EROS: A Capability System

EROS: A Capability System (1997)

Cached

Download Links

by J. S. Shapiro , J.M. Smith , D.J. Farber

Citations:

BibTeX

@TECHREPORT{Shapiro97eros:a,
    author = {J. S. Shapiro and J.M. Smith and D.J. Farber},
    title = {EROS: A Capability System},
    institution = {},
    year = {1997}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Capabilities define a uniform semantics for system service invocation, enforce separation of concerns and encapsulation, and allow each program to be restricted to exactly that set of authority it requires (the principle of least privilege). Capability systems therefore readily contain and reduce errors at the application level and improve component testability. If carefully architected, a capability system should be both faster and simpler than a comparable access-control-based system. In practice, implementations have failed to demonstrate such performance. This paper provides an architectural overview of EROS, the Extremely Reliable Operating System. EROS is a persistent capability system which provides complete accountability for persistent, consumable and multiplexed resources. By choosing abstractions to leverage conventional hardware protecgion, and exploiting hardware support in the implementation, a fast pure capability architecture can be demonstrated. This paper de...

Citations

537	The protection of information in computer systems - Saltzer, Schroeder - 1975
345	lmbench: Portable Tools for Performance Analysis - McVoy, Staelin - 1996
339	A note on the confinement problem - Lampson
238	Dealing with disaster: Surviving misbehaved kernel extensions - Seltzer, Endo, et al. - 1996
237	Programming semantics for multiprogrammed computations - Dennis, Horn - 1966
161	Capability-Based Computer Systems - Levy
145	Improving IPC by Kernel Design - Liedtke - 1993
106	File system logging versus clustering: A performance comparison - Seltzer, Smith, et al. - 1995
102	HYDRA/C.mmp: An Experimental Computer System - Wulf, Levin, et al. - 1981
89	Metadata Update Performance in File Systems - Ganger, Patt - 1994
84	Evolving Mach 3.0 to a migrating thread model - Ford, Lepreau - 1994
50	UNIX implementation - THOMPSON - 1978
47	The KeyKOS nanokernel architecture - Bromberger, Frantz, et al. - 1992
32	The Checkpoint Mechanism in KeyKOS - Landau - 1992
29	Improved address-space switching on Pentium processors by transparently multiplexing user address spaces. Arbeitspapiere der - Liedtke - 1995
23	ªProcessor Capacity Reserves: An Abstraction for Managing Processor Usage,º WWOS - Mercer, Savage, et al. - 1993
21	Reflections on an operating system design - Lampson, Sturgis - 1976
18	The measured performance of a fast local IPC - Shapiro, Farber, et al. - 1996
15	Performance effects of architectural complexity in the Intel 432 - Colwell, Gehringer, et al. - 1988
14	The Impact of Operating - Chen, Bershad - 1993
11	Verifying operating system security - Shapiro, Weber - 1997
7	State caching in the eros kernel -- implementing efficient orthogonal persistence in a pure capability system - Shapiro, Farber, et al. - 1996
5	A Programmer's Introduction to EROS. Available via the EROS home page at http://www.cis.upenn.edu/eros - Shapiro
3	The MERT operating system - Lycklama, Bayer - 1978
3	The EROS Object Reference Manual. In progress. Draft available via the EROS home page at http://www.cis.upenn.edu/~eros - Shapiro
2	The KeyKOS Architecture " Operating Systems Review - Hardy - 1985
2	Tatsuo Nakajima, Hiroshi Arakawa, and Hideyuki Tokuda. "Integrated - Kitayama - 1993
1	Draft available via the EROS home page at http://www.cis.upenn.edu/eros - progress