In this paper we describe the design of an extensible kernel, called Paramecium. This kernel uses an object-based software architecture which together with instance naming, late binding and explicit overrides enables easy reconfiguration. Determining which components reside in the kernel protection domain is up to the user. An certification authority or one of its delegates certifies which components are trustworthy and therefore permitted to run in the kernel protection domain. These delegates may include validation programs, correctness provers, and system administrators. The main advantage of certifications is that it can handle trust and sharing in a non-cooperative environment.
|Title of host publication||Proceedings of the Workshop on Hot Topics in Operating Systems - HOTOS|
|Number of pages||4|
|Publication status||Published - 1995|
|Event||5th Workshop on Hot Topics in Operating Systems (HOTOS-V) - Orcas Island, United States|
Duration: 4 May 1995 → 5 May 1995
|Workshop||5th Workshop on Hot Topics in Operating Systems (HOTOS-V)|
|Period||4/05/95 → 5/05/95|