ACM Computing Surveys (CSUR)
Protection and the control of information sharing in multics
Communications of the ACM
The Multics virtual memory: concepts and design
Communications of the ACM
Implications of a virtual memory mechanism for implementing protection in a family of operating systems
A verified program-verifier.
A Model for Multilevel Security in Computer Networks
IEEE Transactions on Software Engineering
Fault Tolerant Operating Systems
ACM Computing Surveys (CSUR)
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
A model for verification of data security in operating systems
Communications of the ACM
Survey of recent operating systems research, designs and implementations
ACM SIGOPS Operating Systems Review
Architectural implications of abstract data type implementation
ISCA '79 Proceedings of the 6th annual symposium on Computer architecture
Full protection specifications in the semantic model for database protection languages
ACM '76 Proceedings of the 1976 annual conference
Engineering a security kernel for Multics
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
vBlades: optimized paravirtualization for the Itanium processor family
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
A security policy for a profile-oriented operating system
AFIPS '81 Proceedings of the May 4-7, 1981, national computer conference
The advent of trusted computer operating systems
AFIPS '80 Proceedings of the May 19-22, 1980, national computer conference
Hi-index | 0.02 |
This paper reports on the design and implementation of the UCLA Virtual Machine System, a multiuser operating system base that has been developed to provide ultra high reliability protection and security. Details are presented of the UCLA-VM system, a prototype of which now exists. Concepts which have influenced its structure are discussed, including program verification, security kernels, virtual machines, virtual memory, and the need for flexible information sharing facilities. A new mechanism, capability faulting, is developed in order to remove much of the virtual memory support from the security kernel. Flexible, reliable control of sharing is obtained by extensions to several of these concepts, especially through the use of levels of kernels.