This documentation describes the design and implementation
of the KeyKOS system. Initially developed at Tymshare, Inc., it was deployed in
production in 1981 as a secure server processing credit card transactions while
simultaneously supporting other applications. Agorics has licensed this system
and the associated patents, and utilizes the fundamental ideas and technology
in our ebusiness solutions.
KeyKOS was designed as a secure server operating in
networked environments similar to today's Internet. It's security features
include: support for applications with conflicting goals, protection from
attacks in email and attached documents, preventing hackers from accessing
information outside of their own domain even when they are legitimately
accessing a web site, and supporting algorithmic management of resources,
consequently preventing denial of service attacks by over-use of any machine
Original construction of KeyKOS began in 1975 under the
project name "Gnosis." This document served as the design tool for this
capability based system, both at Tymshare and later at Key Logic where
development continued after 1985. Some of this documentation is specific to the
IBM 370 hardware for which the system was originally built at Tymshare although
it was ported to microprocessor based hardware at Key Logic.
Table of Contents
Concepts, An Introduction is an introduction to the principle ideas of
KeyKOS and is aimed at potential application developers. It gives some examples
of how to solve application specific security problems.
The Gnosis Design
Document is a working document that was built over a period of years during
which KeyKOS (Then called Gnosis) was under design and construction. It is
specific to the IBM 370 architecture and details how object-based design can be
applied to those aspects of the system that are indeed necessarily machine
specific. This document describes the function of the privileged code as well
as the fundamental facilities that might now be called an API.
Principles attempts to describe the state of the existing system
sufficiently for application development. It is less complete historically and
KeyKOS Architecture appeared originally in the Operating Systems Review. It
is a high density presentation of the KeyKOS architecture and describes in
detail how the system functionality is divided into objects.
KeySAFE , used in conjunction with KeyKOS, is a system
designed to meet the high B-level requirements of the Department of Defense
Trusted Computer System Evaluation Criteria.
This publication provides information about the support of
Guest Environments in KeyTECH.
A Prototype Operating System for the 1990's
Provides a general
introduction to some of the ideas in KeyKOS. This paper was presented at an IBM
SHARE conference 52 in Chicago in 1979.
KeyKOS - A
Secure, High-Performance Environment for S/370
Provides some history
of KeyKOS and a concise rational for its construction and a clear presentation
of the KeyKOS architecture.
Checkpoint Mechanism in KeyKOS (1992)
Provides a detailed description
of the checkpoint mechanism in KeyKOS. This creative solution to system
persistance imposes less than 1% overhead on a production system.
KeyKOS Nanokernel Architecture (1992)
An architectural overview from
the Unix perspective.
Oriented Transaction Processing in the KeyKOS Microkernel (1992)
Describes the KeyKOS transaction processing facility which when coupled with
the Checkpoint Mechanism provides an innovative solution to high performance
journalled data base access.
the Confinement Problem (1973)
An early statement by Bulter Lampson of
security problems as yet unsolved by modern Operating Systems. Confinement is
one of the features of KeyKOS.
Confused Deputy (1988)
A paper that explains the limitations of access
control systems in many modern systems and explores how capabilities solve
a Secure Capability-Based System (1989)
This Operating Systems Review
note corrects some misunderstandings about security requirements and
A Note on
"Protection Imperfect" (1988)
This Operating Systems Review note
corrects a common misunderstaning about security requirements.
Security in KeyKOS (1986)
This Paper describes the
KeyKOS architecture from the perspective of enforcing strong access
References This document provides information on the use of
C programming language in the KeyKOS environment.
Notice of Copyrighted Material
Work presented here is copyrighted material belonging to
KeyLogic, Inc. (Copyright © 1981, KeyLogic, Inc.) It is provided at the
Agorics, Inc. web site with permission from officers of KeyLogic. KeyLogic,
Inc. reserves all copyrights. KeyLogic disclaims any warranty as to the
utility, accuracy or effectiveness of the information contained in this
document and specifically disclaims any liability for consequential damages
that may result directly or indirectly from use of the information in this
Last updated: 19 July,