Path: senator-bedfellow.mit.edu!senator-bedfellow.mit.edu!bloom-beacon.mit.edu!npeer.de.kpn-eurorings.net!npeer-ng0.de.kpn-eurorings.net!newsfeed.straub-nv.de!eternal-september.org!feeder.eternal-september.org!mx04.eternal-september.org!.POSTED!not-for-mail
From:
[email protected] (Tom Van Vleck)
Newsgroups: alt.os.multics
Subject: FAQ Multics Bibliography
Date: Sun, 1 Jul 2012 13:30:55 +0000 (UTC)
Organization: Multicians
Lines: 4059
Sender:
[email protected]
Expires: 01 Aug 2012 00:00:00 -0000
Message-ID: <
[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 1 Jul 2012 13:30:55 +0000 (UTC)
Injection-Info: mx04.eternal-september.org; posting-host="4xgB9iG1J/7HsX2lJJl4og";
logging-data="2641"; mail-complaints-to="
[email protected]"; posting-account="U2FsdGVkX19yivId4s5McT50kv2/0m0V"
Summary: Published information on Multics.
X-Newsreader: Perl Program
Cancel-Lock: sha1:ngd1nS8UQWe4DPAumxchpIHrTdk=
X-Priority: 3
Xref: senator-bedfellow.mit.edu alt.os.multics:8237
archive-name: multics/bibliography
URL: //www.multicians.org/biblio.html
Please post updates to alt.os.multics or send mail to <
[email protected]>
I regret that I do not have the time to copy, scan, OCR, convert, or mail
copies of these documents. I don't even have copies of all of them.
-- tom
================================================================
Papers and books
* Adleman, N., Effects of Producing a Multics Security Kernel, Honeywell
Information Systems Inc., Mclean Va Federal Systems Operations, October
1975. NTIS AD-A031 220/7
This report summarizes the effects of reducing the current Multics
hardcore supervisor (Ring 0), even as the entire Multics system is
undergoing continuous development and enhancement. An evolutionary
engineering discipline, rather than a structured, formal approach has
been used to either modify or recommend changes to the system. Many of
the proposed major changes have been demonstrated as being sound and
useful. These system changes are documented in this report. For the
purposes of this report, the security kernel is that part of the system
which implements a reference monitor that enforces a specified
protection policy. That is, a security kernel is a subset of the
current Multics supervisor. This report will show that the engineering
approach of undertaking trial designs and that the engineering approach
of undertaking trial designs and implementation is indeed a major
contribution to the eventual analytical development and certification
of a Multics supervisor which can then be viewed as the Multics
security kernel.
* Adleman, N., Engineering Investigations in Support of Multics Security
Kernel Software Development, Honeywell Information Systems Inc., Mclean
Va Federal Systems Operations. October 19, 1976. NTIS AD-A040 329/5
This report provides the status of certain engineering efforts to support
the development of a secure general purpose computer.
* Adleman, N., J. R. Gilson, R. J. Sestak, and R. J. Ziller, Security
Kernel Evaluation for Multics and Secure Multics Design, Development
and Certification, Semi-annual progress rept. 1 Jan-30 June 76,
Honeywell Information Systems Inc., Mclean Va Federal Systems
Operations, August 1976. NTIS AD-A038 261/4
* Adleman, N., J. R. Gilson, R. J. Sestak, and R. J. Ziller, Semi-Annual
Progress Report July 1975 to December 1975, Honeywell Information
Systems Inc., Mclean Va Federal Systems Operations, January 1976. NTIS
AD-A037 501/4
* Adleman, N., R. J. Ziller, and J. C. Whitmore, Multics Security
Integration Requirements, 1 January 1976-31 December 1980, Honeywell
Information Systems Inc., Mclean Va Federal Systems Operations, March
1976. NTIS AD-A041 514/1
* Ames, S. R., File Attributes and Their Relationship to Computer
Security, S.M. thesis, June 1974, Case Western Reserve University,
Cleveland, OH: HQ Electronic Systems Division, Hanscom AFB, MA.. ESD-
TR-74-191
* Ames Jr., Stanley R., and D. K. Kallman, Multics Security Kernel
Validation: Proof Description, Volume I, MITRE Corp Bedford MA, July
1978. NTIS AD-A056 901/2
* Ames Jr., Stanley R., and J. G. Keeton-Williams, Demonstrating security
for trusted applications on a security kernel base, IEEE Comp. Soc.
Proc 1980 Symposium on Security and Privacy, April 1980.
* Ames Jr., Stanley R., and Jonathan K. Millen, Interface Verification
for a Security Kernel, System Reliability and Integrity, Vol 2,
Infotech State of the Art report pp.1-21 1978.
* Ames Jr., Stanley R., and Peter G. Neumann, Computer Security
Technology: Introduction, IEEE Computer 16(7) p.11, July 1983.
* Anderson, James P., Multics Evaluation, James P. Anderson and Co., Fort
Washington Pa, October 1973. NTIS AD-777 593/5
Details of a planning study for USAF computer security requirements are
presented. An Advanced development and Engineering program to obtain an
open-use, multilevel secure computing capability is described. Plans
are also presented for the related developments of communications
security products and the interim solution to present secure computing
problems. Finally a Exploratory development plan complementary to the
recommended Advanced and Engineering development plans is also
included.
* Anderson, James P., Accelerating Computer Security Innovation, IEEE
Symposium on Security and Privacy, 1982.
This note is prompted by a number of observations. - After nearly twelve
years of serious work on computer security, all that can be shown is
two one-shot ?brassboard? systems and one commercially supported
product that integrates the DoD security policy into the operating
system. - The first round of research results on computer security were
useful and by 1975 the principles of secure computers were well enough
understood that the first demonstration models of security kernels had
been completed. [SCHI 73] - In spite of hopes to the contrary, it has
been amply demonstrated that the civil sector of government and
virtually all of the private sector can satisfy their information
protection needs with simple physical and procedural methods, coupled
with using systems with "improved integrity". - In spite of the
tiresomeness of its repetition, the fact is that the need for secure
systems for important national defense applications has not been
diminished in the slightest by any work that has gone on over the past
twelve years.
* Banh, T., and H. Tran, Test program set/document management system,
AUTOTESTCON '96, 'Test Technology and Commercialization' Conference
Record, pp 369-374, Sep 1996.
The legacy C-17 Support Equipment Data Acquisition and Control System
(SEDACS) was initially designed as a test requirement document (TRD)
and test program set (TPS) development system. Its applications have
expanded to include word processing for a majority of the C-17 support
equipment (SE) deliverable documentation, project management functions,
and line-replaceable-unit (LRU) and shop-replaceable-unit (SRU)
tracking. While the SEDACS system enabled MDA to support C-17 test and
early operation, this legacy SEDACS has some drawbacks. Recently, the
SEDACS was upgraded from a host-based Honeywell/Multics mainframe to a
new client/server system. The TPS document management system (DMS) was
designed to provide the environment to create and edit documents as
well as to control their configurations, and it is the first step
toward becoming an electronic document management system. The system
has increased efficiency and productivity, improved and safeguarded
file sharing, and provides better management of document revisions.
This TPS DMS was developed using an integrated application software
package that runs on IBM PCs. This paper describes how the integrated
application software was developed and how the deliverable documents
were transferred from the existing mainframe system to the
client/server system. The software products identified in this paper
were chosen to meet our particular applications requirements and are
provided only as examples.
* Banatre, Jean-Pierre, Michel Banatre, Guy Lapalme, and Florimond
Ployette, The design and building of Enchere, a distributed electronic
marketing system, Commun. ACM 29, 1, 19-29. Jan. 1986.
Building and prototyping an agricultural electronic marketing system
involved experimenting with distributed synchronization, atomic
activity, and commit protocols and recovery algorithms.
* Bell, D. E., and L. J. La Padula, Secure Computer Systems: Unified
Exposition and Multics Interpretation, Mitre Technical Report MTR-2997,
rev 2, March 1976. NTIS AD-A023 588/7
For the past several years ESD has been involved in various projects
relating to secure computer systems design and operation. One of the
continuing efforts, started in 1972 at MITRE, has been secure computer
system modeling. The effort initially produced a mathematical framework
and a model [1, 2] and subsequently developed refinements and
extensions to the model [3] which reflected a computer system
architecture similar to that of Multics [4]. Recently a large effort
has been proceeding to produce a design for a secure Multics based on
the mathematical model given in [l, 2, 3]. Same as ESD-TR-75-306, DTIC
AD-A023588
* Bell, D. E., and L. J. La Padula, Secure Computer Systems: Mathematical
foundations, MITRE tech report, 1 Mar 1973. MTR-2547 vol I
* La Padula, L. J., and D. E. Bell, Secure Computer System: A
Mathematical Model, MITRE tech report, 31 May 1973. MTR-2547 vol III
* Bell, D. E., Secure Computer System: A Refinement of the Mathematical
Model, MITRE tech report, 28 Dec 1973. MTR-2547 vol II
* Benedict, G. G., An Enciphering Module for Multics, 1974 Jul. NTIS AD-
782 658/9
* Bennett, D. A., and C. A. Landauer, An application of simulation to
tracking, In: Winter Simulation Conference, San Diego, CA, December 3-
5, 1979, Proceedings. Volume 1. New York, IEEE, p. 83-90..
AIMER (Automatic Integration of Multiple Element Radars) is an emulated
model of a loosely coupled distributed radar tracking processor. The
design goal of the model is to provide a reliable processing system
whose computational bandwidth can be dynamically altered in response to
changing ground scenario and availability of hardware. A large number
of minicomputers connected with multiple packet networks was chosen as
the framework for the design. This paper describes the current status
of AIMER.
* Bensoussan, A., C. T. Clingen, and R. C. Daley, The Multics virtual
memory: concepts and design, Proc Second ACM SOSP, Princeton NJ,
October 1969.
Commun. ACM 15, 5, pp 308-318, May 1972. As experience with use of on-
line operating systems has grown, the need to share information among
system users has become increasingly apparent. Many contemporary
systems permit some degree of sharing. Usually, sharing is accomplished
by allowing several users to share data via input and output of
information stored in files kept in secondary storage. Through the use
of segmentation, however, Multics provides direct hardware addressing
by user and system programs of all information, independent of its
physical storage location. Information is stored in segments each of
which is potentially sharable and carries its own independent
attributes of size and access privilege. Here, the design and
implementation considerations of segmentation and sharing in Multics
are first discussed under the assumption that all information resides
in a large, segmented main memory. Since the size of main memory on
contemporary systems is rather limited, it is then shown how the
Multics software achieves the effect of a large segmented main memory
through the use of the Honeywell 645 segmentation and paging hardware.
* Bensoussan, Andre, Honeywell, Inc., MULTICS records, 1965-1982. Finding
Aid, University of Minnesota, Charles Babbage Institute.
In the late 1980s, when André Bensoussan was about to retire from
Honeywell (or perhaps he was retiring as a Bull employee working at
Honeywell) I was also working at Honeywell and arranged to send two
boxes of what he considered the historically most valuable Multics
material with which he was willing to part to the Charles Babbage
Institute (CBI) at the University of Minnesota.
* Berstel, J., and J.-F. Perrot, MULTICS: guide de l'usager, Manuels
informatiques Masson, Paris [etc.]: Masson, 1986.
* Biba, K. J., S. R. Ames Jr., E. L. Burke, P. A. Karger, W. R. Price, R.
R. Schell, and W. L. Schiller, The top level specification of a Multics
security kernel, MITRE Corp, Bedford MA, August 1975. WP-20377
* Birnbaum, D., J. J. Cupak, J. D. Dyar, and R. Jackson, MULTICS Remote
Data Entry System. Volume I, Source: Pattern Analysis and Recognition
Corp., Rome, NY., Rome Air Development Center, Griffiss AFB, NY, Oct
1979, RADC TR-79-265-VOL-1. NTIS ADA080625
This report contains the user's manuals and software documentation for
the Remote Data Entry System which is the front-end to the MULTICS
Pattern Recognition Facility and the Cluster Analysis package which was
added to MULTICS OLPARS. The Remote Data Entry System was designed to
allow users of the MULTICS Pattern Recognition Facility the ability to
input their data over the ARPANET from a Tektronix remote storage
device. Once the data is input into the MULTICS System, routines are
provided so that the user can easily restructure or cluster his
database to perform different classification experiments.
