Factbites
Where results make sense
About us   |   Why use us?   |   Reviews   |   PR   |   Contact us  

Topic: KeyKOS


In the News (Sun 26 May 13)
EXECUTIVE POWER
Iran
ANALYSIS
Pakistan
Family compact

  
  KeyKOS Nanokernel Architecture
KeyKOS is characterized by a small set of powerful and highly optimized primitives that allow it to achieve performance competitive with the macrokernel operating systems that it replaces.
KeyKOS consists of the nanokernel, which can run in as little as 100 Kilobytes of memory and includes all of the system privileged code, plus additional facilities necessary to support operating systems and applications.
KeyKOS is founded on three architectural concepts that are unfamiliar to most of the UNIX community: a stateless kernel, single-level store, and capabilities.
www.cis.upenn.edu /~KeyKOS/NanoKernel/NanoKernel.html   (8483 words)

  
 [No title]
When KeyKOS is restarted, the state of the system at the most recent checkpoint is restored, and the all processes continue running from that state.
When KeyKOS restarts from a checkpoint, all their state: registers, memory, files etc. etc., are restored to the (consistent) state at the time of the checkpoint and the program runs from there, producing the same results.
If the KeyKOS restarts from that checkpoint, then the CAIO, whose state was backed up to the time of the checkpoint, completes step one, which is not a problem since copying the LEQ is an idempotent operation.
www.usenix.org /publications/library/proceedings/micro93/full_papers/frantz.txt   (4882 words)

  
 Extremely Reliable Operating System - Wikipedia, the free encyclopedia
KeyKOS was an operating system developed by Key Logic, Inc., and was a direct continuation of work on the earlier GNOSIS (Great New Operating System In the Sky) system created by Tymshare, Inc. The KeyKOS system offered a degree of security and reliability that remains unduplicated today (2006).
Since KeyKOS did not run on popular commodity processors in any case, the decision was made to reconstruct it from the publicly available documentation.
By late 1992, it had become clear that processor architecture had changed significantly since the introduction of the capability idea, and it was no longer obvious that component-structured systems were practical.
en.wikipedia.org /wiki/Eros_(operating_system)   (1359 words)

  
 The Checkpoint Mechanism in KeyKOS
Development of KeyKOS began in 1975 at Tymshare, Inc. and was continued at Key Logic in Santa Clara, CA beginning in 1985.
Because the important state of a KeyKOS system is held not just in files, but in a complex network of objects and capabilities, it is particularly important to ensure that the entire state of the system can be safely recovered under any conditions.
In the 17-year history of KeyKOS, the only cases in which a damaged system state was checkpointed occurred as a result of kernel development and testing.
www.agorics.com /Library/KeyKos/checkpoint.html   (4269 words)

  
 KeyKOS Documentation
KeyKOS Concepts, An Introduction is an introduction to the principle ideas of KeyKOS and is aimed at potential application developers.
KeyKOS Principles attempts to describe the state of the existing system sufficiently for application development.
KeySAFE, used in conjunction with KeyKOS, is a system designed to meet the high B-level requirements of the Department of Defense Trusted Computer System Evaluation Criteria.
www.agorics.com /Library/keykosindex.html   (679 words)

  
 The KeyKOS Factory
KeyKOS was the first system to demonstrate a solution to the confinement of authority, both in and out.
The KeyKOS solution is known as The Factory, and is also explained here and in the expired factory patent.
The HoleChecker implementation is in bed with the Factory implementation, and in KeyKOS actually happens to be a Factory.
www.erights.org /elib/capability/factory.html   (1338 words)

  
 Questions about different types of KeyKOS IPC
By having a domain that is specifically used for the purpose of being available (I suppose it could be called a promptness server, but is currently called a forker), you have assurance that the fork won't block.
KeyKOS style says if you need a server with specific characteristics, build one out of existing servers with some glue to meet your needs.
Most KeyKOS servers were designed to be called with a request and return an answer.
www.eros-os.org /pipermail/eros-arch/1994-December/001414.html   (641 words)

