What? You think that while our trusty software elves are hacking away we have time to write documents? Well, you're right. (And very clever to have guessed it, too!)

Developer Documentation

Tutorials

• A Programmer's Introduction to EROS

Manuals

• EROS Object Reference
• EROS Programmer's Guide
• EROS Cross Development Guide

EROS Papers

• Hao Chen and Jonathan S. Shapiro Using Build-Integrated Static Checking to Preserve Correctness Invariants

  Describes our experiences using MOPS to validate some of the kernel implementation invariants. Appears in the Proc. 11th ACM Conference on Computer and Communications Security, Washington, D.C., 2004.

• Jonathan S. Shapiro, John Vanderburgh, Eric Northup, and David Chizmadia. Design of the EROS Trusted Window System

  Describes how to build a robust, high-performance, secure window system using the EROS-provided mechanisms for protection and separation of concerns. Appears in Proc. 2004 USENIX Security Conference, San Diego CA, 2004.

• Anshumal Sinha, Sandeep Sarat, and Jonathan S. Shapiro. Network Subsystems Reloaded: A High-Performance, Defensible Network Subsystem

  Describes how to build a high-performance network subsystem providing defense in depth using the EROS-provided mechanisms for protection and separation of concerns. Appears in Proc. 2004 USENIX Annual Technical Conference, Boston MA, 2004.

• Jonathan S. Shapiro Vulnerabilities in Synchronous IPC Designs

  An examination of basic communication vulnerabilities between suspicious collaborators. Appears in the proceedings of the 2003 IEEE Symposium on Security and Privacy (Oakland).

• Jonathan S. Shapiro, Jonathan Adams Design Evolution of the EROS Single-Level Store

  Appears in the proceedings of the 2002 USENIX Technical Conference.

• J. S. Shapiro, N. Hardy EROS: A Principle-Driven Operating System from the Ground Up

  A copy of our article in the Jan/Feb 2002 issue of IEEE Software. IEEE has been gracious enough to allow us to make it available online from the web site.

• J. S. Shapiro, S. Weber Verifying the EROS Confinement Mechanism

  A copy of our 2000 IEEE Symposium on Security and Privacy paper, which describes the verification proof for the EROS constructor.

• J. S. Shapiro, Jonathan M. Smith, and David J. Farber EROS: A Fast Capability System

  A copy of our 1999 SOSP paper, which describes the EROS architecture and the current performance results.

• J. S. Shapiro. EROS: A Capability System

  Shapiro's dissertation. Provides an overview of the EROS system architecture, the implementation, recent performance results, and a set of formal tools for reasoning about capability systems in general.

• J. S. Shapiro, S. Weber, Verifying Operating System Security. Department of Computer and Information Science Technical Report MS-CIS-97-26, University of Pennsylvania

  Gives the proof of correctness for the EROS constructor mechanism, including a formal description of the system semantics.

• J. S. Shapiro, S. J. Muir, J. M. Smith, and D. J. Farber. Operating System Support for Active Networks, Department of Computer and Information Science Technical Report MS-CIS-97-03, University of Pennsylvania

  Describes an active network switching node constructed on top of EROS.

• J. S. Shapiro. EROS: A Capability System, Department of Computer and Information Science Technical Report MS-CIS-97-04, University of Pennsylvania

  Provides an overview of the EROS system architecture.

• Jonathan S. Shapiro, David J. Farber, and Jonathan M. Smith. The Measured Performance of a Fast Local IPC, Published in the 5th International Workshop on Object-Orientation in Operating Systems Seattle, Washington. 1996

  Describes the performance of a very early version of the EROS system.

• Jonathan S. Shapiro, David J. Farber, and Jonathan M. Smith. State Caching in the EROS Kernel -- Implementing Efficient Orthogonal Persistence in a Pure Capability System, Presented at the 7th International Workshop on Persistent Object Systems, Cape May, N.J. 1996

  A look at how EROS uses caching techniques to take a simple abstract process model and implement it on a real machine. Caching is a useful mechanism for keeping complexity localized.

Papers Related to Capabilities and Security

Various papers that are not directly related to EROS, but set a broader context for the work.

• Mark S. Miller, E. Dean Tribble, and Jonathan S. Shapiro. Concurrency Among Strangers: Programming in E as Plan Coordination

  Appears in Proc. 2005 Symposium on Trustworthy Global Computing, 2005 (Part of the European Joint Conference on Theory and Practice of Software, ETAPS05. (Invited Paper)

• Mark S. Miller and Jonathan S. Shapiro. Paradigm Regained: Abstraction Mechanisms for Access Control

  Appears in Proc. Eigth Asian Computing Science Conference (ASIAN '03), Tala Institute of Fundamental Research, Mumbai India, December 10-13 2003. (Invited Paper)

• Mark S. Miller, Bill Tulloh, and Jonathan S. Shapiro The Structure of Authority: Why Security is Not a Separable Concern

  Explains why security is intimately intertwined with semantics in the design of a system. Appears in Proc 2nd International Conference on Multiparadigm Programming in Mozard/OZ (MOZ/2004) Charleroi Belgium, October 2004. (Invited Paper)

• Michael Hohmuth, Hermann Hartig, and Jonathan S. Shapiro Reducing TCB Size by Using Trusted Components — Small Kernels Versus Virtual Machine Monitors

  A position piece from the L4 team. Appears in Proc 11th ACM SIGOPS European Workshop, Leuven Belgium, 2004.

  Selected KeyKOS Papers

  A few of the core KeyKOS papers are listed below. A more complete collection can be found at the KeyKOS Home Page.

  • Alan C. Bomberger, A. Peri Frantz, William S. Frantz, Ann C. Hardy, Norman R. Hardy, Charles Landau, Jonathan Shapiro. The KeyKOS NanoKernel Architecture, Proceedings of the USENIX Workshop on Micro-Kernels and Other Kernel Architectures. USENIX Association. April 1992. pp. 95-112

    An overview of the KeyKOS object kernel and the UNIX emulation that was built on top of it.

  • Norm Hardy. The KeyKOS Architecture, Operating Systems Review. September, 1985

    This paper provides an extremely dense and precise description of the KeyKOS architecture. This is, in most respects, the definitive description of the KeyKOS architecture. The version provided here is somewhat revised from the OSR version.

  ---

  Copyright 1999 by Jonathan Shapiro. All rights reserved. For terms of redistribution, see the GNU General Public License