Introduction to SPEEDOS

SPEEDOS is an acronym for "Secure Persistent Execution Environment for Distributed Operating Systems".

That the operating systems which are current in widespread use are architecturally insecure is obvious to all. We can read almost daily of cyber-crime break-ins. Cyber criminals can, for example, access the content of file systems or encrypt their contents and demand high ransoms to restore them back to a usable status. But hackers can also attack power stations, airports and many other systems (e.g. hospitals) which are vital for our well-being, for our defence, etc. This is a precarious situation at any time, but it is especially so in wartime and in confrontation with political powers which threaten our economic well-being. Put simply, we still have no adequate techniques which confine access only to those users who have the right to do so! Firewalls, which are installed in most systems, are a very coarse grained attempt to solve the confinement problem and are obviously not particularly effective.

It is extremely doubtful that the confinement problem can be solved simply by introducing new versions of current systems which patch up the problems, and despite researcher efforts which aim incrementally to improve our current methods, there appears to be little research on the horizon which promises to be a real game changer. It seems that a fundamental improvement can only be hoped for by going back to first principles. This is how Prof. Keedy (the instigator of the project) has approached the problem, and the result is a very unconventional operating system design called SPEEDOS.

The following pages examine these fundamental principles in some detail, in particular

  • information-hiding modules,
  • persistent virtual memory,
  • unique identification of users, processes and objects ,
  • granting access rights to other users,
  • confinement of information,
  • a rigorously in-process design,
  • a very secure technique for logging in,
  • remote inter-module calls across the Internet
  • some further novel protection measures.

Novel solutions for all of these issues are provided by SPEEDOS (some of which also appear in the Monads systems). But before these are explained, we describe how the SPEEDOS Project has arisen.