|
Separation Kernel
A separation kernel is a type of security kernel used to simulate a distributed environment. The concept was introduced by John Rushby in a 1981 paper.John Rushby, "The Design and Verification of Secure Systems," Eighth ACM Symposium on Operating System Principles, pp. 12-21, Asilomar, CA, December 1981. (''ACM Operating Systems Review'', Vol. 15, No. 5). Rushby proposed the separation kernel as a solution to the difficulties and problems that had arisen in the development and verification of large, complex security kernels that were intended to "provide multilevel secure operation on general-purpose multi-user systems." According to Rushby, "the task of a separation kernel is to create an environment which is indistinguishable from that provided by a physically distributed system: it must appear as if each regime is a separate, isolated machine and that information can only flow from one machine to another along known external communication lines. One of the properties we must prov ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Kernel (computer Science)
The kernel is a computer program at the core of a computer's operating system and generally has complete control over everything in the system. It is the portion of the operating system code that is always resident in memory and facilitates interactions between hardware and software components. A full kernel controls all hardware resources (e.g. I/O, memory, cryptography) via device drivers, arbitrates conflicts between processes concerning such resources, and optimizes the utilization of common resources e.g. CPU & cache usage, file systems, and network sockets. On most systems, the kernel is one of the first programs loaded on startup (after the bootloader). It handles the rest of startup as well as memory, peripherals, and input/output (I/O) requests from software, translating them into data-processing instructions for the central processing unit. The critical code of the kernel is usually loaded into a separate area of memory, which is protected from access by applicatio ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Wind River Systems
Wind River Systems, also known as Wind River (trademarked as Wndrvr), is an Alameda, California–based company, subsidiary of Aptiv PLC. The company develops embedded system and cloud software consisting of real-time operating systems software, industry-specific software, simulation technology, development tools and middleware. History Wind River Systems was formed by a partnership of Jerry Fiddler and Dave Wilner. Until 1981, Fiddler had worked at Berkeley Lab writing software for control systems, and wanted to pursue a career in computer generated music, which he funded through a consultancy business focused on real-time operating systems. His early clients included the National Football League and film director Francis Ford Coppola, for whom he designed a unique film editing system. Wilner, a former colleague at Berkeley Lab, joined Fiddler to form Wind River Systems in 1983. In 2009, Wind River was acquired by Intel. In 2018, Intel spun out its Wind River division, which ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Operating-system-level Virtualization
OS-level virtualization is an operating system (OS) paradigm in which the kernel allows the existence of multiple isolated user space instances, called ''containers'' (LXC, Solaris containers, Docker, Podman), ''zones'' (Solaris containers), ''virtual private servers'' (OpenVZ), ''partitions'', ''virtual environments'' (VEs), ''virtual kernels'' ( DragonFly BSD), or ''jails'' ( FreeBSD jail or chroot jail). Such instances may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources (connected devices, files and folders, network shares, CPU power, quantifiable hardware capabilities) of that computer. However, programs running inside of a container can only see the container's contents and devices assigned to the container. On Unix-like operating systems, this feature can be seen as an advanced implementation of the standard chroot mechanism, which changes the apparent root folde ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FreeBSD Jail
The jail mechanism is an implementation of FreeBSD's OS-level virtualisation that allows system administrators to partition a FreeBSD-derived computer system into several independent mini-systems called ''jails'', all sharing the same kernel, with very little overhead. It is implemented through a system call, jail(2), as well as a userland utility, jail(8), plus, depending on the system, a number of other utilities. The functionality was committed into FreeBSD in 1999 by Poul-Henning Kamp after some period of production use by a hosting provider, and was first released with FreeBSD 4.0, thus being supported on a number of FreeBSD descendants, including DragonFly BSD, to this day. History The need for the FreeBSD jails came from a small shared-environment hosting provider's (R&D Associates, Inc.'s owner, Derrick T. Woolworth) desire to establish a clean, clear-cut separation between their own services and those of their customers, mainly for security and ease of administrationjail( ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Chroot
A chroot on Unix and Unix-like operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally cannot access) files outside the designated directory tree. The term "chroot" may refer to the system call or the wrapper program. The modified environment is called a chroot jail. History The chroot system call was introduced during development of Version 7 Unix in 1979. One source suggests that Bill Joy added it on 18 March 1982 – 17 months before 4.2BSD was released – in order to test its installation and build system. All versions of BSD that had a kernel have chroot(2). An early use of the term "jail" as applied to chroot comes from Bill Cheswick creating a honeypot to monitor a hacker in 1991. The first article about a jailbreak has been discussed on the security column of SunWorld Online which is written by Car ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Multiple Independent Levels Of Security
