[Cryptography] Simpler programs?
Bill Frantz
frantz at pwpconsult.com
Thu Apr 17 01:31:26 EDT 2014
On 4/16/14 at 7:02 PM, leichter at lrw.com (Jerry Leichter) wrote:
>On Apr 16, 2014, at 7:28 PM, Lodewijk andré de la porte <l at odewijk.nl> wrote:
>>For me it's about bottlenecking. Going through a small and secure place, and do all the ugly stuff
>there.
>>
>>I'm still waiting for the waterproof dead-simple VM with simple message passing that isolates
>programs from one another properly.
>This was one of the original goals for VM's. VM/370 virtual
>machines talked to each other through fake networks and had
>isolated "mini-disks".
>
>The original view of virtualization was also the basis of an
>A2-secure VMS implementation at DEC many years ago. (It never
>shipped - the VAX died before it gained sufficient momentum,
>and the port to Alpha would have been a major effort. The
>effort's been written up - I don't have a handy reference.)
>
>Unfortunately, all recent VM work has gone in an entirely
>different direction. Now integration between host and
>hypervisor is the name of the game. Simplicity was lost long
>ago in favor of performance, manageability - and all sorts of
>extra features.
>
>Exactly what a VM built with security as its first goal - but
>usability for an interesting set of cases, given modern OS's,
>programming styles, interaction styles, etc. - should look like
>would be a nice little research project.
If I may toot my own horn here, I worked for many years on such
a system.
The KeyKOS operating system
<http://www.cis.upenn.edu/~KeyKOS/KeyKOS.html> was such a
system. It has also been known over the years as Gnosis and
GuardOS -- they are all the same code base. (Well, kind of. The
first implementation was in IBM 370 Assembler. Later versions
were in C and ran on some Motorola 88000 hardware and some Sparc hardware.)
The KeyKOS Design Document
<http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/Gnosis/keywelcome.html>
is a comprehensive manual of the API for the 370 version. It
also includes a number of design writeups which were not
implemented. I think by reading it, you can tell which is which.
The CapROS system <http://www.capros.org/> is a clean room clone
which runs on Intel x86 and some ARM processors.
Any questions?
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz |The nice thing about standards| Periwinkle
(408)356-8506 |is there are so many to choose| 16345
Englewood Ave
www.pwpconsult.com |from. - Andrew Tanenbaum | Los Gatos,
CA 95032
More information about the cryptography
mailing list