* Bisbey II, Richard L., Jim Carlstedt, Dale M. Chase, and Dennis
Hollingworth, Data Dependency Analysis, ISI-RR-76-45, USC Information
Sciences Institute, February 1976. NTIS: ADA 022017
* Bisbey II, Richard L., and Dennis Hollingworth, Protection Analysis:
Final Report, ISI-SR-78-13, USC Information Sciences Institute, July
1978. NTIS: ADA 056816
The Protection Analysis project was initiated at ISI by ARPA IPTO to
further understand operating system security vulnerabilities and, where
possible, identify automatable techniques for detecting such
vulnerabilities in existing system software. The primary goal of the
project was to make protection evaluation both more effective and more
economical by decomposing it into more manageable and methodical
subtasks so as to drastically reduce the requirement for protection
expertise and make it as independent as possible of the skills and
motivation of the actual individuals involved. The project focused on
near-term solutions to the problem of improving the security of
existing and future operating systems in an attempt to have some impact
on the security of the systems which would be in use over the next ten
years. A general strategy was identified, referred to as "pattern-
directed protection evaluation" and tailored to the problem of
evaluating existing systems. The approach provided a basis for
categorizing protection errors according to their security-relevant
properties; it was successfully applied for one such category to the
MULTICS operating system, resulting in the detection of previously
unknown security vulnerabilities.
* Boebert, Earl, The Fox Herder's Guide: How to Lead Teams That Motivate
and Inform Organizational Change, Bitsmasher Press, 2001.
180 pages.
* Bosworth, Bruce, A user's guide to statistics programs on the MULTICS
timesharing system, Avery Publishing Group, Inc. (1982).
64 pages.
* Boyd, Donald L., and Antonio Pizzarello, Introduction to the WELLMADE
design methodology, Proc. 3d Int. Conf. on Software Engineering, 1978.
* Bull HN Information Systems Inc., Multics Data Security and Data
Privacy, USA: Bull HN Information Systems. no date.
* Burke, Edmund L. et al., Emulating a Honeywell 6180 Computer System,
Mitre Corporation, pp. 1-73. June 1974. NTIS AD 787 218
* Burke, Edmund L., Concept of Operation for Handling I/O in a Secure
Computer at the Air Force Data Services Center (AFDSC), Mitre
Corporation. Apr 1974. DTIC AD0780529
The operation of a computer system in a secure fashion requires the
control of access to all parts of the system. One part of the system
which is often neglected when access and security controls are
developed is the input/output (I/O) subsystem. This paper develops a
general Concept of Operations for I/O in a secure computer system. This
concept is then applied to the proposed two-level, Secret-Top Secret,
MULTICS System at the Air Force Data Services Center (AFDSC). The most
unusual operational feature recommended for the AFDSC MULTICS is the
use of autonomous processes to perform all I/O, preventing any user
from directly accessing any I/O device. Procedures are described to
provide the necessary controls for operation in the Data Services
Center environment.
* Burrus, Phillip F., SEDACS-a client/server approach to TPS development,
AUTOTESTCON '95. Systems Readiness: Test Technology for the 21st
Century. Conference Record, Aug 1995.
The C-17 Support Equipment Data Acquisition and Control System (SEDACS)
Test Program Set/Test Requirements Document (TPS/TRD) development
system was upgraded from a host-based Honeywell/Multics mainframe
system to a new client/server system with Internet connectivity.
Reliability, flexibility, and supportability were the requirements for
the new system. The combination of the client/server model and
commercial software met these requirements by exploiting fast and
inexpensive hardware and commercial off-the-shelf (COTS) software such
as word processing and project and circuit analysis software. Greater
efficiencies were realized by reducing the required time needed to
train users, develop TPSs, and prepare supporting documentation.
Quality was improved by incorporating configuration management tools
and integrated spell checking into the applications suite and by
designing around a centralized database. This paper briefly describes
how we developed our new system and how we migrated from our existing
mainframe (or legacy) system to a client/server system.
* Caruso, Michael Joseph, A graphics systems for RDMS, Massachusetts
Institute of Technology. Dept. of Electrical Engineering and Computer
Science. Thesis. 1975. B.S., 1975.
82 pages
* Clingen, C. T., Program naming problems in a shared tree-structured
hierarchy, Proc Conf on Techniques in Software Engineering, October
1969.
* Clisham, Tom J., Source RX: A Multics-Fortran program for stratigraphic
and petroleum geochemical data, U.S. Geological Survey, 1979.
* Colijn, A. W., A note on the Multics command language, Software --
Practice and Experience 11, 6, pp 741-744, Jul 1981.
Some aspects of the Multics operating system are critically examined. In
particular, the properties of the command and language are noted as
allowing considerable general purpose programming power. The strength
and weaknesses are discussed and a quantitative evaluation of speed is
attempted based on a comparison of programming the "Towers of Hanoi"
and Ackermann's function in both Multics command language and pll. The
programs also serve to exemplify the use of the command language.
* Colman, S. M., CHEMANAL: A MULTICS Fortran program to calculate
chemical weathering data, U.S. Geological Survey, 1980.
* Connell, David B., Kermit N. Klingbail, and Richard A. Jackson, MULTICS
OLPARS Operating System. Volume I., Pattern Analysis and Recognition
Corp Rome N Y, 219 pages, PAR-74-25-A, F30602-75-C-0226, F30602-73-C-
0352, RADC TR-76-271-Vol-1. NTIS ADA034393
The development of interactive graphics computer systems for use in
detection, identification, and transformation of patterns contained in
high- dimensional data has been a continuing program at the Rome Air
Development Center since 1968. This long standing effort has resulted
in the implementation of OLPARS (the On-Line Pattern Analysis and
Recognition System), IFES (the Image Feature Extraction System), and
WPS (the Waveform Processing System). This report contains detailed
design and user-oriented information related to MOOS (the MULTICS
OLPARS Operating System), and advanced version of OLPARS currently
resident upon the Honeywell 6180 MULTICS computer system. The currently
operational system represents an implemented version of the operations
described in a previous report (RADC-TR-73-241); appropriate selections
of that report are retained within this document. This report contains
brief descriptions of the MOOS system and the mathematics underlying
the system algorithms. A major portion of this document is reserved for
a user's manual (providing detailed information relating to the
operation of all system options) and for MOOS program documentation.
* Corbato, F. J., A paging experiment with the Multics system, Chapter 19
of In Honor of Philip M. Morse, edited by Herman Feshbach and K. Uno
Ingard, M. I. T. Press, Cambridge MA, 217-228, 1969. Available from MIT
Press print-on-demand.
A key strategic question that a paging algorithm must answer whenever a
new page is needed is: "Which page should be removed from core memory?"
(1.9MB PDF )
* Corbato, F. J., and C. T. Clingen, A Managerial View of the Multics
System Development, in Research Directions in Software Technology
edited by P. Wegner, M.I.T. Press, 1979.
(Also published in Tutorial: Software Management, Reifer, Donald J. (ed),
IEEE Computer Society Press, l979; Second Edition l981; Third Edition,
1986.) A reasonable question of a software manager might be "What
possible insight can I gain from the agonies of someone else's
project?"
* Corbato, F. J., and J. H. Saltzer, Some considerations of supervisor
program design for multiplexed computer systems, Proc IFIP 4th Global
Conf, Edinburgh, August 1968. Project MAC memo MAC-M-372, May 1968
One of the principal hurdles in developing multiplexed computer systems
is acquiring sufficient insight into the apparently complex problems
encountered. This paper isolates two system objectives by
distinguishing between problems related to multiplexing and those
arising from sharing of information. In both cases, latent problems of
noninteractive systems are shown to be aggravated by interacting
people. Viewpoints such as reversibility of binding, and mechanisms
such as segmentation, are suggested as approaches to acquiring insight.
It is argued that only such analysis and functional understanding can
lead to simplifications needed to allow design of more sophisticated
systems.
* Corbato, F. J., and V. A. Vyssotsky, Introduction and overview of the
Multics system, AFIPS Conf Proc 27, 185-196, 1965.
Multics (Multiplexed Information and Computing Service) is a
comprehensive, general-purpose programming system which is being
developed as a research project. The initial Multics system will be
implemented on the GE 645 computer. One of the overall design goals is
to create a computing system which is capable of meeting almost all of
the present and near-future requirements of a large computer utility.
* Corbato, F. J., C. T. Clingen, and J. H. Saltzer, Multics -- the first
seven years, Proc SJCC, 571-583, May 1972.
First we review the goals, history and current status of the Multics
project. This review is followed by a brief description of the
appearance of the Multics system to its various classes of users.
Finally several topics are given which represent some of the research
insights which have come out of the development activities.
* Corbato, F. J., M. M. Daggett, and R. C. Daley, An experimental time-
sharing system, AFIPS Conf Proc 21, 335-344, 1962.
It is the purpose of this paper to discuss briefly the need for time-
sharing, some of the implementation problems, an experimental time-
sharing system which has been developed for the contemporary IBM 7090,
and finally a scheduling algorithm of one of us (FJC) that illustrates
some of the techniques which may be employed to enhance and be analyzed
for the performance limits of such a time-sharing system.
* Corbato, F. J., PL/I as a Tool for System Programming, Datamation 15,
5, 68-76, May, 1969.
* Corbato, F. J., Sensitive issues in the design of multi-use systems, M.
I. T. Project MAC, December 1968. MAC-M-383
* Corbato, F. J., On building systems that will fail, (A. M. Turing Award
lecture), Commun. ACM 34 No. 9, September 1991.
What I am really trying to address is the class of systems that for want
of a better phrase, I will call "ambitious systems." It almost goes
without saying that ambitious systems never quite work as expected.
Things usually go wrong and sometimes in dramatic ways. And this leads
me to my main thesis, namely, that the question to ask when designing
such systems is not: "if something will go wrong, but when will it?"
* Corbato, F. J., M. M. Daggett, R. C. Daley, R. J. Creasy, J. D.
Hellwig, R. H. Orenstein, and L. K. Korn, The compatible time-sharing
system: a programmer's guide, 1st ed, M. I. T. Press, June 1963.
The "candy stripe" manual describing early versions of CTSS.
* Couleur, J. F., and E. L. Glaser, Shared-access data processing system,
filed November 26, 1965, awarded November 19, 1968. US Patent no
3,412,382
* Couleur, J. F., and R. F. Montee, Method and means for storing and
accessing information in a shared access multiprogrammed data
processing system, ("New System Architecture" patent) filed November
14, 1978, awarded November 10, 1981. US Patent no 4,300,192
Partitioning, paging, and segmentation techniques are employed with
virtual memory to provide more secure and efficient storage and
transfer of information. The virtual memory is divided into a plurality
of partitions with real memory storage provided by paging the plurality
of partitions. User programs are segmented into logical units and
stored in assigned partitions thereby isolating user programs and data.
Unsegmented programs may be run by storage in a partition with direct
addressing. Segment descriptors including partition, base, and bound
are utilized in accessing memory. User domains are expandable by
temporarily passing descriptor parameters from one routine to another
with access flags limiting access thereto. By shrinking passed
descriptors the receiving routine can be restricted to only a portion
of the information defined by the descriptor.
* Couleur, John F., The Core of the Black Canyon Computer Corporation,
IEEE Annals of the History of Computing Vol. 17, No. 4: Winter 1995,
pp. 56-60.
* Crisman, P. A., Ed., The compatible time-sharing system: a programmer's
guide, 2nd ed, M. I. T. Press, 1965.
Looseleaf.
* Daley, R. C., and J. B. Dennis, Virtual memory, processes, and sharing
in Multics, Commun. ACM 11, 306-312, May 1968.
The value of a computer system to its users is greatly enhanced if a user
can, in a simple and general way, build his work upon procedures
developed by others. The attainment of this essential generality
requires that a computer system possess the features of equipment-
independent addressing, an effectively infinite virtual memory, and
provision for the dynamic linking of shared procedure and data objects.
The paper explains how these features are realized in the Multics
system.
