Fault Tolerant Operating Systems

1 December 1976

journal article
Published by Association for Computing Machinery (ACM) in ACM Computing Surveys

Vol. 8 (4), 359-389
https://doi.org/10.1145/356678.356680

Abstract

This paper develops four related architectural principles which can guide the construction of error-tolerant operating systems. The fundamental principle, system closure, specifies that no action is permissible unless explicitly authorized. The capability based machine is the most efficient known embodiment of this principle: it allows efficient small access domains, multiple domain processes without a privileged mode of operation, and user and system descriptor information protected by the same mechanism. System closure implies a second principle, resource control, that prevents processes from exchanging information via residual values left in physical resource units. These two principles enable a third, decision verification by failure-independent processes. These principles enable prompt error detection and cost-effective recovery. Implementations of these principles are given for process management, interrupts and traps, store access through capabilities, protected procedure entry, and tagged architecture.

Keywords

This publication has 21 references indexed in Scilit:

A lattice model of secure information flow
Communications of the ACM, 1976
A Computer Architecture for Level Structured Systems
IEEE Transactions on Computers, 1975
Dynamic verification of operating system decisions
Communications of the ACM, 1973
On The Advantages of Tagged Architecture
IEEE Transactions on Computers, 1973
Process Structuring
ACM Computing Surveys, 1973
Some Deadlock Properties of Computer Systems
ACM Computing Surveys, 1972
Third Generation Computer Systems
ACM Computing Surveys, 1971
Virtual Memory
ACM Computing Surveys, 1970
The structure of the “THE”-multiprogramming system
Communications of the ACM, 1968
Programming semantics for multiprogrammed computations
Communications of the ACM, 1966

Cited by 127 articles