KeyKOS Documentation

Preface

This documentation describes the design and implementation of the KeyKOS system. Initially developed at Tymshare, Inc., it was deployed in production in 1981 as a secure server processing credit card transactions while simultaneously supporting other applications. Agorics has licensed this system and the associated patents, and utilizes the fundamental ideas and technology in our ebusiness solutions.

KeyKOS was designed as a secure server operating in networked environments similar to today's Internet. It's security features include: support for applications with conflicting goals, protection from attacks in email and attached documents, preventing hackers from accessing information outside of their own domain even when they are legitimately accessing a web site, and supporting algorithmic management of resources, consequently preventing denial of service attacks by over-use of any machine resources.

Original construction of KeyKOS began in 1975 under the project name "Gnosis." This document served as the design tool for this capability based system, both at Tymshare and later at Key Logic where development continued after 1985. Some of this documentation is specific to the IBM 370 hardware for which the system was originally built at Tymshare although it was ported to microprocessor based hardware at Key Logic.

Table of Contents

KeyKOS Concepts, An Introduction is an introduction to the principle ideas of KeyKOS and is aimed at potential application developers. It gives some examples of how to solve application specific security problems.

The Gnosis Design Document is a working document that was built over a period of years during which KeyKOS (Then called Gnosis) was under design and construction. It is specific to the IBM 370 architecture and details how object-based design can be applied to those aspects of the system that are indeed necessarily machine specific. This document describes the function of the privileged code as well as the fundamental facilities that might now be called an API.

KeyKOS Principles attempts to describe the state of the existing system sufficiently for application development. It is less complete historically and philosophically.

The KeyKOS Architecture appeared originally in the Operating Systems Review. It is a high density presentation of the KeyKOS architecture and describes in detail how the system functionality is divided into objects.

KeySAFE , used in conjunction with KeyKOS, is a system designed to meet the high B-level requirements of the Department of Defense Trusted Computer System Evaluation Criteria.

Guest Environments
This publication provides information about the support of Guest Environments in KeyTECH.

GNOSIS - A Prototype Operating System for the 1990's
Provides a general introduction to some of the ideas in KeyKOS. This paper was presented at an IBM SHARE conference 52 in Chicago in 1979.

KeyKOS - A Secure, High-Performance Environment for S/370
Provides some history of KeyKOS and a concise rational for its construction and a clear presentation of the KeyKOS architecture.

The Checkpoint Mechanism in KeyKOS (1992)
Provides a detailed description of the checkpoint mechanism in KeyKOS. This creative solution to system persistance imposes less than 1% overhead on a production system.

The KeyKOS Nanokernel Architecture (1992)
An architectural overview from the Unix perspective.

Object Oriented Transaction Processing in the KeyKOS Microkernel (1992)
Describes the KeyKOS transaction processing facility which when coupled with the Checkpoint Mechanism provides an innovative solution to high performance journalled data base access.

Note on the Confinement Problem (1973)
An early statement by Bulter Lampson of security problems as yet unsolved by modern Operating Systems. Confinement is one of the features of KeyKOS.

The Confused Deputy (1988)
A paper that explains the limitations of access control systems in many modern systems and explores how capabilities solve these problems.

Security in a Secure Capability-Based System (1989)
This Operating Systems Review note corrects some misunderstandings about security requirements and capability-based systems.

A Note on "Protection Imperfect" (1988)
This Operating Systems Review note corrects a common misunderstaning about security requirements.

Security in KeyKOS (1986)
This Paper describes the KeyKOS architecture from the perspective of enforcing strong access controls.

References This document provides information on the use of C programming language in the KeyKOS environment.

Notice of Copyrighted Material

Work presented here is copyrighted material belonging to KeyLogic, Inc. (Copyright © 1981, KeyLogic, Inc.) It is provided at the Agorics, Inc. web site with permission from officers of KeyLogic. KeyLogic, Inc. reserves all copyrights. KeyLogic disclaims any warranty as to the utility, accuracy or effectiveness of the information contained in this document and specifically disclaims any liability for consequential damages that may result directly or indirectly from use of the information in this document.