* Daley, R. C., and P. G. Neumann, A general-purpose file system for
secondary storage, AFIPS Conf Proc 27, 212-230, 1965.
The need for a versatile on-line secondary storage complex in a
multiprogramming environment is immense.
* Datapro, An Overview of Operating Systems Security, Datapro Reports on
Information Security, June 1986. Datapro IS56-001
* Datapro, Bull HN Information Systems Inc: Security Capabilities of
Multics, Datapro Reports on Information Security; Vol 3, USA: Datapro
Research. April 1989. IS56-115-101
* David Jr., E. E., and R. M. Fano, Some thoughts about the social
implications of accessible computing, AFIPS Conf Proc 27, 243-248,
1965.
* Davids, Noah S., Experiences with an Interactive Electronic Meeting
Facility, Proc Second Annual Phoenix Conference on Computers and
Communications, 563-567, Mar 1983.
The introduction of an interactive electronic meeting facility, called
Forum, within Honeywell's Large Information Systems Division (LISD), a
large multi-national organization, has had profound effets. The
environment set up by Forum closely mimics that of a face-to-face
meeting. The user interface, based on a TTY-style terminal, allows the
users to concentrate on the content of the meeting instead of on the
interface or the computer. Forum is briefly described, and LISD's
experiences, both good and bad, are discussed.
* Davis, R. C., A Security Compliance Study of the Air Force Data
Services Center Multics System, Mitre Corp., Bedford, Mass, NTIS,
December 1976.
Do the hardware and software security features of the Air Force Data
Services Center (AFDSC) Multics system comply with the Department of
Defense security requirements. To answer this question AFDSC
commissioned MITRE to undertake a study to compare intrinsic features
of the AFDSC Multics system with the applicable requirements set forth
in DoD Requirement 5200.28 and expanded upon in DoD Manual 5200.28-M.
(also available as DTIC AD-A034985)
* Davis, Edward W., STARAN parallel processor system software, Proc AFIPS
74.
This paper is concerned with the features and concepts of system software
for a parallel associative array processor---STARAN. Definitions of
parallel processors have appeared often. Essentially they are machines
with a large number of processing elements. They have the capability to
operate on multiple data streams with a single instruction stream.
STARAN is a line of parallel processors with a variable number of
processing elements.
* Denning, P. J., The working set model for program behavior, Commun. ACM
11, 5, 323-333, May 1968.
* Denning, P. J., Virtual memory, ACM Computing Surveys 2, 3, 153-189,
September 1970.
* Denning, P. J., Effects of scheduling on file memory operations, Proc
1967 SJCC, 1967.
* Denning, P. J., A statistical model for console behavior in multiuser
computers, Commun. ACM, Sep 1968.
* Denning, P. J., Thrashing: its causes and prevention, Proc 1968 FJCC,
1968.
A particularly troublesome phenomenon, thrashing, may seriously interfere
with the performance of paged memory systems, reducing computing giants
(Multics, IBM System 360, and others not necessarily excepted) to
computing dwarfs. The term thrashing denotes excessive overhead and
severe performance degradation or collapse caused by too much paging.
Thrashing inevitably turns a shortage of memory space into a surplus of
processor time.
* Denning, P. J., Equipment configuration in balanced computer systems,
IEEE Trans on Computers, Nov 1969.
* Denning, P. J., Comments on a linear paging model, Proceedings of the
1974 ACM SIGMETRICS conference on Measurement and evaluation, Jan 1974.
The linear approximation relating mean time between page transfers
between levels of memory, as reported by Saltzer for Multics, is
examined. It is tentatively concluded that this approximation is
untenable for main memory, especially under working set policies; and
that the linearity of the data for the drum reflects the behavior of
the Multics scheduler for background jobs, not the behavior of
programs.
* Dennis, J. B., A multiuser computation facility for education and
research, Commun. ACM 7, 521-529, September 1964.
* Dennis, J. B., Segmentation and the design of multiprogrammed computer
systems, IEEE Intl Convention Rec 3, 214-225, 1965.
* Deutsch, L. P., and B. W. Lampson, An online editor, (qed), Commun. ACM
10, 12, pp 793-799, December 1967.
* Diamond, D. S., and L. L. Selwyn, Considerations for computer utility
pricing policies, Proc ACM 23d Natl Conf, 189-200, 1968.
There are a number of different philosophies concerning the problems of
pricing the resources of a multi-access computer utility. Although some
have been proposed only academically, others have actually been
implemented by the various fledgling systems that have come into
existence during the past few years.
* Dominick, W. D., and S. K. Agarwal, MADAM: Multics Approach to Data
Access and Management Users Guide, Computer Science Department,
University of Southwestern Louisiana, 1977. Technical Report CMPS-77-6-
1
The MADAM system was developed to provide the framework for conducting
information system research, design, implementation, measurement and
evaluation experiments within the context of the Multics operating
system. This paper overviews some of the more important aspects of the
design philosophy of MADAM.
* Donovan, J. J., Tools and philosophy for software education, Commun.
ACM, 19, Issue 8, August 1976.
* Downey, P. J., MULTICS Security Evaluation: Password and File
Encryption Techniques, US Air Force, Electronic Systems Div, Hanscom
AFB Mass,, Jun 1977. NTIS AD-A045 279/7
* Dyar, J. D., Multics Remote Data Entry System. Volume II. Clustering
Additions to MOOS, PATTERN ANALYSIS AND RECOGNITION CORP ROME N Y, Oct
1979. DTIC ADA080626
This report describes the clustering algorithms added to the MULTICS
OLPARS Operating System under this effort.
* Elefante, Donald M., Unattended Testing Sessions on the Honeywell
Multics Computer, Rome Air Development Center Griffiss AFB N Y (MAR
1977).. NTIS ADA041824
This report discusses the procedure used to run a series of machine-
dedicated performance evaluation tests without any machine operator
intervention, either before or after the tests, and with minimum
disruption to normal time-sharing service. The procedure involves,
among other things, setting up a control program to execute at some
optimum time in the future, whereupon MULTICS is automatically induced
to remove itself from its normal user support status, log in a
predetermined set of artificial users for the duration of the test, and
following this, restore itself to its normal user (timesharing) status.
43 pages.
* Elspas, B., R. E. Shostak, and J. M. Sptizen, A Verification System for
JOCIT/J3 Programs (Rugged Programming Environment - RPE/2)., Stanford
Research Inst Menlo Park Calif. DTIC ADA042670
This report describes work done during the second year of a research and
development program aimed ultimately at a Rugged Programming
Environment for JOVIAL. The RPE/1 verification system designed and
built during the first year has been greatly extended and improved in
several ways. The basic method of verification remains the same--that
of inductive assertions. The input processor has been modified to
handle virtually of all JOCIT instead of the small subset covered by
the RPE/1 system. The overall speed of verification has been increased
by a factor of over 25. Ease of user interaction with the system has
been greatly enhanced by adding facilities for carrying out and saving
partial proofs of programs, for extending the assertion language, and
for enabling top-down and bottom-up proofs for well-structured
programs. Moreover, the entire system has been translated into MACLISP,
the system files have been transferred to the RADC-MULTICS Honeywell
6180 computer, and a sample verification (shown in the report) has been
carried out entirely on the RADC computer.
* Enslow, Philip H., 6180 Multics Systems and 6000 Series, Appendix C
(pages 219-228) of Philip H. Enslow, editor, Multiprocessors and
Parallel Processing, John Wiley & Sons, New York, 1974..
* Fano, R. M., and P. Elias, Project MAC 25th Anniversary, M. I. T.
Laboratory for Computer Science, 1989.
* Fano, R. M., The computer utility and the community, IEEE Int
Convention Record 12, 30-37, 1967.
* Fano, R. M., The MAC system: The computer utility approach, IEEE
Spectrum 2, 56-64, January 1965.
* Fano, R. M., and F. J. Corbato, Time-sharing on computers, Scientific
American 215, 3, September, 1966, pp. 129-140.
also in Information, A Scientific American Book, W. H. Freeman & Co., pp.
76-95, 1966
* Fano, R. M., Project MAC, Encyclopedia of Computer Science and
Technology, Vol 12, Marcel Dekker, Inc. New York and Basel, 1979.
* Feiertag, R. J., and E. I. Organick, The Multics input/output system,
Proc ACM Third SOSP, 35-41, October 1971.
An I/0 system has been implemented in the Multics system that facilitates
dynamic switching of I/0 devices. This switching is accomplished by
providing a general interface for all I/O devices that allows all
equivalent operations on different devices to be expressed in the same
way. Also particular devices are referenced by symbolic names and the
binding of names to devices can be dynamically modified. Available I/0
operations range from a set of basic I/0 calls that require almost no
knowledge ...
* Feiertag, R. J., Karl N. Levitt, and Lawrence Robinson, Proving
Multilevel Security of a System Design, ACM Operating Systems Review
11, 5, Proc ACM 6th SOSP, West Lafayette, IN, November 1977.
* Feingold, Richard, Electronic Resources for Security Related
Information, US Department of Energy, Lawrence Livermore National
Laboratory, Computer Incident Advisory Capability, December 1994. CIAC-
2307 R.1
* Yochelson, J. C., A LISP garbage collector for virtual memory computer
systems, Commun. ACM 12, 611-612, 1969.
* Fenichel, Robert R., Joseph Weizenbaum, and Jerome C. Yochelson, A
program to teach programming, Commun. ACM 13, 1970.
The TEACH system was developed at MIT to ease the cost and improve the
results of elementary instruction in programming. To the student, TEACH
offers loosely guided experience with a conversational language which
was designed with teaching in mind. Faculty involvement is minimal. A
term of experience with TEACH is discussed. Pedagogically, the system
appears to be successful; straighforward reimplementation will make it
economically successful as well. Similar programs of profound tutorial
skill will appear only as the results of extended research. The
outlines of this research are beginning to become clear.
* Finfer, M., J. Fellows, and D. Casey, Software debugging methodology.
Volume II: Handbook for debugging in the MULTICS/GCOS/RTM environments,
System Development Corp, Santa Monica, Calif, Apr 1979.
A debugging study was conducted which surveyed current research being
performed in the area of software debugging during integration level
testing. Particular emphasis was placed on assessing debugging tools
and techniques which were applicable to embedded software developments.
The purpose of the debugging study was to define a software debugging
methodology applicable to diverse environments to be utilized during
integration testing of system software. The results of the study are
contained in three volumes. This volume presents the application of the
debugging methodology to three specific environments. 122 pages.
* Flamm, Kenneth, Targeting the Computer: Government Support and
International Competition, Washington, DC; Brookings Institution, 1987,
pp. 42-92..
* Frankston, Robert M., A Limited Service System on Multics, Bachelor of
Science thesis, M. I. T. Department of Electrical Engineering, June
1970.
* Frankston, Robert M., Multics: Lightweight Processes, Unpublished
memorandum, MIT Project MAC, March 1974.
This is a pair of memos I wrote in 1974 when I was a graduate student
working on the Multics project. (precursors of MIT CSR-RFC-123)
* Freiburghouse, R. A., A user's guide to the Multics FORTRAN compiler
implementation, CISL, October 1969.
A document that provides the prospective Multics FORTRAN user with
sufficient information to enable him to create and execute FORTRAN
programs on Multics. It contains a complete definition of the Multics
FORTRAN language as well as a description of the FORTRAN command and
error messages. It also describes how to communicate with non-FORTRAN
programs and discusses some of the fundamental characteristics of
Multics that affect the FORTRAN user. 68 pages. -- Organick
* Freiburghouse, R. A., The Multics PL/1 compiler, Proc 1969 FJCC, 187-
199, 1969.
Description of the Multics version 1 PL/I compiler implementation.
* Freiburghouse, R. A., Register allocation via usage counts, Commun. ACM
17, Issue 11, November 1974.
This paper introduces the notion of usage counts, shows how usage counts
can be developed by algorithms that eliminate redundant computations,
and describes how usage counts can provide the basis for register
allocation. The paper compares register allocation based on usage
counts to other commonly used register allocation techniques, and
presents evidence which shows that the usage count technique is
significantly better than these other techniques.
* Frenkel, K. A., An interview with Fernando Jose Corbato, Commun. ACM 34
No. 9, September 1991.
