262-52712-5 (pbk. : alk. paper) 1. Computer science. I. Martell, Craig H., 1965– II. Title. QA76.D3483 2015 004 — dc23 2014022598 10 9 8 7 6 5 4 3 2 1 To Dorothy, Anne, and Diana To Chaliya and Katie Contents Foreword by Vint Cerf ix Preface xiii 1 Computing 1 2 Domains 19 3 Information 35 4 Machines 59 5 Programming 83 6 Computation 99 7 Memory 123 8 Parallelism 149 9 Queueing 171 10 Design 195 11 Networking 219 12 Afterword 241 Summary of This Book 249 Notes 257 References 271 Index 287 Foreword Peter Denning and Craig Martell have taken on a monumental topic: iden- tifying and elucidating principles that shape and inform the process of coercing computers to do what we want them to do and struggling with the difference between what they actually do (that is, what we told them) and what we want them to do.
    [Show full text]
  • Capability-Based Computer Systems Capability-Based Computer Systems
    Capability-Based Computer Systems Capability-Based Computer Systems Henry M. Levy BBmoBc1” DIGITAL PRESS Copyright 0 1984 Digital Equipment Corporation All rights reserved. Reproduction of this book, in part or in whole, is strictly prohibited. For copy information contact: Digital Press, 12 Crosby Dr., Bedford, Mass. 01730 Printed in the United States of America 10987654321 Documentation Number: EY-00025-DP ISBN: O-932376-22-3 Library of CongressCataloging in Publication Data Levy, Henry M., 1952- Capability-based computer systems. Bibliography: p. 205 Includes index. 1. Computer architecture. 2. Operating systems (Com- puters) 3. System design. I. Title. QA76.9.A73L48 1983 621.3819’58 83-21029 ISBN O-932376-22-3 Trademarks Bell Laboratories: UNIX. Burroughs Corporation: B5000. Cam- bridge University: CAP. Control Data Corporation: CDC 6400, SCOPE. Digital Equipment Corporation: DEC, LSI-11, PDP-1, PDP-11, TOPS-20. Hewlett-Packard Company: HP 3000. Intel Cor- poration: iAPX 432, iMAX, Intel 8086. IBM: CPF, IBM 370, IBM Systemi38, SWARD. International Computers Ltd.: Basic Language Machine. Plessey Telecommunications Ltd. Plessey System 250. Xerox Corporation: Smalltalk. In Memory of Manny and Sonia Preface The purpose of this book is to provide a single source of infor- mation about capability-based computer systems. Although capability systems have existed for nearly two decades, only recently have they appeared in architecture and operating sys- tem textbooks. Much has been written about capability sys- tems in the technical literature, but finding this information is often difficult. This book is an introduction, a survey, a history, and an evaluation of capability- and object-based computer systems.
    [Show full text]
  • Notes on Virtualization
    Notes on Virtualization Version 9.0 Andrew Herbert 6th October 2015 Introduction The story of virtualization and the important role it has played in Operating Systems over the past 50 years. The systems and papers mentioned in the text are the author’s choice of exemplars for the concepts being discussed, they not an exhaustive list of all related research and products, nor a statement about precedence over other systems. What is “Virtualization”? In broad terms, “virtualization” in the context of operating systems principles relates to operating systems that give the illusion of efficiently running multiple independent computers known as “virtual machines”. Depending upon the specific requirements and means of virtualization, the virtual machines be directly executed by (i.e., exactly mimic) the underlying physical machine, or they may comprise a more abstract system, parts or all of which are simulated by the physical machine. Origins The term “virtual” originated with “(dynamic) virtual memory” to express the abstraction of having a large contiguously addressed store available to programs, implemented by swapping portions of data and program between main store and magnetic drum. Some of the pioneers of operating systems (Maurice Wilkes, Brian Randell, Bob Nelson) have suggested the use of the word “virtual” was inspired by optics, in the sense of “virtual” versus “real” images. The term “virtual” was then extended to include “virtual devices” with the advent of input-output spooling and file systems. A typical virtual device interface would replace the hardware input-output instructions and device interrupt handling structures with a more convenient abstract interface with functions such as OPEN, CLOSE, READ, WRITE, CREATE, and DELETE.
