|
Separation Kernel
A separation kernel is a type of security kernel used to simulate a distributed environment. The concept was introduced by John Rushby in a 1981 paper.John Rushby, "The Design and Verification of Secure Systems," Eighth ACM Symposium on Operating System Principles, pp. 12-21, Asilomar, CA, December 1981. (''ACM Operating Systems Review'', Vol. 15, No. 5). Rushby proposed the separation kernel as a solution to the difficulties and problems that had arisen in the development and verification of large, complex security kernels that were intended to "provide multilevel secure operation on general-purpose multi-user systems." According to Rushby, "the task of a separation kernel is to create an environment which is indistinguishable from that provided by a physically distributed system: it must appear as if each regime is a separate, isolated machine and that information can only flow from one machine to another along known external communication lines. One of the properties we must pro ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Kernel (computer Science)
A kernel is a computer program at the core of a computer's operating system that always has complete control over everything in the system. The kernel is also responsible for preventing and mitigating conflicts between different processes. It is the portion of the operating system code that is always resident in memory and facilitates interactions between hardware and software components. A full kernel controls all hardware resources (e.g. I/O, memory, cryptography) via device drivers, arbitrates conflicts between processes concerning such resources, and optimizes the use of common resources, such as CPU, cache, file systems, and network sockets. On most systems, the kernel is one of the first programs loaded on startup (after the bootloader). It handles the rest of startup as well as memory, peripherals, and input/output (I/O) requests from software, translating them into data-processing instructions for the central processing unit. The critical code of the kernel is usuall ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Wind River Systems
Wind River Systems, Inc., also known as Wind River (trademarked as Wndrvr), is an Alameda, California–based company, subsidiary of Aptiv PLC. The company develops embedded system and cloud software consisting of real-time operating systems software, industry-specific software, simulation technology, development tools and middleware. History Wind River Systems was formed by a partnership of Jerry Fiddler and Dave Wilner. Until 1981, Fiddler had worked at Berkeley Lab writing software for control systems, and wanted to pursue a career in computer generated music, which he funded through a consultancy business focused on real-time operating systems. His early clients included the National Football League and film director Francis Ford Coppola, for whom he designed a unique film editing system. Wilner, a former colleague at Berkeley Lab, joined Fiddler to form Wind River Systems in 1983. In 2009, Wind River was acquired by Intel. In 2018, Intel Corporate spin-off, spun out its W ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Operating-system-level Virtualization
OS-level virtualization is an operating system (OS) virtualization paradigm in which the kernel allows the existence of multiple isolated user space instances, including containers ( LXC, Solaris Containers, AIX WPARs, HP-UX SRP Containers, Docker, Podman), zones ( Solaris Containers), virtual private servers ( OpenVZ), partitions, virtual environments (VEs), virtual kernels (DragonFly BSD), and jails ( FreeBSD jail and chroot). Such instances may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources (connected devices, files and folders, network shares, CPU power, quantifiable hardware capabilities) of that computer. Programs running inside a container can only see the container's contents and devices assigned to the container. On Unix-like operating systems, this feature can be seen as an advanced implementation of the standard chroot mechanism, which changes the appare ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FreeBSD Jail
The jail mechanism is an implementation of FreeBSD's OS-level virtualisation that allows system administrators to partition a FreeBSD-derived computer system into several independent mini-systems called ''jails'', all sharing the same kernel, with very little overhead. It is implemented through a system call, jail(2), as well as a userland utility, jail(8), plus, depending on the system, a number of other utilities. The functionality was committed into FreeBSD in 1999 by Poul-Henning Kamp after some period of production use by a hosting provider, and was first released with FreeBSD 4.0, thus being supported on a number of FreeBSD descendants, including DragonFly BSD, to this day. History The need for the FreeBSD jails came from a small shared-environment hosting provider's (R&D Associates, Inc.'s owner, Derrick T. Woolworth) desire to establish a clean, clear-cut separation between their own services and those of their customers, mainly for security and ease of administrationjail(8 ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Chroot
chroot is a shell (computer), shell command (computing), command and a system call on Unix and Unix-like operating systems that changes the apparent root directory for the current running process and its Child process, children. A program that is run in such a modified environment cannot name (and therefore normally cannot access) files outside the designated directory tree. The term ''chroot'' may refer to the system call or the command-line interface, command-line utility. The modified environment is called a chroot jail. History The chroot system call was introduced during development of Version 7 Unix in 1979. One source suggests that Bill Joy added it on 18 March 1982 – 17 months before Berkeley Software Distribution, 4.2BSD was released – in order to test its installation and build system. All versions of BSD that had a kernel have chroot(2). An early use of the term "jail" as applied to chroot comes from William Cheswick, Bill Cheswick creating a Honeypot ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Multiple Independent Levels Of Security