* Friesen, O. D., and J. A. Weeldreyer, Multics Integrated Data Store: An
Implementation of a Network Data Base Manager Utilizing Relational Data
Base Methodology, Proc 11th Hawaii Intl Conf on System Sciences, Vol 1,
pp. 67-84, 1978.
* Friesen, O. D., N.S. Davids, and R. E. Brinegar, MRDS/LINUS: System
Evaluation, in Relational Database Systems: Analysis and Comparison, J.
W. Schmidt and M. L. Brodie, eds., Berlin, Springer-Verlag, 1983.
* Gasser, M., A Random Word Generator for Pronouncable Passwords, MTR-
3006, The Mitre Corporation, Bedford, MA 01730, ESD-TR-75-97, HQ
Electronic Systems Division, Hanscom AFB, MA 01731. 1975. NTIS AD A
017676
* Gasser, M., S. R. Ames, and L. J. Chmura, Test Procedures for Multics
Security Enhancements, Mitre Corp., Bedford, Mass., NTIS, December
1976.
(also available as DTIC AD-A034986)
* Gasser, M., Top Level Specification of a Security Kernel for Multics
Front-End Processor, MTR-3269, Mitre Corp., Bedford, Mass., November
1977.
* Gifford, D., Hardware Estimation of a Process's Primary Memory
Requirements, Commun. ACM 20, 9, September 1977.
A minor hardware extension the Honeywell 6180 processor is demonstrated
to allow the primary memory requirements of a process in Multics to be
approximated. The additional hardware required for this estimate to be
computed consists of a program accessible register containing the miss
rate of the associative memory used for page table words. This primary
memory requirement estimate was employed in an experimental version of
Multics to control the level of multiprogramming in the system and to
bill for memory usage. The resulting system's tuning parameters display
configuration insensitivity, and it is conjectured that the system
would also track shifts in the referencing characteristics of its
workload and keep the system in tune.
* Gilson, J. R., Security and Integrity Procedures., Honeywell
Information Systems Inc, Mclean Va, Federal Systems Operations, 21
pages, F19628-74-C-0193, ESD TR-76-294. NTIS ADA040328
This report covers the procedures required to protect critical phases of
the design, development, and certification of a secure Multics.
Involved is protection of the security kernel software from
unauthorized alteration or sabotage. The facilities of the Government
Information Security Program are applied. The program includes
protection of a security kernel for Multics and a security kernel for
the Secure Communications Processor.
* Glaser, Edward L., A brief description of privacy measures in the
Multics operating system, Proc AFIPS 1967 SJCC, pp 303-304. 1967.
The problem of maintaining information privacy in a multi-user, remote-
access system is quite complex. Hopefully, without going into detail,
some idea can be given of the mechanisms that have been used in the
Multics operating system at MIT.
* Glaser, E. L., J. F. Couleur, and G. A. Oliver, System design of a
computer for time-sharing applications, AFIPS Conf Proc 27, 197-202,
1965.
In the late spring and early summer of 1964 it became obvious that
greater facility in the computing system was required if time-sharing
techniques were to move from the state of an interesting pilot
experiment into that of a useful prototype for remote access computer
systems. Investigation proved computers that were immediately available
could not be adapted readily to meet the difficult set of requirements
time-sharing places on any machine. However, there was one system that
appeared to be extendible into what was desired. This machine was the
General Electric 635.
* Gligor, Virgil D., Some thoughts on denial-of-service problems,
University of Maryland, College Park, MD, 16 Sept. 1982.
* Goldstein, R. C., and A. L. Strnad, The MacAIMS Data Management System,
ACM SIGFIDET, Houston TX, 1970. 963K
* Graham, R. M., Protection in an information processing utility, Commun.
ACM 11, 5, 365-369, May 1968.
In this paper we will define and discuss a solution to some of the
problems concerned with protection and security in an information
processing utility. This paper is not intended to be an exhaustive
study of all aspects of protection in such a system. Instead, we
concentrate our attention on the problems of protecting both user and
system information (procedures and data) during the execution of a
process. We will give special attention to this problem when shared
procedures and data are permitted.
* Graham, Robert M., Gerald J. Clancy, and David B. DeVaney, A software
design and evaluation system, Commun. ACM 16, 2, 110,116, Feb 1973.
* Green, Paul, An implementation of SEAL on Multics., S. B. Thesis,
Department of Electrical Engineering, M. I. T., Cambridge, May, 1973.
* Greenberg, B. S., Multics Emacs: an experiment in computer interaction,
Proc Fourth Honeywell Software Conf, March 1980.
* Greenberg, B. S., Prose and CONS (Multics Emacs: production text-
processing in Lisp), Report on the 1980 LISP Conference, August 1980.
This paper addresses the choice of Lisp as the implementation language,
and its consequences, including some of the implementation issues. The
detailed history of Multics Emacs, its system-level design
considerations, and its impact on Multics and its user community are
discussed in [Greenberg]. One of the immediate and profound
consequences of this choice has been to assert Lisp's adequacy, indeed,
superiority, as a full-fledged systems and applications programming
language. Multics Emacs ...
* Greenberg, B. S., "Multics Emacs: The History, Design and
Implementation", 1979.
Multics Emacs is a video-oriented text preparation and editing system
running on Honeywell's Multics system, being distributed as an
experimental offering in Multics Release 7.0. From the viewpoint of
Multics, it represents the first video-management software to be
implemented, the first time character-at-a-time-interaction has been
used, and a radical and complete departure from other editing and text
preparation tools and techniques prevalent on Multics.
* Greenberg, B. S., The Multics MACLISP Compiler. The Basic Hackery. A
tutorial, 1977.
If you are not already familiar with LISP, in some detail, including the
traditional implementations and value/object issues, you probably
should not be reading this.
* Greenberg, B. S., and S. H. Webber, The Multics Multilevel Paging
Hierarchy, Proc 1975 IEEE Intercon, 1975.
This paper describes the Multics multilevel paging system, the Page
Multilevel algorithm or PML for short, with particular emphasis on the
algorithms used to move pages from one level of the storage hierarchy
to another. The paper also discusses some of the history and background
of the development in particular where it relates to changes in the
algorithms. Although Multics has been in working existence for many
years, many of its features are still novel and implemented on few if
any other operating systems. For this reason, a discussion of some of
the terminology as it relates to Multics is also included as background
for the reader. Finally, a discussion is presented which predicts
probable future developments both on Multics and other systems with
respect to hierarchically organized memories (storage hierarchies) in
light of what we have learned from Multics.
* Greenberger, Martin, The Computers of Tomorrow, Atlantic Monthly, May
1964.
In the past two decades, thousands of computers have been applied
successfully in various industries. How much more widespread will their
use become? Martin Greenberger, who is associate professor at the
School of Industrial Management of M.I.T., has been working with
computers for fourteen years.
* Grochow, J. M., MOO in Multics, Software -- Practice and Experience 2,
303-308, 1972. 179K
PL/I source is online.
* Grochow, J. M., Real-time graphic display of time-sharing system
operating characteristics, AFIPS Conf Proc 35 (1969 FJCC), AFIPS Press,
pp. 379-385, 1969.
The Graphic Display Monitoring System (GDM) is an experimental monitoring
facility for Multics, a general purpose time-sharing system implemented
at Project MAC cooperatively with General Electric and the Bell
Telephone Laboratories. GDM allows design, systems programming, and
operating staff to graphically view the dynamically changing properties
of the timesharing system. It was designed and implemented by the
author to provide a medium for experimentation with the real-time
observation of time-sharing system behavior. GDM has proven to be very
useful both as a measuring instrument and a debugging tool and as such
finds very general use.
* Gumpertz, Richard Henry, The Design and Fabrication of an ARPA Network
Interface, Bachelor of Science thesis, M. I. T. Department of
Electrical Engineering, July 1973.
* Gunson, Alison, Directory of library software for microcomputers:
Design and implementation of a STATUS database, and hardcopy output
using the Multics Wordpro system, ASIN: B0000CHIWC.
* Haggett, Allan G., John R. McFadden, and Peter R. Newsted, Naive user
behavior in a restricted interactive command environment, ACM SIGSOC
Bulletin, Volume 13, Issue 2-3, p 139 1982. ISBN:0-89791-064-8
Results are reported showing the changing pattern of command use by
introductory business data processing students. Using the ability of
the University of Calgary's Honeywell Multics Operating System to
tailor a command and response environment, a subset of commands and
responses (called GENIE) was set up in a user-friendly environment to
facilitate novice students programming at CRT terminals. Frequency and
time of usage of all commands was metered and changing patterns of
usage emerged as the semester progressed. For example, "help" usage --
which was originally quite extensive and broad -- limited itself over
time to questions only about specific topics. Reluctance to use an
"audit" facility to capture an interactive session disappeared as the
commands for such usage were likened to a movie camera taking pictures
over a student's shoulder. It is further noted that specific emphasis
was placed on simplifying commands and reducing options.The whole idea
of a restricted command environment is compared to the "abstract
machine" concept of Hopper, Kugler, and Unger who are building a
universal command and response language (NICOLA, a NIce Standard
COmmand LAnguage). GENIE is seen as an example of what such an abstract
machine could be if the Multics operating system were viewed as a basic
or "parent" abstract machine. Interactive environments such as Multics
provides are viewed as essential to providing a satisfactory
timesharing system for the various, but frequently intermittent uses,
in the social sciences.
* Hebalkar, Prakash Gurunath, Asynchronous cooperative multiprocessing
within MULTICS., S.M. Thesis, Department of Electrical Engineering,
M.I.T., June 1968.
* Henderson, H., and Elliott I. Organick, Considerations in the Design of
an XDS Sigma 7 Multics, University of Texas, Department of Computer
Science, September, 1969. NTIS AD0713477
* Henningan, K. B., Hardware Subverter for the Honeywell 6180, MTR-3280,
Dec. 1976, pp. 1-222. 1976. ESD-TR-76-352
(also available as DTIC AD-A034221)
* Hilton, Jarvis Gene, Instructional data base development using MULTICS
relational data store, Thesis (M.B.A.)--San Diego State University,
1978..
* Hinke, Thomas H., and Marvin Schaefer, Secure Data Management System.,
System Development Corp, Santa Monica Calif, 197 pages, SDC-TM-(L)-
5407/007/00, F30602-74-C-0258, RADC TR-75-266. NTIS ADA019201
This report describes the design of a Secure Data Management System (DMS)
that is to operate on a Secure MULTICS Operating System Kernel. The DMS
achieves its security by mapping its data base into the security
structure provided by the operating system, with the result that the
DMS need contain no security enforcement code. The logical view chosen
for the DMS is the relational view of data.
* Honeywell, Prototype Secure MULTICS Specification, Preliminary draft,
Honeywell Information Systems Inc., Mclean Va Federal Systems
Operations, January 1976. NTIS AD-A055 166/3
* Honeywell, Multics Security Kernel Certification Plan, Honeywell
Information Systems Inc Mclean Va Federal Systems Operations, July
1976. NTIS AD-A055 171/3
* Ikeda, Katsuo, Structure of a computer utility: anatomy of Multics, (in
Japanese), 2nd ed, Shokoda Co Ltd, Tokyo, Japan, 1976.
* Iuorno, Normand, Rzepka, Kobziar, LaMonica, Douglas White, and
McCauley, RADC/MULTICS evaluation, May 1971. RADC-TR-71-121
* Janson, Phillippe A., Dynamic linking and environment initialization in
a multi-domain process, ACM 5th Symposium on Operating System
Principles, 1975.
As part of an effort to engineer a security kernel for Multics, the
dynamic linker has been removed from the domain of the security kernel.
The resulting implementation of the dynamic linking function requires
minimal security kernel support and is consistent with the principle of
least privilege. In the course of the project, the dynamic linker was
found to implement not only a linking function, but also an environment
initialization function for executing procedures. This report presents
an analysis of dynamic linking and environment initialization in a
multi-domain process, isolating three sets of functions requiring
different sets of access privileges. A design based on this
decomposition of the dynamic linking and environment initialization
functions is presented.
* Janson, P. A., Using Type-Extension to Organize Virtual-Memory
Mechanisms, Operating Systems Review, Vol 15 #4 (October 1981) pages 6-
38.
