Plessey System 250

Plessey System 250

The Plessey 250 was a computer system manufactured by the Plessey company. It was successfully deployed by the MOD for the British Army [http://www.army.mod.uk/royalsignals/equipment/digital.html Ptarmigan project] and served in the 1st Gulf War as a tactical mobile communication switch. It was only a moderate commercial success for the public telecommunication industry. System 250 is notable historically for using a pure hardware based, capability-based architecture and addressing.

The PP-250 is one central processing unit, CPU, in a multiprocessor System-250. To protect the shared system memory capabilities, it provides two independent but related checks on access to any memory: first, location of the memory, and second, the permission level of any command. Location relates to the object: its geography in memory. Command relates to the user privileges: the Privacy and Security levels of use. Two keys to the same object can give different levels of access rights, so one gets Read access and another Write access.

No privileged modes or modules exist in PP-250 and hence users data is not exposed to the erroneous actions of a highly privileged programs, operating system or users.


http://www.sipantic.net/images/System%20250%20Telex.jpgSystem 250 Multiprocessor System (1975)]

The capability system provided an exchangeable hard currency for objects and abstractions right down to a range definition of individually secured memory blocks used to build any abstraction guaranteeing its correct location, limited size and in permitted access rights for a specific user. A PP-250 capability represented a system wide unforgeable handle that permitted controlled access and exchange or movement of capability tokens without loss of protection within System-250. All attempted violations were checked and prevented dynamically. Faulty elements can then be isolated by revoking the set of capability tokens.

PP-250 capabilities were permanent handles to an object, conferred authority and permissions and could be grouped arbitrarily on “a key ring” (in a capability block) to define access domains. This provided the principal advantage of secure and private operation within a complex solution. In a dynamic environment the execution for PP-250 was always based purely on an instantaneous need to know, using the principle of least authority (POLA) or Principle of least privilege.

In providing confidence to meet mean time between failures of decades (50 to 100 years) it was necessary to develop Fail Safe integrity in the design. The design principle of independent auditing – where no memory compromise leading to error migration could occur even in the presence of any single hardware failure or any software exception, deliberate or accidental. Privacy and security was safeguarded through failure and through equipment maintenance.

ee also

External links

*http://www.sipantic.net/third%20international%20conference%20on%20computer%20communications.mht for a lay presentation on System 250
*http://www.cs.washington.edu/homes/levy/capabook/Chapter10.pdf for a review by Hank Levey


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Plessey — The Plessey Company plc was a British based international electronics, defence and telecommunications company. It originated in 1917, growing and diversifying into electronics. It expanded after the second world war by acquisition of companies… …   Wikipedia

  • IBM System/38 — The System/38 was a midrange computer Server Platform manufactured and sold by the IBM Corporation. The system offered a number of innovative features, and was the brainchild of IBM engineer Dr. Frank Soltis. Developed under the code name Pacific …   Wikipedia

  • Capability-based addressing — In computer science, capability based addressing is a scheme used by some computers to control access to memory. Under a capability based addressing scheme, pointers are replaced by protected objects (called capabilities) that can only be created …   Wikipedia

  • Capability-based security — is a concept in the design of secure computing systems. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights …   Wikipedia

  • Computer security — This article is about computer security through design and engineering. For computer security exploits and defenses, see computer insecurity. Computer security Secure operating systems Security architecture Security by design Secure coding …   Wikipedia

  • Army Communications and Information Systems (United Kingdom) — The British Army operates a wide range of communications and information systems [ [http://www.army.mod.uk/3512.aspx Royal Signals Equipment] ] . Some of these are specialised military systems, while others are procured off the shelf. They fall… …   Wikipedia

  • TXE — TXE, which stands for Telephone eXchange Electronic, was the designation given to a family of telephone exchanges developed by the British General Post Office (GPO), now BT, designed to replace the ageing Strowger systems. When World War II ended …   Wikipedia

  • Clansman — For the book by Thomas Dixon, see The Clansman. Clansman The PRC 320 HF Radio Type Radio Communications System Place of …   Wikipedia

  • Collins class submarine — HMAS Rankin, sixth submarine of the Collins class, underway in 2006 Class overview Builders: Australian Submarine Corporatio …   Wikipedia

  • EF-2000 — Eurofighter EF 2000 Typhoon Zweisitziger Eurofighter der …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”