FU Berlin, Fachbereich Mathematik und Informatik, Institut für Informatik

Vortrag des Informatik-Kolloquiums

                                                       
                             SPEEDOS: An Experimental Operating System
 

                                                                      Prof. Dr. Leslie Keedy, Universität Ulm
 

SPEEDOS (Secure Persistent Execution Environment for Distributed Object Systems) is a new operating system project which has recently started at
the University of Ulm. The main aim of SPEEDOS is to provide an operating system which is capable of supporting powerful security and software engineering features. The concepts are in principle simple (but difficult to implement on conventional hardware).

Memory management is based on the concept of a persistent paged virtual memory (i.e. without a separate file system). A single distributed persistent virtual memory is shared by all SPEEDOS systems, which can be networked world-wide using paging over the Internet.

The kernel supports a single information-hiding structure for all the major system and user software resources in a system (e.g. programs, subroutines libraries, files (!) and operating system modules). These resources, known as "modules", are protected by means of module capabilities, which identify all SPEEDOS modules uniquely in the distributed persistent memory and include access rights based on the semantic operations of the modules.

Processes are persistent (i.e. they exist even while a user is logged out). These are efficient and convenient for users and they create an environment which allows users easily to authenticate themselves using their own authentication algorithms rather than relying on a central vulnerable system usch as password checking.

A particularly novel and interesting feature of the kernel is dynamic support for "bracket routines". This new technique provides a general mechanism for allowing a module to be bracketed by user written code. This can be used for many purposes (e.g. synchronisation) but in the SPEEDOS context its main purpose is to support rule-based security checks. This allows the basic capability based system to be extended for example by capability revocation lists, access control lists and any
other rule based model, such as Bell-LaPadula.

Finally an unusual use of the Pentium hardware together with bracket routines and/or capabilities allows the confinement problem(s) to be solved in a simple and elegant manner.