Show simple item record

AuthorEspenlaub, Klausdc.contributor.author
Date of accession2016-03-14T13:38:38Zdc.date.accessioned
Available in OPARU since2016-03-14T13:38:38Zdc.date.available
Year of creation2005dc.date.created
AbstractThe two major deficiencies identified and addressed in this thesis are the versatility of access right specification and the structuring of the operating system in conjunction with the applications. The SPEEDOS design places the emphasis on balancing the duties and powers of the kernel and the applications in order to obtain a flexible and extensible overall system. SPEEDOS supports freely user-programmable protection checks for individual method invocations. These checks are implemented with bracket methods, which intercept other method invocations. For example bracket methods may deny access to the target method based on arbitrary rules or may implement access monitoring. Brackets may also serve as a basis for implementing confinement by checking the client and target module identity and the information that is passed between the modules. Another important aspect of the SPEEDOS design is the delegation of many operating system duties to individual application software modules. The design of the kernel explicitly restricts the duties of the kernel to security-related basic mechanisms. All policy decisions are made in user-level modules. Certain resource management duties still need to be implemented in centralized modules, otherwise the allocation efficiency would decrease. The kernel implements only policy-neutral mechanisms and delegates all policy decisions to user-level code in order to minimize the size of the kernel. As an intentional side-effect this maximizes the flexibility and extensibility of the user-level modules. Effectively the complete operating system characteristics are determined by user-level code. In the prototype implementation it is shown that the virtual memory model used to describe the module structure can be mapped efficiently to the current page-based memory architecture implemented by the standard processor architectures available today.dc.description.abstract
Languageendc.language.iso
PublisherUniversität Ulmdc.publisher
LicenseStandard (Fassung vom 03.05.2003)dc.rights
Link to license texthttps://oparu.uni-ulm.de/xmlui/license_v1dc.rights.uri
KeywordConfinementdc.subject
KeywordProtection mechanismsdc.subject
KeywordSecurity kerneldc.subject
LCSHComputer securitydc.subject.lcsh
LCSHOperating systems (Computers)dc.subject.lcsh
TitleDesign of the SPEEDOS operating system kerneldc.title
Resource typeDissertationdc.type
DOIhttp://dx.doi.org/10.18725/OPARU-323dc.identifier.doi
PPN164416776Xdc.identifier.ppn
URNhttp://nbn-resolving.de/urn:nbn:de:bsz:289-vts-53338dc.identifier.urn
GNDComputerarchitekturdc.subject.gnd
GNDComputersicherheitdc.subject.gnd
GNDKernel <Informatik>dc.subject.gnd
FacultyFakultät für Informatikuulm.affiliationGeneral
Date of activation2005-08-16T13:49:20Zuulm.freischaltungVTS
Peer reviewneinuulm.peerReview
Shelfmark print versionZ: J-H 8.975 ; W: W-H 8.500uulm.shelfmark
DCMI TypeTextuulm.typeDCMI
VTS ID5333uulm.vtsID
CategoryPublikationenuulm.category
Bibliographyuulmuulm.bibliographie


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record