  
 US Patent 6,279,094 Explanation
US Patent 6,279,094, "Method and apparatus for managing invalidation of virtual memory mapping table entries", is written in a way that makes it difficult to understand, even for me, the inventor.
In EROS and KeyKOS, memory maps are defined by a tree of segment nodes.
A limited recursion is used first, and a dependency database is also used for mapping table entries that can't be found through the limited recursion.
www.macslab.com /charlies/patentExplanation.html   (640 words)

  
 Charles Babbage Institute: RESEARCH PROGRAM> Current research   (Site not responding. Last check: 2007-10-09)
With support from the Key Logic staff, Unisys ported KeyKOS to their next generation hardware, and Omron ported it to the Motorola 88000 where it supported POSIX (Portable Operating System Interface) (qv) and the X-Window system.
KeyKOS has also operated at EDS as a Tymnet interface for more than 8 years.
KeyKOS was accepted by the National Computer Security Center (NCSC) for a B3 evaluation based on a study of its security architecture.
www.cbi.umn.edu /shp/entries/keykos.html   (430 words)

  
 FoRK Archive: Agoric computing & KeyKOS
Because KeyKOS architecture hides the details of processors and instruction sets, it is suitable for both centralized and distributed implementations, and for systems with more than one instruction set.
A KeyKOS object serves much the same purpose as an address space or a virtual machine in today's systems: it provides a place for the program and its data to exist and to execute.
One difference is that a KeyKOS application will typically consist of several objects, each containing a small subsystem (typically 50-1000 lines of source code) implementing a specific function.
www.xent.com /FoRK-archive/oct98/0121.html   (1934 words)

  
 Grant Matcher History
Whereas Actors came out of a symbolic-computation A.I. tradition, with it's emphasis on extreme flexibility, KeyKOS is an operating system, most infuenced by Hydra and Algol '68, whose emphasis was extreme flexibility within the constraints of extreme security.
Norm Hardy was the chief architect of KeyKOS.
KeyKOS does have EQ (called DISCRIM), and is implicitly or explicitly the basis for several of its impressive security patterns, such as the Factory.
www.caplet.com /security/taxonomy/grant-match/history.html   (848 words)

  
 Differences Between Coyotos and EROS — A Quick Summary
KeyKOS had something called a ``red segment,'' which was a rather odd sort of node that carried optional additional information such as a keeper capability, a background address space, and so forth.
KeyKOS space bank capabilities, for example, were really red segment capabilities that wrapped a start capability to the actual space bank.
Because red segments had important uses outside of memory contexts, EROS eventually replaced this with a simplified form called a ``wrapper node.'' The wrapper node largely served the same function as the red segment node, but its specification was significantly simpler.
coyotos.org /docs/misc/eros-comparison.html   (4141 words)

  
 Keykos Mach Aegis
This means that if one client discovers a bug by which he can insert his own code into the file service address space, he can then corrupt file service for all of the file system clients.
(In Keykos the process might be called a fiction with which the kernel’s domain scheduling is explained.) Terminologically only the message is in common between these sets of names.
Keykos was spoiled a bit having originated on a machine (370) with flexible and inordinately fast memory to memory transfer operations.
www.cap-lore.com /CapTheory/KK/Contrasts/cont.html   (905 words)

  
 KeyKOS Home Page
In addition to providing a simplified description of the KeyKOS architecture, this paper describes KeyNIX, the prototype UNIX environment that was built on top of KeyKOS.
KeyKOS Concepts, An Introduction is a gentle introduction to the principle ideas of KeyKOS and is aimed at potential application developers.
The KeyKOS NanoKernel Architecture, Proceedings of the USENIX Workshop on Micro-Kernels and Other Kernel Architectures, USENIX Association, April 1992.
www.cis.upenn.edu /~KeyKOS   (1185 words)