    [Show full text]
  • Arxiv:1904.12226V1 [Cs.NI] 27 Apr 2019
    The Ideal Versus the Real: Revisiting the History of Virtual Machines and Containers Allison Randal, University of Cambridge Abstract also have greater access to the host’s privileged software (kernel, operating system) than a physically distinct ma- The common perception in both academic literature and chine would have. the industry today is that virtual machines offer better se- curity, while containers offer better performance. How- Ideally, multitenant environments would offer strong ever, a detailed review of the history of these technolo- isolation of the guest from the host, and between guests gies and the current threats they face reveals a different on the same host, but reality falls short of the ideal. The story. This survey covers key developments in the evo- approaches that various implementations have taken to lution of virtual machines and containers from the 1950s isolating guests have different strengths and weaknesses. to today, with an emphasis on countering modern misper- For example, containers share a kernel with the host, ceptions with accurate historical details and providing a while virtual machines may run as a process in the host solid foundation for ongoing research into the future of operating system or a module in the host kernel, so they secure isolation for multitenant infrastructures, such as expose different attack surfaces through different code cloud and container deployments. paths in the host operating system. Fundamentally, how- ever, all existing implementations of virtual machines and containers
    [Show full text]
  • Design of the SPEEDOS Operating System Kernel
    Universität Ulm Fakultät für Informatik Abteilung Rechnerstrukturen Design of the SPEEDOS Operating System Kernel Dissertation zur Erlangung des Doktorgrades Dr. rer. nat. der Fakultät für Informatik der Universität Ulm vorgelegt von Klaus Espenlaub aus Biberach a.d. Riß 2005 Official Copy, serial number df13c6b7-d6ed-e3f4-58b6-8662375a2688 Amtierender Dekan: Prof. Dr. Helmuth Partsch Gutachter: Prof. Dr. J. Leslie Keedy (Universität Ulm) Gutachter: Prof. Dr. Jörg Kaiser (Otto-von-Guericke-Universität, Magdeburg) Gutachter: Prof. John Rosenberg (Deakin University, Geelong, Victoria, Australia) Prüfungstermin: 11.07.2005 iii Abstract (Eine inhaltsgleiche, deutsche Fassung dieser Übersicht ist ab Seite 243 zu finden.) The design of current operating systems and their kernels shows deficiencies in re- spect to the structuring approach and the flexibility of their protection systems. The operating systems and applications suffer under this lack of extensibility and flexib- ility. The protection model implemented in many operating systems is not powerful enough to represent arbitrary protection conditions on a more fine-grained granu- larity than giving read and/or write access to an entire object. Additionally current operating systems are not capable of controlling the flow of information between software units effectively. Confinement conditions cannot be expressed explicitly and thus confinement problems can only be solved indirectly. Further complications with the protection system and especially the software structure in modern operating systems based on the microkernel approach are caused by the use of the out-of-process model. It is extremely difficult to spe- cify access rights appropriately, because the client/server paradigm does not easily allow a relationship to be established between the role of the client and the per- missions of the server.
    [Show full text]
  • From L3 to Sel4 What Have We Learnt in 20 Years of L4 Microkernels?
    From L3 to seL4 What Have We Learnt in 20 Years of L4 Microkernels? Kevin Elphinstone and Gernot Heiser NICTA and UNSW, Sydney fkevin.elphinstone,[email protected] Abstract vices back into the kernel [Condict et al. 1994]. There were The L4 microkernel has undergone 20 years of use and evo- also arguments that high IPC costs were an (inherent?) conse- lution. It has an active user and developer community, and quence of the structure of microkernel-based systems [Chen there are commercial versions which are deployed on a large and Bershad 1993]. scale. In this paper we examine the lessons learnt in those 20 In this context, the order-of-magnitude improvement of years in relation to microkernel design. We revisit the L4 de- IPC costs Liedtke demonstrated was quite remarkable. It was sign papers, re-examine the approaches and conclusions, and followed by work discussing the philosophy and mechanisms provide insights into the long-term validity, or lack thereof, of L4 [Liedtke 1995; 1996a], the demonstration of a para- of the original design and implementation principles. We fur- virtualized Linux on L4 with only a few percent overhead [Hartig¨ et al. 1997], the deployment of an L4 version on ther examine the design of the seL4 kernel, which has pushed 1 the L4 model furthest and was the first OS kernel to undergo billions of mobile devices, and, finally, the world’s first a complete formal verification of its implementation. We use functional correctness proof of an OS kernel [Klein et al. the seL4 design to illustrate how the microkernel has evolved, 2009].
    [Show full text]