As part of an effort to engineer a security kernel for Multics, the
dynamic linker has been removed from the domain of the security kernel.
The resulting implementation of the dynamic linking function requires
minimal security kernel support and is consistent with the principle of
least privilege. In the course of the project, the dynamic linker was
found to implement not only a linking function, but also an environment
initialization function for executing procedures. This report presents
an analysis of dynamic linking and environment initialization in a
multi-domain process, isolating three sets of functions requiring
different sets of access privileges. A design based on this
decomposition of the dynamic linking and environment initialization
functions is presented.
* Jarvis, J. E., The many faces of Multics, The Computer Journal, 1975;
18: 2-6.
* Jones, Malcolm M. et al., The SIMPL Primer, Oct 1971.
* Jones, Malcolm M., On-line simulation, ACM CSC-ER, Proc 22d National
Conference, 1967.
An on-line simulation system allows both the user and the computer to
cooperate and share the task of performing the simulation. It does this
by providing facilities for the user to interact with the computer so
that they may both play active roles in the simulation process as it is
occurring. Thus, the user may perform some of the simulation functions
himself and the computer performs the remaining ones. Alternately, the
user may act only as a monitor and observe, verify and record data or
modify and redirect the simulation when it strays erroneously from the
desired path. A second feature of an on-line simulation system is that
it may allow the actual phenomenon being simulated to become a part of
the simulation.
* Jordan, D. M., Multics Data Security, Scientific Honeyweller 2, 2, June
1981.
* Kanodia, R. K., Performance improvement in ARPANET file transfers from
Multics, Nov 1974. RFC 662
* Kaplow, Roy, David Schneider, Franklin C. Smith, and William R.
Stensrud, Computer assistance for writing interactive programs: TICS,
Proceedings of the 1973 annual ACM conference, August 1973.
In this paper, we describe an on-line and interactive programming system,
TICS(1) (for Teacher-Interactive Computer System), which is aimed at
facilitating the authoring of interactive computer programs. The system
includes particular features for creating instructional software, and
in that application it is intended for direct use by teachers or other
persons whose expertise lies in the subject matter being addressed, but
not necessarily in computer programming. To that purpose, the system
provides a greater degree of computer-assistance for the authoring
process itself than has been afforded in earlier languages and
programming systems of similar orientation(2-5). TICS is implemented
within the M. I. T. Multics time-sharing system (6) in two components:
an author system and a delivery system. The former provides the tools
for writing, investigating, editing, and trying out programs. The
latter provides a special environment for student use of the programs.
* Karger, Paul A., The Lattice Security Model In A Public Computing
Network, ACM CSC-ER, Proc 1987 National Conference, December 1978.
This paper defines the lattice security model and shows it to be useful
in private sector applications of decentralized computer networks. It
examines discretionary security models and shows them to be inadequate
to protect against 'Trojan Horse' attacks. It examines the management
of large security lattices and proposes solutions to the proliferation
of categories problem.
* Karger, Paul A., and Roger R. Schell, Multics Security Evaluation:
Vulnerability Analysis, ESD-TR-74-193, Vol 2, Electronic Systems
Division, USAF, June 1974. NTIS AD-A001 120/5
A security evaluation of Multics for potential use as a two-level
(Secret/Top Secret) system in the Air Force Data Services Center
(AFDSC) is presented. An overview is provided of the present
implementation of the Multics Security controls. The reports then
details the results of a penetration exercise of Multics on the HIS 645
computer. In addition, preliminary results of a penetration excise of
Multics on the new HIS 6180 computer are presented. The report
concludes that Multics as implemented today is not certifiably secure
and cannot be used in an open use multi-level system. However, the
Multics security design principles are significantly better than other
contemporary systems. Thus, Multics as implemented today, can be used
in a benign Secret/Top Secret environment. In addition, Multics forms a
base from which a certifiably secure open use multi-level system can be
developed.
* Karger, Paul A., New Methods for Immediate Revocation, in: Proc 1989
IEEE Symposium on Security and Privacy, Oakland, California, USA: IEEE
Computer Society, pp 48-55, May, 1989.
* Karger, Paul A., An Implementation of XPL for Multics, SB thesis, June
1972, Massachusetts Institute of Technology: Cambridge, MA.
* Karger, Paul A., and Roger R. Schell, Thirty Years Later: Lessons from
the Multics Security Evaluation, Proc ACSAC 2002. IBM Research Report
RC22534.
Almost thirty years ago a vulnerability assessment of Multics identified
significant vulnerabilities, despite the fact that Multics was more
secure than other contemporary (and current) computer systems.
Considerably more important than any of the individual design and
implementation flaws was the demonstration of subversion of the
protection mechanism using malicious software (e.g., trap doors and
Trojan horses). A series of enhancements were suggested that enabled
Multics to serve in a relatively benign environment. These included
addition of "Mandatory Access Controls" and these enhancements were
greatly enabled by the fact the Multics was designed from the start for
security. However, the bottom-line conclusion was that "restructuring
is essential" around a verifiable "security kernel" before using
Multics (or any other system) in an open environment (as in today's
Internet) with well-motivated professional attacks employing
subversion. The lessons learned from the vulnerability assessment are
highly applicable today as governments and industry strive
(unsuccessfully) to "secure" today's weaker operating systems through
add-ons, "hardening", and intrusion detection schemes.
* Karger, P. A., D. C. Toll, E. R. Palmer, S. K. McIntosh, S. M. Weber,
and J. Edwards, Implementing a High-Assurance Smart-Card OS, Proc
Financial Cryptography and Data Security 10. Lecture Notes in Computer
Science Vol. 6052, Springer. p. 51-65.
Building a high-assurance, secure operating system for memory constrained
systems, such as smart cards, introduces many challenges. The
increasing power of smart cards has made their use feasible in
applications such as electronic passports, military and public sector
identification cards, and cell-phone based financial and entertainment
applications. Such applications require a secure environment, which can
only be provided with sufficient hardware and a secure operating
system. We argue that smart cards pose additional security challenges
when compared to traditional computer platforms. We discuss our design
for a secure smart card operating system, named Caernarvon, and show
that it addresses these challenges, which include secure application
download, protection of cryptographic functions from malicious
applications, resolution of covert channels, and assurance of both
security and data integrity in the face of arbitrary power losses. The
paper is of interest to Multicians, because the Caernarvon operating
system uses a clone of the Multics quota mechanism to control usage of
the very limited amount of persistent memory on the smart card.
* Karger, Paul Ashley, Improving Security and Performance for Capability
Systems, PhD thesis, March 1988, Cambridge University.
This dissertation examines two major limitations of capability systems:
an inability to support security policies that enforce confinement and
a reputation for relatively poor performance when compared with non-
capability systems.
* King, Jane, and William A. Shelly, A Family History of Honeywell's
Large-Scale Computer Systems, IEEE Annals of the History of Computing
Vol. 19, No. 4, October/ December 1997. Dec 1997.
* Klensin, John Conrad, The Consistent System, Multics version: Handbook
of programs and data, Massachusetts Institute of Technology, Laboratory
of Architecture and Planning, 1978.
* Koch, R. D., TMPLOT -- Transverse Mercator Plot Program for Multics,
U.S. Geological Survey (1980).
* Kork, John O., Modifications of the IBM Personal Computer Asynchronous
Communications Support programs for use with the Multics, U.S.
Geological Survey, 1983.
* Lackey, R. D., Penetration of Computer Systems, an Overview, Honeywell
Computer Journal 8, 2, 1974.
* Lahr, J. C., HYPOELLIPSE/MULTICS: A computer program for determining
local earthquake hypocentral parameters, magnitude, and first-motion
pattern, U.S. Geological Survey Open-File Report 80-59, 59 p..
* Lahr, John C., SQUASH/MULTICS: A computer program to be used in
conjunction with HYPOELLIPSE to generate an augmented phase data
archive, U.S. Geological Survey, 1980.
* Landwehr, Carl E., The Best Available Technologies for Computer
Security, IEEE Computer 16(7) pp.86-100, July 1983.
* Landwehr, Carl E., Alan R. Bull, John P. McDermott, and William S.
Choi, A taxonomy of computer program security flaws, ACM Computing
Surveys 26, 3, 211-254. Sept. 1994.
An organized record of actual flaws can be useful to computer system
designers, programmers, analysts, administrators, and users. This
survey provides a taxonomy for computer program security flaws, with an
Appendix that documents 50 actual security flaws. These flaws have all
been described previously in the open literature, but in widely
separated places. For those new to the field of computer security, they
provide a good introduction to the characteristics of security flaws
and how they ...
* Lee, J. A. N., The Rise and Fall of the General Electric Corporation
Computer Department, IEEE Annals of the History of Computing Vol. 17,
No. 4: Winter 1995, pp. 24-45. 1995.
The computer department of the General Electric Corporation began with
the winning of a single contract to provide a special purpose computer
system to the Bank of America, and expanded to the development of a
line of upward compatible machines in advance of the IBM System/360 and
whose descendants still exist in 1995, to a highly successful time-
sharing service, and to a process control business. Over the objections
of the executive officers of the Company the computer department
strived to become the number two in the industry, but after fifteen
years, to the surprise of many in the industry, GE sold the operation
and got out of the competition to concentrate on other products that
had a faster turn around on investment and a well established first or
second place in their industry. This paper looks at the history of the
GE computer department and attempts to draw some conclusions regarding
the reasons why this fifteen year venture was not more successful,
while recognizing that there were successful aspects of the operation
that could have balanced the books and provided necessary capital for a
continued business.
* Lee, J. A. N., and George E. Snively, The Rise and Sale of the General
Electric Corporation Computer Department, IEEE Annals of the History of
Computing April-June 2000 (vol. 22 no. 2) pp. 53-60..
This article is a follow-up and extension of the first author's 1995
Annals article entitled, "The Rise and Fall of the General Electric
Corporation Computer Department." It is divided into three parts: a
study of the financial implications of rental versus sales in the
larger GE environment, a collection of differing views with respect to
the GE management paradigm and its effect on the Computer Department,
and a set of corrections to the original article.
* Lipari, Charles A., An intelligent temperature monitor-control system
for the University of Southwestern Louisiana Multics machine room,
Thesis USL, 1978.
* Lipner, S. B., Computer security research and development requirements,
MITRE Corp, Bedford MA, February 1973. MTP-142
* Lipner, Steven B., A comment on the confinement problem, Proc 5th
symposium on Operating systems principles, November 1975.
* Lively, Mark Beirne, Time aspects of paging on MULTICS., MIT thesis,
1971.
52 pages
* Loepere, Keith, Resolving covert channels within a B2 class secure
system, ACM SIGOPS Operating Systems Review, Volume 19 Issue 3, July
1985.
For a secure computer system in the B2, B3 and A1 classes (as defined by
the DoD Trusted Computer System Evaluation Criteria), the problem of
confining a process such that it may not transmit information in
violation of the *-property is an analyzable and solvable problem.This
paper examines the problem of covert channels and attempts to analyze
and resolve them relative to satisfying the B2 security requirements. A
novel solution developed for the Multics computer system for a class of
covert channels is presented.
* Loepere, Keith, The covert channel limiter revisited, ACM SIGOPS
Operating Systems Review, Volume 23 Issue 2, April 1989.
In a previous article, I introduced the idea of a mechanism (the covert
channel limiter) that would watch for the potential uses of covert
channels and affect the responsible process (or process group) only
when such potential uses exceeded the allowable bandwidth for covert
channels. Recent work involving the design of the Opus operating system
(target class B3) has refined and extended this idea. This paper
extends the informal basis for the covert channel limiter and extends
its possible utility.
* Loome, James R., Mark L. Langberg, and Albert J. Thurmond, Wartime
Manpower Programing System: Final Report, Management Systems Division,
General Research Corporation, 1980. 1063-03-80-CR
* Lorho, Bernard, Semantic attributes processing in the system DELTA,
Lecture Notes In Computer Science; Vol. 47, Symposium on Methods of
Algorithmic Language Implementation, Springer-Verlag, London, UK, 1975.
ISBN:3-540-08065-1
* Lucas, Henry C., An on-line user information facility for the Multics-
time-sharing system (Project MAC), Massachusetts Institute of
Technology Project MAC (1967).
textbookland.com lists the price for this report as 10 trillion dollars.
