[Cryptography] Simpler programs?

Bill Frantz frantz at pwpconsult.com
Thu Apr 17 01:31:26 EDT 2014 

On 4/16/14 at 7:02 PM, leichter at lrw.com (Jerry Leichter) wrote:

>On Apr 16, 2014, at 7:28 PM, Lodewijk andré de la porte <l at odewijk.nl> wrote:
>>For me it's about bottlenecking. Going through a small and secure place, and do all the ugly stuff
>there.
>>
>>I'm still waiting for the waterproof dead-simple VM with simple message passing that isolates
>programs from one another properly.
>This was one of the original goals for VM's.  VM/370 virtual 
>machines talked to each other through fake networks and had 
>isolated "mini-disks".
>
>The original view of virtualization was also the basis of an 
>A2-secure VMS implementation at DEC many years ago.  (It never 
>shipped - the VAX died before it gained sufficient momentum, 
>and the port to Alpha would have been a major effort.  The 
>effort's been written up - I don't have a handy reference.)
>
>Unfortunately, all recent VM work has gone in an entirely 
>different direction.  Now integration between host and 
>hypervisor is the name of the game.  Simplicity was lost long 
>ago in favor of performance, manageability - and all sorts of 
>extra features.
>
>Exactly what a VM built with security as its first goal - but 
>usability for an interesting set of cases, given modern OS's, 
>programming styles, interaction styles, etc. - should look like 
>would be a nice little research project.

If I may toot my own horn here, I worked for many years on such 
a system.

The KeyKOS operating system 
<http://www.cis.upenn.edu/~KeyKOS/KeyKOS.html> was such a 
system. It has also been known over the years as Gnosis and 
GuardOS -- they are all the same code base. (Well, kind of. The 
first implementation was in IBM 370 Assembler. Later versions 
were in C and ran on some Motorola 88000 hardware and some Sparc hardware.)

The KeyKOS Design Document 
<http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/Gnosis/keywelcome.html> 
is a comprehensive manual of the API for the 370 version. It 
also includes a number of design writeups which were not 
implemented. I think by reading it, you can tell which is which.

The CapROS system <http://www.capros.org/> is a clean room clone 
which runs on Intel x86 and some ARM processors.

Any questions?

Cheers - Bill



-----------------------------------------------------------------------
Bill Frantz        |The nice thing about standards| Periwinkle
(408)356-8506      |is there are so many to choose| 16345 
Englewood Ave
www.pwpconsult.com |from.   - Andrew Tanenbaum    | Los Gatos, 
CA 95032

More information about the cryptography mailing list