Communications of the ACM
A note on the confinement problem
Communications of the ACM
The structure of the “THE”-multiprogramming system
Communications of the ACM
A structured specification of a hierarchical operating system
Proceedings of the international conference on Reliable software
Report on the programming language Euclid
ACM SIGPLAN Notices
A formal protection model of security in centralized, parallel, and distributed systems
ACM Transactions on Computer Systems (TOCS)
File placement and process assignment due to resource sharing in a distributed system
WSC '85 Proceedings of the 17th conference on Winter simulation
ACM Computing Surveys (CSUR)
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
End-to-end arguments in system design
ACM Transactions on Computer Systems (TOCS)
Medusa: an experiment in distributed operating system structure
Communications of the ACM
Secure Internet programming
Survey of recent operating systems research, designs and implementations
ACM SIGOPS Operating Systems Review
An extensible file system for hydra
ICSE '78 Proceedings of the 3rd international conference on Software engineering
Vulnerabilities in Synchronous IPC Designs
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Using type-extension to organize virtual-memory mechanisms
ACM SIGOPS Operating Systems Review
ACM SIGOPS Operating Systems Review
Distributed file systems - a survey
ACM SIGOPS Operating Systems Review
Fine-grain analysis of common coupling and its application to a Linux case study
Journal of Systems and Software
A caching model of operating system kernel functionality
OSDI '94 Proceedings of the 1st USENIX conference on Operating Systems Design and Implementation
A security policy for a profile-oriented operating system
AFIPS '81 Proceedings of the May 4-7, 1981, national computer conference
The advent of trusted computer operating systems
AFIPS '80 Proceedings of the May 19-22, 1980, national computer conference
Hi-index | 0.02 |
We describe a plan to create an auditable version of Multics. The engineering experiments of that plan are now complete. Type extension as a design discipline has been demonstrated feasible, even for the internal workings of an operating system, where many subtle intermodule dependencies were discovered and controlled. Insight was gained into several tradeoffs between kernel complexity and user semantics. The performance and size effects of this work are encouraging. We conclude that verifiable operating system kernels may someday be feasible.