* Mackenzie, Donald, and Garrel Pottinger, Mathematics, Technology, and
Trust: Formal Verification, Computer Security, and the U.S. Military,
IEEE Annals of the History of Computing Vol. 19, No. 3: JULY-SEPTEMBER
1997, pp. 41-59. Sept 1997.
A distinctive concern in the U.S. military for computer security dates
from the emergence of time-sharing systems in the 1960s. This paper
traces the subsequent development of the idea of a "security kernel"
and of the mathematical modeling of security, focusing in particular on
the paradigmatic Bell-La Padula model. The paper examines the
connections between computer security and formal, deductive
verification of the properties of computer systems. It goes on to
discuss differences between the cultures of communications security and
computer security, the bureaucratic turf war over security, and the
emergence and impact of the Department of Defense's Trusted Computer
System Evaluation Criteria (the so-called Orange Book), which
effectively took its final form in 1983. The paper ends by outlining
the fragmentation of computer security since the Orange Book was
written.
* Mainnikko, Sirkku, Multics in the computer world, Master's thesis in
social anthropology.
* Margulies, Benson I., Security in a Multics environment, USA: Auerbach
Publishers Inc. Honeywell Information Systems, 1985.
* Margulies, B I, An overview of Multics security, Proc 2nd IFIP
international conference on Computer security, Dec 1984.
* Mark, Robert K., User oriented, interactive Multics computer programs
to create grid cell, contour, and perspective maps using Surface
Display Library, U.S. Geological Survey, 1981.
* Martin, Thomas Joseph, A performance analysis of the relational data
management system, Massachusetts Institute of Technology. Dept. of
Electrical Engineering and Computer Science. Thesis. 1976. B.S., 1976.
* McCarthy, J., A time-sharing operator program for our projected IBM
709, M. I. T. Computation Center memo, 1959.
* McClure, R. M., TMG -- a syntax directed compiler, Proc 20th ACM
National Conf, 262-274, 1965.
* McGee, R. C., My Adventures with Dwarfs: A Personal History in
Mainframe Computers, unpublished manuscript.
The book is a slice through the history of those mainframe machines as
experienced by the author.
* McGibbon, Thomas L., MULTICS Long Waveform Analysis System., Pattern
Analysis and Recognition Corp Rome N Y, 551 pages, PAR-78-28, F30602-
77-C-0090, RADC TR-78-218. NTIS ADA062111
The objective of the research described in this report was the
development and software implementation of a Long Waveform Analysis
System (WAVES) on the Honeywell 6180 Computer System running under the
MULTICS operating System. The currently operational WAVES System is an
open-ended and flexible system for primary use in feature definition
and extraction and, as such, serves as a front-end to the MULTICS
version of OLPARS (On-Line Pattern Analysis and Recognition System).
The development of computer-based interactive feature definition and
pattern classification systems has been a continuing program at Rome
Air Development Center since 1968. This long standing effort has
resulted in the implementation of OLPARS, IFES (the Image Feature
Extraction System), IDRS (the Interactive Digital Receiver Simulator
System), and WPS (the Waveform Processing System). WAVES represents a
furtherance of this continuing effort and a logical expansion and
improvement of currently available waveform analysis and feature
definition systems.
* McRae, J. R., and W. Y. Svrcek, Honeywell Multics: an approach to
simplify use of an interactive simulation language, Proc. 1983 Summer
Comp. Simul. Conf., 1983, vol. 1, pp. 31-39.
The simulation of continuous systems, simulation languages in general and
CSSLIV in particular are discussed briefly, followed by a description
of the attempts made to create a more user friendly environment for the
CSSLIV implementation on the Honeywell Multics system at the University
of Calgary.
* MacLaren, M. Donald, Exception handling in PL/I, ACM SIGOPS Operating
Systems Review, 11, 2, April 1977 .
The PL/I language's facilities for handling exceptional conditions are
analyzed. The description is based on the new PL/I standard. Special
attention is given to fine points which are not well known. The
analysis is generally critical. It emphasizes problems in regards to
implementation and structured programming. A few suggestions for future
language design are offered.
* Michelsen, Christie D., Wayne D. Dominick, and Joseph E. Urban, A
methodology for the objective evaluation of the user/system interfaces
of the MADAM system using software engineering principles, Proceedings
of the 18th annual Southeast regional conference, Tallahassee, Florida,
pp 103 - 109. ISBN:0-89791-014-1
* Montgomery, W. A., Measurements of Sharing in Multics, ACM Operating
Systems Review 11, 5, Proc ACM 6th SOSP, West Lafayette, IN, November
1977.
There are many good arguments for implementing information systems as
distributed systems. These arguments depend on the extent to which
interactions between machines in the distributed implementation can be
minimized. Sharing among users of a computer utility is a type of
interaction that may be difficult to provide in a distributed system.
This paper defines a number of parameters that can be used to
characterize such sharing. This paper reports measurements that were
made on the M.I.T. Multics system in order to obtain estimates of the
values of these parameters for that system. These estimates are upper
bounds on the amount of sharing and show that although Multics was
designed to provide active sharing among its users, very little sharing
actually takes place. Most of the sharing that does take place is
sharing of system programs, such as the compilers and editors.
* Moon, David A., MacLISP Reference Manual, Revision 0, Project MAC,
Massachusetts Institute of Technology, April 8, 1974.
From Herbert Stoyan Collection on LISP Programming, Lot Number X5687.2010
* Morgan, D., The Multics System, IEEE Trans on Communications 21 10, Oct
1973, pp 1166-1167.
(A book review of Organick's book.) "The miracle is that it works and
provides a level of service sufficient for customers of Honeywell to
buy it and M.I.I users to use it. Nevertheless, there must be a better
way to achieve an information utility than such a complex system as
Multics."
* Mullen, R. E., Automated merging of software modifications, Proc
Honeywell Software Productivity Symposium, April 1977.
Parallel modification of software modules by different programming teams
is an inherent problem of large scale system software efforts. In the
Multics Project experiment and analysis have lead to the development of
an interactive program, merge_ascii, which competently merges related
texts.
* Nandigam, Jagadeesh, EMT : an interactive expert system for Multics
tuning, Thesis USL, 1987.
* NCSC staff, Department of Defense Trusted Computer System Evaluation
Criteria, the "Orange Book", December 1985. DOD 5200.28-STD
The trusted computer system evaluation criteria defined in this document
classify systems into four broad hierarchical divisions of enhanced
security protection. They provide a basis for the evaluation of
effectiveness of security controls built into automatic data processing
system products. The criteria were developed with three objectives in
mind: (a) to provide users with a yardstick with which to assess the
degree of trust that can be placed in computer systems for the secure
processing of classified or other sensitive information; (b) to provide
guidance to manufacturers as to what to build into their new, widely-
available trusted commercial products in order to satisfy trust
requirements for sensitive applications; and (c) to provide a basis for
specifying security requirements in acquisition specifications. Two
types of requirements are delineated for secure processing: (a)
specific security feature requirements and (b) assurance requirements.
Some of the latter requirements enable evaluation personnel to
determine if the required features are present and functioning as
intended. The scope of these criteria is to be applied to the set of
components comprising a trusted system, and is not necessarily to be
applied to each system component individually. Hence, some components
of a system may be completely untrusted, while others may be
individually evaluated to a lower or higher evaluation class than the
trusted product considered as a whole system. In trusted products at
the high end of the range, the strength of the reference monitor is
such that most of the components can be completely untrusted. Though
the criteria are intended to be application-independent, the specific
security feature requirements may have to be interpreted when applying
the criteria to specific systems with their own functional
requirements, applications or special environments (e.g.,
communications processors, process control computers, and embedded
systems in general). The underlying assurance requirements can be
applied across the entire spectrum of ADP system or application
processing environments without special interpretation.
* Neumann, P. G., The role of motherhood in the pop art of system
programming, Proc Second ACM SOSP, October 1969.
Numerous papers and conference talks have recently been devoted to the
affirmation or reaffirmation of various common-sense principles of
computer program design and implementation, particularly with respect
to operating systems ad to large subsystems such as language
translators. These principles are nevertheless little observed in
practice, often to the detriment of the resulting systems. This paper
attempts to summarize the most significant principles, to evaluate
their applicability in the real world of large multi-access systems,
and to assess how they can be used more effectively.
* Neumann, P. G., R. J. Feiertag, K. N, Levitt, and L. Robinson, Software
Development and Proofs of Multi-Level Security, ICSE, 1976.
This paper summarizes current research at SRI aimed at developing secure
operating systems and verifying certain critical properties of these
systems. It is seen that proofs of design properties can be relatively
straightforward when the design is specified in suitable formal
specification language. These proofs demonstrate the correspondence
between the desired properties and a specification of the system
design. Various on-line tools aid considerably in this process. In
addition, correctness proofs for implementations of such systems are
now feasible, because of both various theoretical advances and the use
of supporting tools.
* Norberg, Arthur L., An interview of Fernando Corbato, conducted by
Arthur L. Norberg on 18 April 1989 and 14 November 1990, Charles
Babbage Institute call number OH 162.
* Oke, Tom, Multics Through the Looking Glass, HLSUA Formu XXXI, October
1980.
This paper deals with some of the problems encountered at The University
of Calgary during the tuning and optimization of system performance. It
presents some of the characteristics to be found in both the scheduling
system and the virtual memory environment of Multics, and attempts to
put forward a heuristic model of system action to permit a tuner to
improve performance.
* Oldfield, Homer R., King of the Seven Dwarfs: General Electric's
Ambiguous Challenge to the Computer Industry, IEEE Computer Society,
May 1996. ISBN 0818673834
* O'Neill, Judy E., 'Prestige Luster' and 'Snow-Balling Effects': IBM's
Development of Computer Time-Sharing, IEEE Annals of the History of
Computing Vol. 17, No. 2: Summer 1995, pp. 50-54. 1995.
In the middle 1960s IBM responded to pressure from its most prestigious
customers to hasten the development and availability of computer time-
sharing systems. When MIT and Bell Laboratories chose General Electric
computers for their new time-sharing system, IBM management feared that
the ?prestige luster? of these customers would lead other customers to
demand the same capabilities and that there would be a ?snow-balling?
effect as more customers rejected IBM computers. IBM worked on a time-
sharing product and brought it to market by the end of the decade
despite greater-than-expected costs. Meanwhile MIT, Bell Laboratories,
and GE worked together on a new time-sharing system known as Multics.
By examining IBM?s role in and response to the development of time-
sharing, this article illustrates the nontechnological criteria that
even high-technology companies use to decide what products to develop
and market.
* Organick, E. I., The Multics System: An Examination of its Structure,
M. I. T. Press, Cambridge MA, 1972. ISBN 0-262-15012-3
Multics as it was in the 60s. Reprint available from M. I. T. Press.
This volume provides an overview of the Multics system developed at
M.I.T.--a time-shared, general purpose utility like system with third-
generation software. The advantage that this new system has over its
predecessors lies in its expanded capacity to manipulate and file
information on several levels and to police and control access to data
in its various files. On the invitation of M.I.T.'s Project MAC,
Elliott Organick developed over a period of years an explanation of the
workings, concepts, and mechanisms of the Multics system. This book is
a result of that effort, and is approved by the Computer Systems
Research Group of Project MAC.
In keeping with his reputation as a writer able to explain technical
ideas in the computer field clearly and precisely, the author develops
an exceptionally lucid description of the Multics system, particularly
in the area of "how it works." His stated purpose is to serve the
expected needs of designers, and to help them "to gain confidence that
they are really able to exploit the system fully, as they design
increasingly larger programs and subsystems."
The chapter sequence was planned to build an understanding of
increasingly larger entities. From segments and the addressing of
segments, the discussion extends to ways in which procedure segments
may link dynamically to one another and to data segments. Subsequent
chapters are devoted to how Multics provides for the solution of
problems, the file system organization and services, and the segment
management functions of the Multics file system and how the user may
employ these facilities to advantage. Ultimately, the author builds a
picture of the life of a process in coexistence with other processes,
and suggests ways to model or construct subsystems that are far more
complex than could be implemented using predecessor computer
facilities.
