This paper describes proof-carrying code (PCC), a mechanism by which a host system can
determine with certainty that it is safe to execute a program supplied (possibly in binary form) …

We propose a new design for highly concurrent Internet services, which we call the staged
event-driven architecture (SEDA). SEDA is intended to support massive concurrency …

The memory coherence problem in designing and implementing a shared virtual memory on
loosely coupled multiprocessors is studied in depth. Two classes of algorithms, centralized …

This paper describes a mechanism by which an operating system kernel can determine with
certainty that it is safe to execute a binary supplied by an untrusted source. The kernel rst de …

The exokemel operating system architecture safely gives untrusted software efficient control
over hardware and software resources by separating management from protection. This …

K42 is one of the few recent research projects that is examining operating system design
structure issues in the context of new whole-system design. K42 is open source and was …

Online reconfiguration provides a way to extend and replace active operating system
components. This provides administrators, developers, applications, and the system itself …

User file systems offer numerous advantages over their in-kernel implementations, such as
ease of development and better system reliability. However, they incur heavy performance …

This paper describes our experience applying formal methods to a critical component in the
Linux kernel, the just-in-time compilers (" JITs") for the Berkeley Packet Filter (BPF) virtual …

In this paper, we discuss our work on an active network architecture in which passive
packets are replaced with active capsules---encapsulated program fragments that are …