[Cryptography] Simpler programs?

Bill Frantz frantz at pwpconsult.com
Thu Apr 17 14:34:44 EDT 2014 

On 4/17/14 at 5:41 AM, l at odewijk.nl (Lodewijk andré de la 
porte) wrote:

>Why is it that these things are always so.. outlandish? I can't use this
>for a desktop environment.

Well, the 370 version of KeyKOS could run IBM's CMS, which was a 
desktop environment back when the desktop meant timesharing. 
Otherwise, desktop environments take a lot of development work. 
There doesn't seem to be a market for anything which provides 
least privilege for desktop applications. HP labs has done some 
excellent work in this area with their Polaris system, which 
runs each Windows application in a separate user ID, and CapDesk 
which runs the file dialog as a secure, privilege-granting 
widget for applications wanting to access files.

My bottom line is, where's the money?


>Maybe I can use this for a server environment, but a lack of multiprocessor
>support does not get my hopes up.

Remember that the money supporting these systems ran out towards 
the end of the last millennium. There has been a lot of changes 
in the economics of processors in the last 15-20 years. The 370 
version of KeyKOS had a design for a multi-processor (shared 
main memory) version, but with less than 5% of the installed 
370s having a second processor, it wasn't a high priority.

At the application level, each KeyKOS domain (or CapROS process) 
can execute independently, allowing use of many processors. Each 
one is single-threaded and communicate with messages, which 
makes it possible to build reliable applications. (Jeff Frantz's 
observation, "Concurrency is hard. 12 out of 10 programmers get 
it wrong." applies here.


>I suppose I'm very defeatist about OS's. A lack of a truly portable
>application format, thick OS specific API's, etc. cause so much pain in
>this.

I'm not sure the Unix model is the correct model, but that's 
what we have in Windows, MacOS, Linux, and Unix. KeyKOS had a 
Unix emulator. The question always came up, "How compatible is 
it?" When we probed the answer seemed to be, "We need bug for 
bug compatibility."


>It's simply impossible for me to use these OS's in server environments, I
>cannot run any software that makes up the stack I'd need for anything. I
>guess! I'd like to be wrong, but that's what I guess. Coyotos is
>unreleased, and unproven.

There is nothing proven. The last funded project, thanks DARPA, 
demonstrated a "Web Key Server" on CapROS. It allowed control of 
physical devices attached to the system from remote locations. A 
Web Key is a kind of URL which includes a secret value 
designating the resource. The server code ran enough HTTP for a 
browser to access the controls. One interesting thing about its 
security architecture is that it used a Btree object to look up 
the objects associated with the web key secret values. This 
Btree object would take a value and return a reference (key) to 
the associated object. It would not allow the server to 
enumerate all the references it held. This architecture provided 
protection against a hacked server. To access any resources the 
attacker would have to know the secret web key values, which 
were long random numbers.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | gets() remains as a monument | Periwinkle
(408)356-8506      | to C's continuing support of | 16345 
Englewood Ave
www.pwpconsult.com | buffer overruns.             | Los Gatos, 
CA 95032

More information about the cryptography mailing list