This volume is intended for the moderately well informed computer user
accustomed to predecessor systems and familiar with some of the Multics
overview literature. While not intended as a definitive work on this
living, ever-changing system, the book nevertheless reflects Multics as
it has been first implemented, and should reveal its flavor, structure
and power for some time to come.
* Ossanna, J. F., and J. H. Saltzer, Technical and human engineering
problems in connecting terminals to a time-sharing system, AFIPS Conf
Proc 37 (1970 FJCC), 355-362, 1970.
* Ossanna, J. F., L. Mikus, and S. D. Dunten, Communications and input-
output switching in a multiplexed computing system, AFIPS Conf Proc 27,
231-242, 1965.
This paper discusses the general communications and input/output
switching problems in a large-scale multiplexed computing system.
* Padlipsky, M. A., New Multics network software features, Nov 1972. RFC
411
* Padlipsky, M. A., Multics sampling timeout change, Feb 1973. RFC 450
* Padlipsky, M. A., Multics address change, Nov 1973. RFC 590
* Pandolf, MA, Implementing Forth for the multics operating system,
Journal of FORTH Application and Research archive Volume 3 , Issue 2
1986.
* Parks, Lee S., The Design and Implementation of a Multi-Programming
Virtual Memory Operating System for a Mini-Computer, B.S. thesis MIT,
May 1979.
Magic 6 was a paged, segmented, dynamic linked, operating system for the
Interdata series of mini-computers inspired by Multics.
* Perron, Richard Theodore, Establishing a data channel between Multics
and a communications processor., Thesis MIT, 1971.
36 pages
* Peterson, John Raymond, Contour model in Multics, Massachusetts
Institute of Technology. Dept. of Electrical Engineering and Computer
Science. Thesis. 1975. B.S..
* Podlaska-Lando, S., Implementation and evaluation of interval
arithmetic software: Report 2: The Honeywell MULTICS System, Technical
report - U.S. Army Engineer Waterways Experiment Station, 1979. NTIS
B0006X47Z0
This is Report 2 of a series entitled Implementation and Evaluation of
Interval Arithmetic Software. Interval arithmetic can be used to
determine the precision of the arithmetic required to guarantee a given
precision in the results of an algorithm. In general, whether using
interval or regular arithmetic, the greater the precision the longer
the run time required for a given algorithm. A 56 decimal digit version
of the original MULTICS interval package was implemented on the MULTICS
system. It is concluded that the use of single precision and 56 decimal
digit extended precision interval arithmetic can, at times, be
extremely useful. The testing showed that, when using the 56 decimal
digit data type, much better bounds were obtained for the results than
when using the single precision interval data type.
* Powell, Kit, Evolution of networks using standard protocols, Computer
Communications, Volume 3, Issue 3, July 1980, Pages 117-122.
doi:10.1016/0140-3664(80)90069-9
The UK South West Universities Computer Network (SWUCN) was implemented
on a homogenous set of computers, before the emergence of accepted
standard protocols for networking. The paper outlines problems of
evolving from this network to a heterogeneous one, in which standard
protocols are used. A particular application of the strategy involved
is described that includes the implementation of a network connection
using the X.25 Recommendation on the Honeywell Multics system.
* Pozzo, M. M., Life Cycle Assurance for Trusted Computer Systems: a
Configuration Management Strategy for Multics, 7th DOD/NBS Computer
Security Conf, September 1984.
* Pugh, Emerson et al., IBMs 360 and early 370 systems, no date.
* Radin, George, The early history and characteristics of PL/I, August
1978 SIGPLAN Notices , Volume 13 Issue 8.
Source material for a written history of PL/I has been preserved and is
available in dozens of cartons, each packed with memos, evaluations,
language control logs, etc. A remembered history of PL/I is retrievable
by listening to as many people, each of whom was deeply involved in one
aspect of its progress. This paper is an attempt to gather together and
evaluate what I and some associates could read and recall in a few
months. There is enough material left for several dissertations. The
exercise is important, I think, not only because of the importance of
PL/I, but because of the breadth of its subject matter. Since PL/I took
as its scope of applicability virtually all of programming, the
dialogues about its various parts encompass a minor history of computer
science in the middle sixties. There are debates among numerical
analysts about arithmetic, among language experts about syntax, name
scope, block structure, etc., among systems programmers about multi-
tasking, exception handling, I/O, and more.
* Ramprasad, B. S., A design and implementation of a hierarchical data
store as a front end to Multics relational data store, Computer
Science, University of Calgary, 1980.
114 pages
* Rautenberg, Lee Howard, A data communications tutorial and a MULTICS-
minicomputer program transfer operating system., MIT thesis, 1972.
87 pages
* Reynolds, G. E., Multics Security Evaluation. Volume IV. Exemplary
Performance Under Demanding Workload, Electronic Systems Div Hanscom
AFB Mass November, 1976. NTIS AD-A038 231/7
* Ritchie, D. M., The evolution of the UNIX time-sharing system, Bell
System Technical Journal 63, 8, Oct 1984.
This paper presents a brief history of the early development of the Unix
operating system. It concentrates on the evolution of the file system,
the process-control mechanism, and the idea of pipelined commands. Some
attention is paid to social conditions during the development of the
system.
* Ritchie, D. M., The development of the C language, ACM SIGPLAN Notices
28, 3, 201-208 (ACM HOPL-II Conf), March 1993.
The C programming language was devised in the early 1970s as a system
implementation language for the nascent Unix operating system. Derived
from the typeless language BCPL, it evolved a type structure; created
on a tiny machine as a tool to improve a meager programming
environment, it has become one of the dominant languages of today. This
paper studies its evolution.
* Rus, T., Data Structures and Operating Systems, John Wiley & Sons,
Chichester, 1979.
* Sabonnadiere, J., G. Meunier, and B. Morel, FLUX: A general interactive
finite elements package for 2D electromagnetic fields, IEEE Trans on
Magnetics 18, 2, Mar 1982, pp 624-626.
Achievement of finite element methods leads nowadays to the development
of general purpose packages. FLUX, developed by the Laboratoire
d'Electrotechnique de l'Institut National Polytechnique de Grenoble is
an interactive system in which graphic facilities are combined with a
convenient command language to allow a high level of conversational
use. FLUX is made of three independent programs : a pre-precessor :
ENTREE for geometrical, physical and finite element descriptions of the
model, the computation processor RESOL in which equations occurring
from finite elements are solved, and, finally EXPLOI, the post-
processor for flux plots, field visualisation, forces and torques. FLUX
is implemented under the conversational system MULTICS on the HB68
computer of the Centre Inter-universitaire de Calcul de Grenoble. It is
available in France through TRANSRAC, the french computer network, and
in all western EUROPE through EURONET.
* Saltzer, J. H., A simple linear model of demand paging performance,
Commun. ACM 17, 4, April, 1974.. Project MAC memo M0131, November 1972
Predicting the performance of a proposed automatically managed multilevel
memory system requires a model of the patterns by which programs refer
to the information stored in the memory. Some recent experimental
measurements on the Multics virtual memory suggest that, for rough
approximations, a remarkably simple program reference model will
suffice. The simple model combines the effect of the information
reference pattern with the effect of the automatic management algorithm
to produce a ...
* Saltzer, J. H., and J. F. Ossanna, Remote terminal character stream
processing in Multics, AFIPS Conf Proc 36 (1970 SJCC), 621-627, 1970.
Project MAC memo M0121, March 1970
This paper describes system design and human engineering considerations
pertinent to the processing of the character stream between a remote
terminal and a general-purpose, interactive computer system. The
Multics system is used to provide examples of: terminal escape
conventions which permit input of a full character set from a limited
terminal, single character editing for minor typing mistakes, and
reformatting of input text to produce a canonical stored form. A formal
description of the Multics canonical form for stored character strings
appears in an appendix.
* Saltzer, J. H., and J. W. Gintell, The instrumentation of Multics,
Commun. ACM 13, No. 8, 495-500, August 1970.
An array of measuring tools devised to aid in the implementation of a
prototype computer utility is discussed. These tools include special
hardware clocks and data channels, general purpose programmed probing
and recording tools, and specialized measurement facilities. Some
particular measurements of interest in a system which combines demand
paging with multiprogamming are described in detail. Where appropriate,
insight into effectiveness (or lack thereof) of individual tools is
provided.
* Saltzer, J. H., Some Observations about Decentralization of File
Systems, IEEE COMPCON, pages 163-164, September 1971. Multics
repository document M0128, May 1971
An array of measuring tools devised to aid in the implementation of a
prototype computer utility is discussed. These tools include special
hardware clocks and data channels, general purpose programmed probing
and recording tools, and specialized measurement facilities. Some
particular measurements of interest in a system which combines demand
paging with multiprogamming are described in detail. Where appropriate,
insight into effectiveness (or lack thereof) of individual tools is
provided.
* Saltzer, J. H., Protection and the control of information sharing in
the Multics system, Commun. ACM 17, 7, July 1974.
The design of mechanisms to control the sharing of information in the
Multics system is described. Five design principles help provide
insight into the tradeoffs among different possible designs. The key
mechanisms described include access control lists, hierarchical control
of access specifications, identification and authentication of users,
and primary memory protection. The paper ends with a discussion of
several known weaknesses in the current protection mechanism design.
* Saltzer, J. H., and M. D. Schroeder, The protection of information in
computer systems, Proceedings of the IEEE. Vol. 63, No. 9 (September
1975), pp. 1278-1308.
This seminal paper collected and established many the of the fundamental
principles and terms used in computer security over the last three
decades. In addition to the eight "Saltzer/Schroeder Design Principles"
and other basic principles of information protection in section 1, it
provides an overview of descriptor-based protection systems in section
2, and surveys the state of the art in section 3. Although the paper
dates from 1974, most of it is still highly relevant to systems being
designed today.
ABSTRACT: This tutorial paper explores the mechanics of protecting
computer-stored information from unauthorized use or modification. It
concentrates on those architectural structures--whether hardware or
software--that are necessary to support information protection. The
paper develops in three main sections. Section I describes desired
functions, design principles, and examples of elementary protection and
authentication mechanisms. Any reader familiar with computers should
find the first section to be reasonably accessible. Section II requires
some familiarity with descriptor-based computer architecture. It
examines in depth the principles of modern protection architectures and
the relation between capability systems and access control list
systems, and ends with a brief analysis of protected subsystems and
protected objects. The reader who is dismayed by either the
prerequisites or the level of detail in the second section may wish to
skip to Section III, which reviews the state of the art and current
research projects and provides suggestions for further reading.
* Saltzer, J. H., Ongoing research and development on information
protection, ACM Operating Systems Review 8, 3, pp. 8-24, July, 1974.
* Saltzer, J. H., Naming and binding of objects, in R. Bayer, R. M.
Graham, and G. Seegmuller (eds.), Operating Systems: An Advanced
Course, Springer Verlag, New York, 1979, pp. 99-208. [Appendix A: Case
Study of Naming in Multics, pp. 193-208.] 1979.
* Saltzer, J. H., On the modeling of paging algorithms, ACM Forum,
Commun. ACM 19, 5, May 1976.
* Saltzer, J. H., Technical possibilities and problems in protecting data
in computer systems, in Dierstein et al., eds, Datenschutz und
Datensicherung, J. P. Bachem Verlag, Cologne, 1976.
* Salus, Peter H., A Quarter Century of UNIX, Addison Wesley, 1994.
* Sawatzky, Don L., REMAPP Multics programmer's guide, Open-file report /
U.S. Department of the Interior, Geological Survey, 1980.
* Schaefer, Marvin, If A1 is the Answer, What was the Question? An Edgy
Naif's Retrospective on Promulgating the Trusted Computer Systems
Evaluation Criteria, Proceedings of the 20th Annual Computer Security
Applications Conference, 2004.
This paper provides an introspective retrospective on the history and
development of the United States Department of Defense Trusted Computer
System Evaluation Criteria (TCSEC). Known to many as the Orange Book,
the TCSEC contained a distillation of what many researchers considered
to be the soundest proven principles and practices for achieving graded
degrees of sensitive information protection on multiuser computing
systems. While its seven stated evaluation classes were explicitly
directed to standalone computer systems, many of its authors contended
that its principles would stand as adequate guidance for the design,
implementation, assurance, evaluation and certification of other
classes of computing applications including database management systems
and networks. The account is a personal reminiscence of the author, and
concludes with a subjective assessment of the TCSEC's validity in the
face of its successor evaluation criteria.