Multiple Independent Levels of Security/Safety (MILS) is a high-assurance security architecture based on the concepts of separation and controlled information flow. It is implemented by separation mechanisms that support both untrusted and trustworthy components; ensuring that the total security solution is non-bypassable, evaluatable, always invoked, and tamperproof. Overview A MILS solution allows for independent evaluation of security components and trusted composition. MILS builds on the older Bell and La Padula theories on secure systems that represent the foundational theories of the DoD Orange Book. A MILS system employs one or more separation mechanisms (e.g., Separation kernel, Partitioning Communication System, physical separation) to maintain assured data and process separation. A MILS system supports enforcement of one or more application/system specific security policies by authorizing information flow only between components in the same security domain or through t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
GitHub
GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug tracking system, bug tracking, software feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, GitHub, Inc. has been a subsidiary of Microsoft since 2018. It is commonly used to host open source software development projects. GitHub reported having over 100 million developers and more than 420 million Repository (version control), repositories, including at least 28 million public repositories. It is the world's largest source code host Over five billion developer contributions were made to more than 500 million open source projects in 2024. About Founding The development of the GitHub platform began on October 19, 2005. The site was launched in April 2008 by Tom ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SeL4
L4 is a family of second-generation microkernels, used to implement a variety of types of operating systems (OS), though mostly for Unix-like, ''Portable Operating System Interface'' (POSIX) compliant types. L4, like its predecessor microkernel L3, was created by German computer scientist Jochen Liedtke as a response to the poor performance of earlier microkernel-based OSes. Liedtke felt that a system designed from the start for high performance, rather than other goals, could produce a microkernel of practical use. His original implementation in hand-coded Intel i386-specific assembly language code in 1993 created attention by being 20 times faster than Mach. The follow-up publication two years later was considered so influential that it won the 2015 ACM SIGOPS Hall of Fame Award. Since its introduction, L4 has been developed to be cross-platform and to improve security, isolation, and robustness. There have been various re-implementations of the original L4 kernel application ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
LynxSecure
LynxSecure is a Principle of least privilege, least privilege Real-time computing, real-time separation kernel hypervisor from Lynx Software Technologies designed for safety and security critical applications found in military, avionic, industrial, and automotive markets. Overview Leveraging multi-core CPU hardware virtualization features and smaller than a microkernel (as small as 15kB), LynxSecure is primarily targeted to raise the assurance of systems that perform critical computing functions in regulated environments. Common use cases include; separating critical apps from internet domains, isolating security functions from application domains, verifying and filtering inter-domain communication. LynxSecure lives underneath applications and operating systems, runs completely transparent and cannot be tampered with. The software can be embedded into a broad class of devices from embedded to IT platforms. The stripped-down design aims to raise assurance of the host by removing t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Lynx Software Technologies
Lynx Software Technologies, Inc. (formerly LynuxWorks) is a San Jose, California software company founded in 1988. Lynx specializes in secure virtualization and open, reliable, certifiable real-time operating systems (RTOSes). Originally known as Lynx Real-Time Systems, the company changed its name to LynuxWorks in 2000 after acquiring, and merging with, ISDCorp (Integrated Software & Devices Corporation), an embedded systems company with a strong Linux background. In May 2014, the company changed its name to Lynx Software Technologies. Lynx embraced open standards from its inception, with its original RTOS, LynxOS, featuring a UNIX-like user model and standard POSIX interfaces to embedded developers. LynxOS-178 is developed and certified to the FAA DO-178C DAL A safety standard and received the first and only FAA Reusable Software Component certificate for an RTOS. It supports ARINC API and FACE standards. In 1989, LynxOS, the company's flagship RTOS, was selected for use in the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Green Hills Software
Green Hills Software is a privately owned company that builds operating systems and programming tools for embedded systems. The firm was founded in 1982 by Dan O'Dowd and Carl Rosenberg. Its headquarters are in Santa Barbara, California. History In the 1990s, Green Hills Software and Wind River Systems, both makers of embedded system software development tools, entered into a 99-year agreement to cooperatively support customers using products from both companies. The agreement was terminated after a lawsuit in 2005. After parting ways, Wind River publicly embraced Linux and open-source software while Green Hills initiated a public relations campaign decrying the use of open-source software in projects related to national security. In 2008, the Green Hills real-time operating system (RTOS) named Integrity (operating system), Integrity-178 was the first system to be certified by the National Information Assurance Partnership (NIAP), composed of National Security Agency (NSA) and ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
John Rushby
John Rushby (born 1949) is a British computer scientist now based in the United States and working for SRI International. He previously taught and did research for Manchester University and later Newcastle University. Early life and education John Rushby was born and brought up in London, where he attended Dartford Grammar School. He studied at Newcastle University in the United Kingdom, gaining his computer science BSc there in 1971 and his PhD in 1977. Career From 1974 to 1975, he was a lecturer in the Computer Science Department at Manchester University. From 1979 to 1982, he was a research associate in the Department of Computing Science at the Newcastle University. Rushby joined SRI International in Menlo Park, California in 1983. Currently he is Program Director for ''Formal Methods and Dependable Systems'' in the Computer Science Laboratory at SRI. He developed the Prototype Verification System, which is a theorem prover. Awards and memberships Rushby was the recipie ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