  
 EROS: A High-Performance Capability System
A previous system, KeyKOS, has shown that constructing a pure capability system is feasible [Bom92, Har85], and provides a relatively clean architecture from which to proceed.
KeyKOS was first deployed on the System/370 architecture in the early 1980's, and was briefly successful in transaction processing applications.
Where KeyKOS focused on the question of whether a capability system was feasible, EROS is concerned with refining this system to the point where the need for hardware implementation can be clearly dismissed.
srl.cs.jhu.edu /~shap/proposal/proposal.html   (8619 words)

  
 Citations: The Checkpoint Mechanism in KeyKOS - Landau (ResearchIndex)
LANDAU C.R., The Checkpoint Mechanism in KeyKOS, In Proc.
KeyKOS runs on both uni processors and multi processors, but not in a loosely coupled distributed computing environment.
KeyKOS Kernel Design The KeyKOS kernel can run in as little as one hundred kilobytes of memory, primarily because it is stateless, and thus does no dynamic memory....
citeseer.ist.psu.edu /context/113993/0   (2610 words)

  
 Capability-Based Systems
Hydra was a capability-based system, although the developers of the system recognized the limitations of a simple capability model and introduced several enhancements to the basic capability mechanisms.
Though popular, capability mechanisms are poorly suited to providing policy flexibility, because they allow the holder of a capability to control the direct propagation of that capability, whereas a critical requirement for supporting security policies is the ability to control the propagation of access rights in accordance with the policy.
The enhancements introduced by Hydra and KeyKOS are intended to limit such propagation, but the resulting systems still generally only support the specific policies they were designed to satisfy, at the cost of significant complexity that diminishes the attraction of the capability model in the first place.
www.nsa.gov /selinux/papers/flask/node4.html   (337 words)

  
 Notes on Keykos
An engineering goal of Keykos was to subject a great deal of OS function to some protection discipline so as to allow safe rapid development in that area.
The Keykos Architecture is a dense but rather complete description of the system.
While Keykos was originally built for the IBM 370, the 390 Principles of Operation describe a later architecture that is compatible with the 370.
www.cap-lore.com /CapTheory/KK   (431 words)

  
 Security, Reliability, and the OS
Practical experience KeyKOS has been in production use since 1983.
Because the KeyKOS checkpoint/restart mechanism introduces a significant departure from the traditional reliability paradigm, it is worth examining the experience gained in using the system over this period.
KeyKOS systems have run for periods of as long as three years.
www.kernel-panic.org /pipermail/kplug-list/2005-February/075428.html   (519 words)

  
 Introduction
A couple of computer operating systems, notably Multics and KeyKOS, were extremely resistant, indeed virtually invulnerable, to hacking and cracking.
And governments everywhere will jump eagerly at the opportunities to legislate, regulate, control, and censor, all in the name of protecting us from the evil hackers of the world.
Capability security is today being resurrected in several places in several ways, notably in the form of the E programming language and the EROS operating system.
www.skyhunter.com /marcs/capabilityIntro/index.html   (926 words)

  
 The Path to Coyotos   (Site not responding. Last check: 2007-10-09)
While KeyKOS was described as a microkernel, in hindsight it wasn't.
While the KeyKOS confinement mechanism was patented in 1986, it was never formally verified.
The KeyKOS performance reported in 1992 was comparable to that of Mach — fast for the day, but quite slow by current standards.
www.coyotos.org /history.html   (1842 words)

  
 Re: instance and instantiator
In GNOSIS, KeyKOS, EROS, CapROS, and Coyotos, the historical rule was: The kernel shall never rely on user-mode code -- even *trusted* user mode code such as the space bank -- for its correctness.
In KeyKOS, the test was: constructor->isConfined(capset-of-authorized-exceptions) where capset is yet another user-mode object that is recognized by the constructor.
The KeyKOS version of the constructor (which was called the "factory", which will answer one of Guy's offline questions) operated a little differently than the EROS version.
www.mail-archive.com /l4-hurd@gnu.org/msg00673.html   (751 words)

