top - download
⟦5444a6d91⟧ Wang Wps File
Length: 3586 (0xe02)
Types: Wang Wps File
Notes: CPS/TCN/074
Names: »4149A «
Derivation
└─⟦32539f54d⟧ Bits:30006181 8" Wang WCS floppy, CR 0369A
└─ ⟦this⟧ »4149A «
WangText
…02…CPS/TCN/074
…02…OKH/831014…02……02…#
PROPOSAL FOR AN EVALUATION OF THE
NCR EROS KERNEL…02……02… CAMPS
1̲ ̲ ̲S̲U̲M̲M̲A̲R̲Y̲
The EROS operating system kernel developed by NCR Copenhagen
and implemented on MC68000 seems to have a number of
attractive features. It could therefore be well suited
as a basis for the next generation of secure systems.
The potential advantages are described in section 4.
I therefore propose a joint study project by CR and
NCR for evaluation of EROS as a replacement for DAMOS
on a 32 bits machine.
2̲ ̲ ̲O̲B̲J̲E̲C̲T̲I̲V̲E̲S̲ ̲O̲F̲ ̲S̲T̲U̲D̲Y̲ ̲P̲R̲O̲J̲E̲C̲T̲
The purpose should be to evaluate EROS as a security
kernel in turn key systems like CAMPS and CCIS, and
to indicate the effort needed for enhancements in the
directions described below.
The study could be carried out in the following steps:
- Consider how selected parts of CAMPS could be implemented
using EROS as a Kernel. Thereby evaluate the functionality,
performance, advantages and deficiencies of EROS
as a basis for developing secure systems.
- Describe a possible hardware architecture for support
of security and performance of a system based upon
EROS, and indicate a migration path of current
architecture.
- Describe a possible enhancement of EROS to support
a system of cooperating machines (PU's, Communication
Processors etc).
- Describe, how standard packages like UNIX, IDM
500 Data Base Machines etc. can be supported by
the architecture, including the security constraints,
which must be imposed upon those packages.
3̲ ̲ ̲A̲D̲V̲A̲N̲T̲A̲G̲E̲S̲ ̲O̲F̲ ̲U̲S̲I̲N̲G̲ ̲A̲N̲ ̲E̲X̲I̲S̲T̲I̲N̲G̲ ̲S̲Y̲S̲T̲E̲M̲
Experience shows that the risks in developing new operating
systems are high. A number of the basic design concepts
often turn out to be bad ones, with major design modifications
and additional development effort as a consequence.
The risks can be decreased very much by using an existing
system as a basis, because the intellectual effort
can be directed towards evaluation of existing design
concepts instead of devising new ones. Also the existance
of an actual implementation with demonstratable performance
is a big advantage.
Therefore any possibility of using existing systems
or concepts should be carefully evaluated.
4̲ ̲ ̲P̲O̲T̲E̲N̲T̲I̲A̲L̲ ̲A̲D̲V̲A̲N̲T̲A̲G̲E̲S̲ ̲O̲F̲ ̲E̲R̲O̲S̲
The following features of EROS seem to be attractive
from the point of view of security and performance:
- Unified and centralized security controls allowing
different security policies, including the DOD
requirements, to be implemented without modifications
in other parts of the system.
- High degree of modularization and internal protection.
This also applies to device handlers and network
software.
- High degree of dynamic reconfigurability and flexibility
for dynamic inclusion of new devices and network
interfaces.
- The process concept and process communication is
similar to that of AD.
- A prototype has been developed and tested, and
the performance seem to be acceptable.
- The functionality seems to be comparable to that
of the DAMOS Kernel, but the internal complexity
and the interface seem to be much simpler, because
the fundamental concepts are more clean.
5̲ ̲ ̲ ̲P̲R̲O̲J̲E̲C̲T̲ ̲C̲O̲N̲D̲I̲T̲I̲O̲N̲S̲
The NCR conditions for a study project will probably
be a contract with a non-disclosure agreement.
They are filing a patents application for EROS at the
end of this year.
