[Cryptography] Simpler programs?
Bill Frantz
frantz at pwpconsult.com
Thu Apr 17 14:34:44 EDT 2014
On 4/17/14 at 5:41 AM, l at odewijk.nl (Lodewijk andré de la
porte) wrote:
>Why is it that these things are always so.. outlandish? I can't use this
>for a desktop environment.
Well, the 370 version of KeyKOS could run IBM's CMS, which was a
desktop environment back when the desktop meant timesharing.
Otherwise, desktop environments take a lot of development work.
There doesn't seem to be a market for anything which provides
least privilege for desktop applications. HP labs has done some
excellent work in this area with their Polaris system, which
runs each Windows application in a separate user ID, and CapDesk
which runs the file dialog as a secure, privilege-granting
widget for applications wanting to access files.
My bottom line is, where's the money?
>Maybe I can use this for a server environment, but a lack of multiprocessor
>support does not get my hopes up.
Remember that the money supporting these systems ran out towards
the end of the last millennium. There has been a lot of changes
in the economics of processors in the last 15-20 years. The 370
version of KeyKOS had a design for a multi-processor (shared
main memory) version, but with less than 5% of the installed
370s having a second processor, it wasn't a high priority.
At the application level, each KeyKOS domain (or CapROS process)
can execute independently, allowing use of many processors. Each
one is single-threaded and communicate with messages, which
makes it possible to build reliable applications. (Jeff Frantz's
observation, "Concurrency is hard. 12 out of 10 programmers get
it wrong." applies here.
>I suppose I'm very defeatist about OS's. A lack of a truly portable
>application format, thick OS specific API's, etc. cause so much pain in
>this.
I'm not sure the Unix model is the correct model, but that's
what we have in Windows, MacOS, Linux, and Unix. KeyKOS had a
Unix emulator. The question always came up, "How compatible is
it?" When we probed the answer seemed to be, "We need bug for
bug compatibility."
>It's simply impossible for me to use these OS's in server environments, I
>cannot run any software that makes up the stack I'd need for anything. I
>guess! I'd like to be wrong, but that's what I guess. Coyotos is
>unreleased, and unproven.
There is nothing proven. The last funded project, thanks DARPA,
demonstrated a "Web Key Server" on CapROS. It allowed control of
physical devices attached to the system from remote locations. A
Web Key is a kind of URL which includes a secret value
designating the resource. The server code ran enough HTTP for a
browser to access the controls. One interesting thing about its
security architecture is that it used a Btree object to look up
the objects associated with the web key secret values. This
Btree object would take a value and return a reference (key) to
the associated object. It would not allow the server to
enumerate all the references it held. This architecture provided
protection against a hacked server. To access any resources the
attacker would have to know the secret web key values, which
were long random numbers.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing support of | 16345
Englewood Ave
www.pwpconsult.com | buffer overruns. | Los Gatos,
CA 95032
More information about the cryptography
mailing list