Introduction This paper introduces the Architecture of KeyKOS ~M* , a capability-based operating system for the I B M System 13 70. We attempt to tel I enough so that certain arguments and conclusions about its properties can be formed. Our description attempts to be essentially complete concerning the function of the kernel** which comprises the… (More)
This is a nearly true story (inessential details have been changed). The events happened about eleven years ago at Tymshare, a company which provided commercial timesharing services. Before this happened I had heard of capabilities and thought that they Were neat and tidy, but was not yet convinced that they were necessary. This occasion convinced me that… (More)
The KeyKOS nanokernel is a capability-based object-oriented operating system that has been in production use since 1983. Its original implementation was motivated by the need to provide security, reliability, and 24-hour availability for applications on the Tymnet ® hosts. Requirements included the ability to run multiple instantiations of several operating… (More)
Because active systems run user-supplied code, we cannot rely on boundary security to keep out hostile code. In the face of such code, EROS provides both security and performance guarantees (see www.eros-os.org for downloadable software). An application that executes hostile code (such as viruses) cannot harm other users or the system as a whole and cannot… (More)
KeyKOSTM** is a capability-based system which was designed to meet the performance, reliability, and security goals of the commercial computer service marketplace, KeyKOSs architecture combines several unique features to achieve simple and effective protection mechanisms with a very small amount of privileged code. Particular emphasis is placed here on the… (More)
The art of progress is to preserve order amid change and to preserve change amid order.
KeyKOS™** is a capability-based system which was designed to meet the performance, reliability, and security goals of the commercial computer service marketplace, KeyKOS's architecture combines several unique features to achieve simple and effective protection mechanisms with a very small amount of privileged code. Particular emphasis is placed here… (More)
I too have been disturbed by the way that Pascal seems to encourage global variables. My conclusion, however is the opposite of that expressed in Eric Levy's paper° This is an integer expression. We assume that f is an integer valued function of an integer (PROC(INT)INT). The text 'INT sum := O' declares and initializes the variable 'sum'. The scope of this… (More)