Major Trends in Operating Systems Development

Operating systems have changed in nature in response to demands of users, and in response to advances in hardware and software technology. The purpose of this paper is to trace the development of major themes in operating system design from their beginnings through the present. This is not an exhaustive history of operating systems, but instead is intended to give the reader the flavor of the dif ferent periods in operating systems\u27 development. To this end, the paper will be organized by topic in approximate order of development. Each chapter will start with an introduction to the factors behind the rise of the period. This will be fol lowed by a survey of the state-of-the-art systems, and the conditions influencing them. The chapters close with a summation of the significant hardware and software contributions from the period

Foundations of secure computation

Issued as Workshop proceedings and Final report, Project no. G-36-61

Protection in commodity monolithic operating systems

This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege separation within commodity operating systems by "nesting" a small memory management protection domain inside a monolithic kernel's single-address space: all the while allowing both domains to operate at the same hardware privilege level. This dissertation also demonstrates a microarchitectural return-integrity protection domain that efficiently asserts dynamic "return-to-sender" semantics for all operating system return control-flow operations. Employing these protection domains, we provide mitigations to large classes of kernel attacks such as code injection and return-oriented programming and deploy information protection policies that are not feasible with existing systems. Operating systems form the foundation of information protection in multiprogramming environments. Unfortunately, today's commodity operating systems employ monolithic kernel design, where any single exploit in the vast code base undermines all information protection in the system because all kernel code operates with full supervisor privileges, meaning that even perfectly secure applications are vulnerable. This dissertation explores an approach that retrofits fundamental information protection design principles into commodity monolithic operating systems, the aim of which is a micro-evolution of commodity system design that incrementally decomposes monolithic operating systems from the ground up, thereby applying microkernel-like security properties for billions of users worldwide. The key contribution is the creation of a new operating system organization, the Nested Kernel Architecture, which "nests" a new, efficient intra-kernel memory isolation mechanism into a traditional monolithic operating system design. Using the Nested Kernel Architecture we introduce write-protection services for kernel developers to deploy security policies in ways not possible in current systems—while greatly reducing the trusted computing base—and demonstrate the value of these services by deploying three special data protection policies. Overall, the Nested Kernel Architecture demonstrates practical in-place protections that require only minor code modifications with minimal run- time overheads

Process survivability in a distributed computer control system

Possibly the greatest advantage that a distributed computer control system has over a centralised control system is that the failure of one or more of its constituent computers does not prevent the other computers from operating normally. Unfortunately, the loss of the executive and application software hosted by a failed computer will prevent the surviving part of the control system from fulfilling its role. Whereas it is possible to design the executive software so that the loss of one of its constituent kernels will not prevent the others from functioning normally, it is not possible to do this for the application software. Process survivability was conceived as a way of preventing application processes from being lost as a result of a computer failure. Process survivability enhances the high availability of a distributed computer control system’s hardware by making its application software invulnerable to computer failure. Process survivability is performed in a way that is transparent to the application programmer. In this thesis we first describe the distributed computer control system called PROSUP (PROcess SURvivability) which we designed as an environment in which to develop process survivability. The major part of this thesis is concerned with the design and development of process survivability for PROSUR. In particular, we describe how redmdant inactive copies of all of the application processes are incorporated into the application software and how the processes are recovered to a consistent state after a computer failure. As well as showing that process survivability is practicable, we also investigate its practicality. A simulation study of a distributed computer control system incorporating process survivability has been performed to gain an insight into the effects that process survivability might have on a control system's performance. The results of this simulation are presented and a number of interesting conclusions are drawn

Automation of America's Offices, 1985-2000

An assessment by the Office of Technology Assessment (OTA) that "assesses the consequences of the continuing and rapid introduction of information and telecommunications technologies in offices" (p. iii)