Reception 6:30 p.m.
Abstract
This talk considers some of the challenges of developing systems that
must be trustworthy with respect to various critical requirements such
as security, reliability, resilience, interoperability, predictable
composability, and so. It reviews the evolution of a sequence of
layered system architectures intended to achieve high assurance --
including (among others) Multics (begun in 1965, described by Elliott
Organick in his 1972 book), SRI's Provably Secure Operating System
hardware/software design (1973-1980), and an ongoing project jointly
involving SRI and the University of Cambridge. It is hoped that greater
cognizance of many of the lessons of the past thus exposed can somehow
influence the future. Ongoing work will be described further in a
second talk, the following day.