There has been an intellectual thread of operating system design outside the Unix paradigm that started with the Rice University machine in the early 1960s and continued to the mid-1990s. Its characteristics and accomplishments are relatively little known today because many of the efforts took place in a closed environment. I have documented what I view as the essence of those efforts in the following paper:
https://arxiv.org/abs/2504.16088
If this generates interest in any students or practitioners I will be happy to engage in discussion on this forum.
Cheers,
Earl
Tagged Architectures (Paths Not Taken)
-
PopcornKirin
- Posts: 14
- Joined: Fri Nov 12, 2021 1:09 am
Re: Tagged Architectures (Paths Not Taken)
That's a really interesting topic. Although I am not an expert on tagged architecture, I know there's a SOTA implementation on it called Cheri.
Just want to add some context for this topic. According to my knowledge, this area is kinda new and there's no solid chip been actually fabricated(Some designs are runnable on FPGA but they are also just "functional correct"). There might be some papers will came out in recently years, people are rolling up their sleeves and giving Linux a go on this new architecture.
Another path2take for tagged architecture: https://dl.acm.org/doi/10.1145/2694344.2694383
Just want to add some context for this topic. According to my knowledge, this area is kinda new and there's no solid chip been actually fabricated(Some designs are runnable on FPGA but they are also just "functional correct"). There might be some papers will came out in recently years, people are rolling up their sleeves and giving Linux a go on this new architecture.
Another path2take for tagged architecture: https://dl.acm.org/doi/10.1145/2694344.2694383
Re: Tagged Architectures (Paths Not Taken)
Thanks for the links. I've known Peter Neumann for a very long time and I'm glad to see the PSOS work continue under Cheri.
I'm not very optimistic about being able to slide a tagged architecture under a significant part of the existing application code base, which means that sadly that base remains insecure and unsecurable. When we did SCOMP we made pointers distinguished hardware objects with special instructions, and thereby broke every C program in existence. Similar problems occurred when people tried to incorporate Richard Kain and my "type enforcement" notions into SE Linux.
The alternative is the one I chose in the paper: a special-purpose security platform operating under a doctrine of active detection and response. Not a panacea by any means but something that would raise the work factor and risk of detection for attackers above the current level, which is effectively zero. We sold a lot of Sidewinders and they successfully defended a lot of sites for almost 20 years. (The link to the history is in the paper).
If I had the time and energy I would like to explore the possibility of hacking a GPU into a workable MMU. We did a lot of work on the idea of a security coprocessor in LOCK project and it would be interesting to see if you could build a secure platform for under $2K by putting a virtual machine layer on top of something like a Mac Mini. Then stick it on the net as a honeypot and start capturing attack scripts. We collected a ton of stuff from the Sidewinder challenge site.
Anyhow, if anybody wants to pursue these ideas feel free to ask questions either here or by PM.
Cheers,
Earl
I'm not very optimistic about being able to slide a tagged architecture under a significant part of the existing application code base, which means that sadly that base remains insecure and unsecurable. When we did SCOMP we made pointers distinguished hardware objects with special instructions, and thereby broke every C program in existence. Similar problems occurred when people tried to incorporate Richard Kain and my "type enforcement" notions into SE Linux.
The alternative is the one I chose in the paper: a special-purpose security platform operating under a doctrine of active detection and response. Not a panacea by any means but something that would raise the work factor and risk of detection for attackers above the current level, which is effectively zero. We sold a lot of Sidewinders and they successfully defended a lot of sites for almost 20 years. (The link to the history is in the paper).
If I had the time and energy I would like to explore the possibility of hacking a GPU into a workable MMU. We did a lot of work on the idea of a security coprocessor in LOCK project and it would be interesting to see if you could build a secure platform for under $2K by putting a virtual machine layer on top of something like a Mac Mini. Then stick it on the net as a honeypot and start capturing attack scripts. We collected a ton of stuff from the Sidewinder challenge site.
Anyhow, if anybody wants to pursue these ideas feel free to ask questions either here or by PM.
Cheers,
Earl
Re: Tagged Architectures (Paths Not Taken)
I'm at a point where I can consider changing the language to accomodate hardware security features, (or anything really,) but I couldn't implement a FPGA. I'm wondering exactly what I could do with the GPUs in the old off-the-shelf hardware I've been planning to use.
Kaph — a modular OS intended to be easy and fun to administer and code for.
"May wisdom, fun, and the greater good shine forth in all your work." — Leo Brodie
"May wisdom, fun, and the greater good shine forth in all your work." — Leo Brodie
Re: Tagged Architectures (Paths Not Taken)
I wouldn't worry about an FPGA implementation until after I had a working virtual machine. As far as GPUs are concerned, the only way I know to figure that out is to take a run at it 
Cheers,
Earl
Cheers,
Earl