Towards Trusted Systems, From The Ground Up

Operating systems, the most fundamental software layer in virtually every computer system, are notoriously insecure and unreliable. A possible reason for this situation is that progress on language-based safety and security mechanisms has largely been ignored in the context of operating systems. There is a lack of mechanical checking of safety properties (both at compile- and run-time) as well as a framework and a mechanism for expressing, safely transporting and enforcing such properties. Our solution is to leverage language-based mechanisms by reversing the traditional relationship of operating systems and programming languages – implement operating system functionality on top of a provably safe and secure language and its runtime environment instead of the other way round. We propose to leverage these mechanisms, many of which have been developed in the context of mobile code infrastructures, to build secure systems from the ground up. Such a system would be more secure, flexible and scalable compared to existing systems. 1

Towards Trusted Systems from the Ground Up

Operating systems, the most fundamental software layer i n virtually every computer system, are notoriously insecure and unreliable. A possible reason for this situation is that progress on language-based safety and security mechanisms has largely been ignored in the context of operating systems. There is a lack of mechanical checking of safety properties (both at compile- and run-time) as well as a framework and a mechanism for expressin , safely transportin and enforcin such properties. Our solution is to levera e lan ua e-based mechanisms by reversin the traditional relationship of operatin systems and pro rammin lan ua es -- implement operatin system functionality on top of a provably safe and secure lan ua e and its runtime environment instead of the other way round. We propose to levera e these mechanisms, many of which have been developed in the context of mobile code infrastructures, to build secure systems from the round up. Such a system would be more secure, flexible and scalable compared to existin systems