Some Further Protection Techniques

SPEEDOS provides users with further security techniques which are too numerous to describe here. We briefly mention just a few of them.

For example, each thread has an associated Thread Control Register. This is a 64 bit software register, which is held near the bottom of the kernel's thread stack for that thread and is part of the thread's current status. Its bits determine what rights the thread currently has. These include the right to transfer the thread (as a remote IMC) to another node, the right to call modules which are not owned by the current thread's owner, the right to make downloads, the right to make uploads, the right to create subthreads, the right to make callbacks, the right to use the external (non-SPEEDOS) mail systems and websites and FTP facilities, the right to create new processes, the right to create new users, etc.

There are also some further confinement techniques, which are too complicated to explain here; these are basically further checks on making calls from a module. Like all other aspects of SPEEDOS an overview can be found in Making Computers Secure, volume 1, and detailed implementation descriptions appear in Making Computers Secure, volume 2, which can be downloaded below.

Hopefully these notes will have whetted your appetite to look further into SPEEDOS. And don't forget the related programming language Timor (, which can also be downloaded below.