PSOS revisited

We provide a retrospective view of the design of SRI's Provably Secure Operating System (PSOS), a formally specified tagged-capability hierarchical system architecture. It examines PSOS in the light of what has happened in computer system developments since 1980, and assesses the relevance of the PSOS concepts in that light.

[1]  E. J. McCAULEY,et al.  KSOS—The design of a secure operating system* , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[2]  T. A. BERSON,et al.  KSOS—Development methodology for a secure operating system , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[3]  Maurice V. Wilkes,et al.  The Cambridge CAP computer and its operating system (Operating and programming systems series) , 1979 .

[4]  Lawrence Robinson,et al.  Proof techniques for hierarchically structured programs , 1977, CACM.

[5]  Paul A. Karger,et al.  An Augmented Capability Architecture to Support Lattice Security and Traceability of Access , 1984, 1984 IEEE Symposium on Security and Privacy.

[6]  Carl E. Landwehr,et al.  On Access Checking in Capability-Based Systems , 1987, IEEE Trans. Software Eng..

[7]  Jack B. Dennis,et al.  Virtual memory, processes, and sharing in Multics , 1967, SOSP 1967.

[8]  David William John Stringer-Calvert,et al.  Mechanical verification of compiler correctness , 1998 .

[9]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[10]  Butler W. Lampson,et al.  Reflections on an operating system design , 1976, CACM.

[11]  P. M. Melliar-Smith,et al.  Formal Specification and Mechanical Verification of SIFT: A Fault-Tolerant Flight Control System , 1982, IEEE Transactions on Computers.

[12]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[13]  Louise E. Moser,et al.  Design verification of SIFT , 1987 .

[14]  J. Goldberg,et al.  SIFT: Design and analysis of a fault-tolerant computer for aircraft control , 1978, Proceedings of the IEEE.

[15]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[16]  J Strother Moore System verification , 2004, Journal of Automated Reasoning.

[17]  Tom Perrine The Kernelized Secure Operating System (KSOS) , 2002, login Usenix Mag..

[18]  Elliott I. Organick,et al.  The multics system: an examination of its structure , 1972 .

[19]  Edsger W. Dijkstra,et al.  The structure of the “THE”-multiprogramming system , 1968, CACM.

[20]  F. J. Corbató,et al.  On building systems that will fail , 1991, CACM.

[21]  David D. Clark,et al.  The structuring of systems using upcalls , 1985, SOSP '85.

[22]  Theodore A. Linden Operating System Structures to Support Security and Reliable Software , 1976, CSUR.

[23]  Richard J. Feiertag A Technique for Proving Specifications are Multilevel Secure , 1980 .

[24]  David D. Redell,et al.  NAMING AND PROTECTION IN EXTENDABLE OPERATING SYSTEMS , 1974 .

[25]  Norman Hardy,et al.  Security In Keykos™ , 1986, 1986 IEEE Symposium on Security and Privacy.

[26]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[27]  RICHARD J. FEIERTAG,et al.  The foundations of a provably secure operating system (PSOS) , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[28]  Li Gong,et al.  A secure identity-based capability system , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[29]  Peter G. Neumann Achieving principled assuredly trustworthy composable systems and networks , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[30]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[31]  M. Stella Atkins Experiments in SR with different upcall program structures , 1988, TOCS.

[32]  Frank G. Soltis,et al.  Fortress Rochester: The Inside Story of the IBM iSeries , 2001 .

[33]  Jonathan S. Shapiro,et al.  EROS: A Principle-Driven Operating System from the Ground Up , 2002, IEEE Softw..

[34]  Owre Sam,et al.  Theory Interpretations in PVS , 2001 .

[35]  P. G. Neumann,et al.  A general-purpose file system for secondary storage , 1965, Published in AFIPS '65 (Fall, part I).

[36]  Paul A. Karger,et al.  Improving security and performance for capability systems , 1988 .

[37]  F. W. von Henke,et al.  A Mechanically Verified Compiling Specification for a Realistic Compiler ∗ , 2002 .

[38]  Robert S. Fabry,et al.  Capability-based addressing , 1974, CACM.

[39]  Peter G. Neumann,et al.  Principled assuredly trustworthy composable architectures , 2003 .

[40]  E. J. McCauley,et al.  KSOS - The design of a secure operating system , 1899 .