Multiple Independent Levels of Security/Safety (MILS) is a high-assurance security architecture based on the concepts of separation and controlled information flow. It is implemented by separation mechanisms that support both untrusted and trustworthy components; ensuring that the total security solution is non-bypassable, evaluatable, always invoked, and tamperproof. Overview A MILS solution allows for independent evaluation of security components and trusted composition. MILS builds on the older Bell and La Padula theories on secure systems that represent the foundational theories of the DoD Orange Book. A MILS system employs one or more separation mechanisms (e.g., Separation kernel, Partitioning Communication System, physical separation) to maintain assured data and process separation. A MILS system supports enforcement of one or more application/system specific security policies by authorizing information flow only between components in the same security domain or through ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
GitHub
GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, it has been a subsidiary of Microsoft since 2018. It is commonly used to host open source software development projects. As of June 2022, GitHub reported having over 83 million developers and more than 200 million repositories, including at least 28 million public repositories. It is the largest source code host . History GitHub.com Development of the GitHub.com platform began on October 19, 2007. The site was launched in April 2008 by Tom Preston-Werner, Chris Wanstrath, P. J. Hyett and Scott Chacon after it had been made available for a few months prior as a beta release. GitHub has an annual keynote called GitHub Universe. Organizat ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SeL4
L4 is a family of second-generation microkernels, used to implement a variety of types of operating systems (OS), though mostly for Unix-like, ''Portable Operating System Interface'' (POSIX) compliant types. L4, like its predecessor microkernel L3, was created by German computer scientist Jochen Liedtke as a response to the poor performance of earlier microkernel-based OSes. Liedtke felt that a system designed from the start for high performance, rather than other goals, could produce a microkernel of practical use. His original implementation in hand-coded Intel i386-specific assembly language code in 1993 sparked intense interest in the computer industry. Since its introduction, L4 has been developed to be cross-platform and to improve security, isolation, and robustness. There have been various re-implementations of the original binary L4 kernel application binary interface (ABI) and its successors, including ''L4Ka::Pistachio'' ( Karlsruhe Institute of Technology), ''L4/MI ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
LynxSecure
LynxSecure is a least privilege real-time separation kernel hypervisor from Lynx Software Technologies designed for safety and security critical applications found in military, avionic, industrial, and automotive markets. Overview Leveraging multi-core CPU hardware virtualization features and smaller than a microkernel (as small as 15kB), LynxSecure is primarily targeted to raise the assurance of systems that perform critical computing functions in regulated environments. Common use cases include; separating critical apps from internet domains, isolating security functions from application domains, verifying and filtering inter-domain communication. LynxSecure lives underneath applications and operating systems, runs completely transparent and cannot be tampered with. The software can be embedded into a broad class of devices from embedded to IT platforms. The stripped-down design aims to raise assurance of the host by removing the possibility of CPU privilege escalation and prov ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Lynx Software Technologies
Lynx Software Technologies, Inc. (formerly LynuxWorks) is a San Jose, California software company founded in 1988. Lynx specializes in secure virtualization and open, reliable, certifiable real-time operating systems (RTOSes). Originally known as Lynx Real-Time Systems, the company changed its name to LynuxWorks in 2000 after acquiring, and merging with, ISDCorp (Integrated Software & Devices Corporation), an embedded systems company with a strong Linux background. In May 2014, the company changed its name to Lynx Software Technologies. Over 30 years of processor evolution, Lynx has crafted and adapted platform architectures for builders of safety- and security-critical software systems. Lynx embraced open standards from its inception, with its original RTOS, LynxOS, featuring a UNIX-like user model and standard POSIX interfaces to embedded developers. LynxOS-178 is developed and certified to the distinguished FAA DO-178C DAL A safety standard and received the first and only FAA R ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Green Hills Software
Green Hills Software is a privately owned company that builds operating systems and programming tools for embedded systems. The firm was founded in 1982 by Dan O'Dowd and Carl Rosenberg. Its world headquarters are in Santa Barbara, California. History Green Hills Software and Wind River Systems enacted a 99-year contract as cooperative peers in the embedded software engineering market throughout the 1990s, with their relationship ending in a series of lawsuits throughout the early 2000s. This resulted in their opposite parting of ways, whereupon Wind River devoted itself to publicly embrace Linux and open-source software but Green Hills initiated a public relations campaign decrying its use in issues of national security. In 2008, the Green Hills real-time operating system (RTOS) named Integrity-178 was the first system to be certified by the National Information Assurance Partnership (NIAP), composed of National Security Agency (NSA) and National Institute of Standards and Te ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
John Rushby
John Rushby (born 1949) is a British computer scientist now based in the United States and working for SRI International. He previously taught and did research for Manchester University and later Newcastle University. Early life and education John Rushby was born and brought up in London, where he attended Dartford Grammar School. He studied at Newcastle University in the United Kingdom, gaining his computer science BSc there in 1971 and his PhD in 1977. Career From 1974 to 1975, he was a lecturer in the Computer Science Department at Manchester University. From 1979 to 1982, he was a research associate in the Department of Computing Science at the Newcastle University. Rushby joined SRI International in Menlo Park, California in 1983. Currently he is Program Director for ''Formal Methods and Dependable Systems'' in the Computer Science Laboratory at SRI. He developed the Prototype Verification System, which is a theorem prover. Awards and memberships Rushby was the recipi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
