The paper S-RISC: Adding Security to RISC Computers describes an enhancement to the basic RISC design, called Secure RISC or S-RISC, which describes how capability systems to be supported in a straightforward and efficient manner. It can be downloaded here:


The book Making Computers Secure provides a detailed description of SPEEDOS. It is in two volumes, which can be downloaded separately.

Volume 1 is written in textbook style. Part 1 describes the basic concepts relevant to secure operating system design. Part 2 briefly introduces computer architecture and operating system principles, including the basic structure of a computer, the design of virtual memory and of processes, protection and sharing in conventional systems and in capability systems, explaining the basic choices which the operating system designer must make and showing that mostly the wrong decisions have been taken in conventional systems. Part 3 describes a virtual memory structure for SPEEDOS which allows paging and small segments to coexist, such that a segment can be longer or smaller than a page, in any combination, using an unconventional address translation technique. This can also be used to support direct addressability and persistent memory, which obviates the need for conventional file systems (thus avoiding many risks which arise in conventional file systems.). Part 4 describes the SPEEDOS software model, in which the main objects are information-hiding modules and the process design is rigorously in-process. Information-hiding objects provide the basis, along with an idea borrowed from a programming language concept, for solving the confinement problem. The in-process design, along with the idea of persistent processes, provides a mechanism whereby users have the freedom to provide their own modules for identifying themselves in any way they choose. Thus there is no central repository of information for logging in and no standard way of checking their credentials, thus making it all but impossible for hackers to break in to their accounts. Part 4 ends with a few architectural details which should help to prepare the reader for volume 2. The first of these is the idea of "containers", which are the address spaces needed to hold the information. This is followed by the idea of worldwide unique addresses. Somewhat oversimplified, a container number is 192 bits long and consists of a 64-bit node number, a 64-bit disc number within node, and a 64 bit container number within disc. A virtual address within a container is in principle 64 bits long. How such long 256 bit virtual addresses can be efficiently translated into main memory addresses is explained in detail. Segment management is also discussed and capability protection is also explained. Volume 1 can be downloaded here:

Volume 2 is written more as a technical document which assumes that the reader has read and understood volume 1. Part 5 describes the kernel design for a single node, explaining in detail how the SPEEDOS kernel can be implemented. Part 6 explains the SPEEDOS security mechanisms in detail, including an implementation for qualifiers, which are designed to solve the confinement problem. Part 7 describes basic networking and related issues, such as the partitioning and relocating of discs. Part 8 provides examples of how an operating system can be designed on top of SPEEDOS. This part includes a discussion of

– managing capabilities and directories,

– how users and their processes can be introduced into the system,

– how a graphical user interface can be developed,

- I/O devices and spooling,

- how the system can be integrated into the Internet and how browsers, websites and email might function,

- how mandatory access and rule based systems are possible.

Then follows an example showing how a banking application might support on-line banking. The final chapter show how various features of SPEEDOS make life very difficult for hackers.

Volume 2 can be downloaded here:


The programming language Timor, an acronym for Types, Implementations and More, has been designed with the aim of allowing SPEEDOS applications to be programmed. The book TIMOR-An Object- and Component Oriented Language [23] describes the initial version of Timor. It can be downloaded here:

More details can be obtained from the Timor website (

PhD DOWNLOAD of Prof. Keedy's former student Klaus Espenlaub, who worked on the initial very early version of SPEEDOS. His thesis is downloadable at

Keedy also has a wide interest in current affairs and in improving society in general. He plans to publish some of his ideas in these areas on his personal website (