Speaker: Jonathan S. Shapiro University of Pennsylvania
Title: A New Look at Capability Systems
Abstract:
Capability systems provide a better model for protection than access control lists, but until recently have not provided acceptable performance. In this talk, we make the case for capability-based protection in terms of fault isolation, security, performance, and accountability. We present EROS, a capability system designed at the University of Pennsylvania which meets or exceeds the performance of all current protected operating systems known to us, and argue that its performance is due to fundamental efficiencies inherent in its design. Finally, we relate this result to current research in active networking, outlining how fine-grain resource management, protection, and accounting facilitate the construction of open systems that must meet service guarantees in hostile environments.
This talk describes work pursued jointly with Jonathan Smith and David Farber of the University of Pennsylvania
Further information on the EROS system is available via the project's home page at http://www.cis.upenn.edu/~eros.
Biography:
Jonathan Shapiro is currently a PhD candidate at the University of Pennsylvania, where is working on capability operating systems. Mr. Shapiro was the principle architect of the early CASE product line from Silicon Graphics, and has done a variety of consulting in compiler development. He was a co-founder of HaL Computer Systems. Most recently, he was the CEO who managed the successful divestiture of the Xanadu Operating Company from Autodesk. He is the author of A C++ ToolKit, the first book to focus on the practical use of the language, and is currently working on a book on reliable operating system design.
Further information on Mr. Shapiro can be found via his home page at http://www.cis.upenn.edu/~shap http://www.cis.upenn.edu/~shap
Contact:
Jon Shapiro
shap@eros.cis.upenn.edu
http://www.cis.upenn.edu/~shap
![[submit summary]](http://www-leland.stanford.edu/class/ee380/gifs/mailbox.gif)
Submit a summary of this lecture to the EE380 mailbot.