UWA Logo
  Faculty Home | School Home | Internal Page | Awesome Animations   
           
Home
About the School
Contact and People
Future Undergraduate Students
Prospective Postgraduates
Current Students
Current Postgraduates
Research
Research Areas Research Areas Research Areas
Research Seminars Research Seminars Research Seminars
20082008 2008 2008
20072007 2007 2007
20062006 2006 2006
20052005 2005 2005
20042004 2004 2004
20032003 2003 2003
20022002 2002 2002
20012001 2001 2001
20002000 2000 2000
19991999 1999 1999
19981998 1998 1998
School Research Conferences School Research Conferences School Conferences
Tech Reports Tech Reports Tech Reports
Distinguished Visitors Distinguished Visitors Distinguished Visitors
Research Opportunities for Students Research Opportunities for Students Research Opportunities ...
Research Project Suggestions Research Project Suggestions Research Project Sugges...
IT News
Awards
Industry Links and Prizes
School and IT Information
Other
Internal Information

Research Seminar - February 26, 2001

Seminar Announcement


Title: SPEEDOS: An Experimental Operating System
Speaker: Prof. Les Keedy
  Head, Department of Computer Structures,
University of Ulm, Germany
Date: Monday 26th February, 2001
Time: 2.00pm
Venue: Seminar Room 1.24

Abstract

SPEEDOS (Secure Persistent Execution Environment for Distributed Object Systems) is a new operating system project which has recently started at the University of Ulm. The main aim of SPEEDOS is to provide an operating system which is capable of supporting powerful security and software engineering features. The concepts are in principle simple (but difficult to implement on conventional hardware).

Memory management is based on the concept of a persistent paged virtual memory (i.e. without a separate file system). A single distributed persistent virtual memory is shared by all SPEEDOS systems, which can be networked world-wide using paging over the Internet.

The kernel supports a single information-hiding structure for all the major system and user software resources in a system (e.g. programs, subroutines libraries, files (!) and operating system modules). These resources, known as "modules", are protected by means of module capabilities, which identify all SPEEDOS modules uniquely in the distributed persistent memory and include access rights based on the semantic operations of the modules.

Processes are persistent (i.e. they exist even while a user is logged out). These are efficient and convenient for users and they create an environment which allows users easily to authenticate themselves using their own authentication algorithms rather than relying on a central vulnerable system such as password checking.

A particularly novel and interesting feature of the kernel is dynamic support for "bracket routines" (as found in the component oriented programming (COP) language paradigm). This new technique provides a general mechanism for allowing a module to be bracketed by user written code. This can be used for many purposes (e.g. synchronisation) but in the SPEEDOS context its main purpose is to support rule-based security checks. This allows the basic capability based system to be extended for example by capability revocation lists, access control lists and any other rule based model, such as Bell-LaPadula. Finally an unusual use of the Pentium hardware together with bracket routines and/or capabilities allows the confinement problem(s) to be solved in a simple and elegant manner.

Top of Page