  
 Let's begin SchemeOS   (Site not responding. Last check: 2007-10-09)
This prevents confused-deputy problems, which have been a fair majority of the problems reported on BUGTRAQ while I've been reading it.
This sounds awfully slow, but KeyKOS is supposedly quite efficient; a Unix emulator built atop it in the late 80s was comparable in speed to real Unix on the same hardware, and much faster in some areas.
EROS also does transparent checkpointing persistence (like KeyKOS), and has a single-level store (which means virtual memory *is* the filesystem).
lists.tunes.org /archives/lispos/1998-March/002112.html   (295 words)

  
 Starshine: Jim: Operating Systems   (Site not responding. Last check: 2007-10-09)
For example KeyKOS uses a different security model than most of us are accustomed to.
This is called a "capabilities system" (which I guess was first used in the Hydra operating system and to a lesser degree in Multics) To learn more about KeyKOS you might want to peruse its documentation.
The EROS Operating System is based on KeyKOS and is intended to be a "pure capabilities system." You can learn more about this by reading about Jonathan S. Shapiro's Seminar on Rehosted Operating Systems.
www.starshine.org /jimd/os.html   (706 words)

  
 Paper: EROSpaper :: Administrator@SCHLICHA   (Site not responding. Last check: 2007-10-09)
KeyKos was particularly resistant because it was a persistent capabilities-based system, a simple but very secure system design.
The EROS development team is also is making an attempt to improve upon the KeyKos s system design by adding some more features that have surfaced long after KeyKos was designed.
The EROS operating system initially began its development at the University of Pennsylvania towards the middle half of the 1990 s.
computing.breinestorm.net /system+keykos+eros+operating+development   (608 words)

  
 SourceForge.net: capros-devel   (Site not responding. Last check: 2007-10-09)
The issue here is that while a process is running or stalled, there is something in main memory allocated to keep track of it.
In KeyKOS this was the domain root, in CapROS it is the Activity (which is smaller).
In KeyKOS the decongester was an attempt to solve this problem.
sourceforge.net /mailarchive/message.php?msg_id=15089226   (2035 words)

  
 From Objects To Capabilities
In a pure capability operating = system, such as KeyKOS [Hardy85] or EROS [Shapiro99], a process's only = source of authority is the capabilities that it holds.=20 A capability is normally thought of as a pairing of a designated process = with a set of services that the process provides.
For example, in KeyKOS = a capability carries a numeric tag which an invoked process receives = along with an incoming message.
For example, in KeyKOS a = capability=20 carries a numeric tag which an invoked process receives along with an = incoming=20 message.
lists.tunes.org /archives/review/2001-March/000126.html   (600 words)

  
 PDP1 3632
from keykos history, here is account of Tymshare offering vm370 based timesharing starting in the early 70s
minor trivia, as part of spinning of gnosis (as Keykos), i was brought in to audit gnosis (I still have paper manuals).
Eros was subsequently spawned based on the keykos work
www.plex86.org /Computer_Folklore/PDP1-3632.html   (494 words)

  
 Interaction Design for End-User Security
The system is designed around a capability-style model for security privileges.
To our knowledge, this is one of the first attempts to design a graphical interface for a capability-based system.
[KeyKOS CL84] User's Guide to the CL84 Command Language, http://www.agorics.com/KeyKos/Gnosis/166.html, KeyKOS design documents.
www.ischool.berkeley.edu /~ping/sid/design.html   (1317 words)

  
 LKML: shapj@us ...: Re: Fw: Some very thought-provoking ideas about OS architecture.   (Site not responding. Last check: 2007-10-09)
It originally deployed under the name KeyKOS, and was used in credit card, transaction processing, and communication applications.
In the course of a series of acquisitions and divestitures, this OS came to be owned by Key Logic, Inc., and came to be known as KeyKOS.
All of them, in one fashion or another, came to the conclusion that these sorts of underpinnings were necessary.
lkml.org /lkml/1999/6/20/89   (693 words)

Try your search on: Qwika (all wikis)

Factbites
  About us   |   Why use us?   |   Reviews   |   Press   |   Contact us  
Copyright © 2005-2007 www.factbites.com Usage implies agreement with terms.