* Scheffler, Lee J., Optimal folding of a paging drum in a three level
memory system, Proceedings of the fourth symposium on Operating system
principles, January 1973.
This paper describes a drum space allocation and accessing strategy
called "folding", whereby effective drum storage capacity can be traded
off for reduced drum page fetch time. A model for the "folded drum" is
developed and an expression is derived for the mean page fetch time of
the drum as a function of the degree of folding. In a hypothetical
three-level memory system of primary (directly addressable), drum, and
tertiary (usually disk) memories, the tradeoffs among drum storage
capacity, drum page fetch time, and page fetch traffic to tertiary
memory are explored. An expression is derived for the mean page fetch
time of the combined drum-tertiary memory system as a function of the
degree of folding. Measurements of the MULTICS three-level memory
system are presented as examples of improving multi-level memory
performance through drum folding. A methodology is suggested for
choosing the degree of folding most appropriate to a particular memory
configuration.
* Schell, R. R., Effectiveness -- the Reason for a Security Kernel,
Proceedings of the National Computer Conference, 1974, pp. 975-976.
1974.
* Schell, Roger R., Peter J. Downey, and Gerald J. Popek, Preliminary
Notes on the Design of Secure Military Computer Systems, The MITRE
Corporation, Bedford, MA 01730 (Jan. 1973). MCI-73-1
The military has a heavy responsibility for protection of information in
its shared computer systems. The military must insure the security of
its computer systems before they are put into operational use. That is,
the security must be "certified", since once military information is
lost it is irretrievable and there are no legal remedies for redress.
Most contemporary shared computer systems are not secure because
security was not a mandatory requirement of the initial hardware and
software design. The military has reasonably effective physical,
communication, and personnel security, so that the nub of our computer
security problem is the information access controls in the operating
system and supporting hardware. We primarily need an effective means
for enforcing very simple protection relationships, (e.g., user
clearance level must be greater than or equal to the classification
level of accessed information); however, we do not require solutions to
some of the more complex protection problems such as mutually
suspicious processes. Based on the work of people like Butler Lampson
we have espoused three design principles as a basis for adequate
security controls:
* Complete Mediation -- The system must provide complete mediation of
information references, i.e., must interpose itself between any
reference to sensitive data and accession of that data. All references
must be validated by those portions of the system hardware and software
responsible for security.
* Isolation -- These valid operators, a "security kernel," must be an
isolated, tamper-proof component of the system. This kernel must
provide a unique, protected identity for each user who generates
references, and must protect the reference-validating algorithms.
* Simplicity -- The security kernel must be simple enough for effective
certification. The demonstrably complete logical design should be
implemented as a small set of simple primitive operations and system
database structures that can be shown to be correct.
These three principles are central to the understanding of the
deficiencies of present systems and provide a basis for critical
examination of protection mechanisms and a method for insuring a system
is secure. It is our firm belief that by applying these principles we
can have secure shared systems in the next few years.
* Schell, Roger R., Information Security: Science, Pseudoscience, and
Flying Pigs, Proceedings 17th Annual Computer Security Applications
Conference, 2001, pp 205-216. DOI 10.1109/ACSAC.2001.991537
The state of the science of information security is astonishingly rich
with solutions and tools to incrementally and selectively solve hard
problems. In contrast, the state of the actual application of science,
and the general knowledge and understanding of existing science, is
lamentably poor. Still we face a dramatically growing dependence on
information technology, e.g., the Internet, that attracts a steadily
emerging threat of well-planned, coordinated hostile attacks. A series
of hard-won scientific advances gives us the ability to field systems
having verifiable protection, and an understanding of how to powerfully
leverage verifiable protection to meet pressing system security needs.
Yet, we as a community lack the discipline, tenacity and will to do the
hard work to effectively deploy such systems. Instead, we pursue
pseudoscience and flying pigs. In summary, the state of science in
computer and network security is strong, but it suffers unconscionable
neglect.
* Schiller, W. L., K. J. Biba, and E. L. Burke, A preliminary
specification of a Multics security kernel, MITRE Corp, Bedford MA,
April 1975. WP-20119
* Schiller, W. L., Design and Abstract Specification of a Multics
Security Kernel, MITRE Corp Bedford MA, 1977. NTIS AD-048 576
* Schiller, W. L. et al., Top level specification of a Multics security
kernel, MITRE Corp, Bedford MA, July 1976. WP-20810
* Schiller, W. L., Preliminary Specification of the Answering Service,
Multics design note 33, MITRE Corp, Bedford MA, 1976.
* Schroeder, M. D., and J. H. Saltzer, A hardware architecture for
implementing protection rings, Proc ACM Third SOSP, 42-54, October
1971. Commun. ACM 15, 3, pp.157-170, March 1972. also repository M0126
Protection of computations and information is an important aspect of a
computer utility. In a system which uses segmentation as a memory
addressing scheme, protection can be achieved in part by associating
concentric rings of decreasing access privilege with a computation.
This paper describes hardware processor mechanisms for implementing
these rings of protection. The mechanisms allow cross-ring calls and
subsequent returns to occur without trapping to the supervisor.
Automatic hardware ...
* Schroeder, M. D., Engineering a security kernel for Multics, ACM
Operating Systems Review 9, 5, pp. 25-32, Proc ACM 5th SOSP, November,
1975.
This paper describes a research project to engineer a security kernel for
Multics, a general-purpose, remotely accessed, multiuser computer
system. The goals are to identify the minimum mechanism that must be
correct to guarantee computer enforcement of desired constraints on
information access, to simplify the structure of that minimum mechanism
to make verification of correctness by auditing possible, and to
demonstrate by test implementation that the security kernel so
developed is capable of supporting the functionality of Multics
completely and efficiently. The paper presents the overall viewpoint
and plan for the project and discusses initial strategies being
employed to define and structure the security kernel.
* Schroeder, M. D., Performance of the GE-645 associative memory while
Multics is in operation, Proc ACM SIGOPS Workshop on System Performance
Evaluation, Harvard, April 1971.
The Multiplexed Information and Computing Service (Multics) of Project
MAC at M.I.T. runs on a General Electric 645 computer system. The
processors of this hardware system contain logic for both paging and
segmentation of addressable memory. They directly accept two-part
addresses of the form (segment number, word number) which they
translate into absolute memory addresses through a series of indexed
table lookups. To speed this address translation each processor
contains a small, fast associative memory which remembers the most
recently used address translation table entries. This paper reports the
results of performance measurements on this associative memory. The
measurements were made by attaching an electronic counter directly to a
processor while Multics was in operation, and were taken for several
associative memory sizes. The measurements show that for the observed
load 16 associative registers are enough.
* Schroeder, M. D., D. D. Clark, and J. H. Saltzer, The Multics kernel
design project, ACM Operating Systems Review 11, 5, Proc ACM 6th SOSP,
West Lafayette, IN, November 1977. MIT LCS RFC 140
We describe a plan to create an auditable version of Multics. The
engineering experiments of that plan are now complete. Type extension
as a design discipline has been demonstrated feasible, even for the
internal workings of an operating system, where many subtle intermodule
dependencies were discovered and controlled. Insight was gained into
several tradeoffs between kernel complexity and user semantics. The
performance and size effects of this work are encouraging. We conclude
that ...
* Sebring, Michael M., Eric W. Shellhouse, Mary E. Hanna, and R. Alan
Whitehurst, Expert Systems in Intrusion Detection: A Case Study, Proc
11th NCSC, Baltimore, USA: NBS/NCSC: pp.74-81, October 17, 1988.
Describes MIDAS (Multics Intrusion Detection and Alerting System).
* Sekino, A., Response time distribution of multiprogrammed time-shared
computing systems, Sixth Annual Princeton Conf on Information Sciences
and Systems, Princeton, March 1972.
* Sekino, A., Throughput analysis of multiprogrammed virtual-memory
computer systems, Proceedings of the 1973 ACM SIGME symposium .
A model of paging behavior of programs under multiprogramming and a model
of dual processor multi-memory processing system with virtual memory
are developed. Combining these two models, it is possible to evaluate
the throughput of multiprogrammed virtual-memory computer systems
realistically. Numerical results obtained by these models are then
compared with the measurement data of the Multics system of M.I.T.
Finally, the effect of multiprogramming and sharing upon a system's
throughput is numerically evaluated.
* Shafer, Fred J., Multilevel Computer Security Requirements of the World
Wide Military Command and Control System (WWMCCS), LCD-78-106, April 5,
1978.
The World Wide Military Command and Control System (WWMCCS) is a
composite of military command facilities, communications, warning
systems, and computers located throughout the world to support military
command and control activities. A followup review was conducted to
determine whether the multilevel computer security requirements of
WWMCCS were being properly provided for by the Department of Defense
(DOD) and if Air Force efforts to solve this problem had been properly
considered by DOD. At the time of the review, WWMCCS officials had not
endorsed or supported Air Force efforts on multilevel computer security
even though the Air Force had demonstrated a potential for resolving
the shortcomings of WWMCCS software. However, the Air Force terminated
its efforts to develop multilevel computer security because of
insufficient financing. The Departments of the Army and Navy also have
a need for multilevel security in their computerized systems and had
been waiting for the developed capability by the Air Force. The
apparent need for a multilevel security system and the lack of a
concentrated effort to meet it, as well as cancellation of the Air
Force program which showed promise of meeting this need, resulted from
a lack of centralized responsibility and authority for development of a
multilevel system. An office within the Office of the Secretary of
Defense should be given budget authority and responsibility for:
control of all computer security research and development in DOD;
review and approval of computer security requirements for all three
services; review and approval of all computer security specifications,
methodologies, and procurements; and review and approval of all long-
range plans for WWMCCS and the services.
* Sibert, Olin, mxload - Read Multics Backup Tapes, HLSUA FORUM, 1988.
* Sibert, W. Olin, and Robert W. Baldwin, The Multics encipher_
Algorithm, Cryptologia, Volume 31, Issue 4 October 2007, pages 292 -
304.
A fast software block encryption algorithm with a 72-bit key was written
by (then) Major Roger R. Schell (United States Air Force) in April 1973
and released as part of the source code for the Multics operating
system. The design of the Multics encipher_ algorithm includes features
such as variable data-dependent rotations that were not published until
the 1990s - 20 years after the Multics cipher. This article describes
the history and details of the Multics encipher_algorithm and how it
was used for Key Generation, File Encryption, and Password Hashing. A
cryptographic analysis of the algorithm has not been performed,
although similarities are noted with algorithms such as XTEA, SEAL, and
RC5.
* Spafford, Eugene H., UNIX and Security: The Influences of History,
Information Systems Security. Auerbach Publications. 4-3. 1995.
Unix has a reputation as an operating system that is difficult to secure.
This reputation is largely unfounded. Instead, the blame lies partially
with the traditional use of Unix and partially with the poor security
consciousness of its users. Unix's reputation as a nonsecure operating
system comes not from design flaws but from practice. For its first 15
years, Unix was used primarily in academic and computer industrial
environments --- two places where computer security has not been a
priority until recently. Users in these environments often configured
their systems with lax security, and even developed philosophies that
viewed security as something to avoid. Because they cater to this
community, (and hire from it) many Unix vendors have been slow to
incorporate stringent security mechanisms into their systems. This
paper describes how the history and development of Unix can be viewed
as the source of many serious problems. Some suggestions are made of
approaches to help increase the security of your system, and of the
Unix community.
* Speckman, Wendy S., Multics STATPAC user handbook: Part 2, a guide with
examples to basic statistical programs and more advanced general
operation, U.S. Geological Survey, 1983.
* Spicer, Robert A., MAGIC, computer programs for paleontologists
available on MULTICS, Reports-Open file series - United States
Geological Survey, 1980.
* Spier, M. J., and E. I. Organick, The Multics inter-process
communication facility, Proc ACM Second SOSP, 83-91, October 1969.
Essential to any multi-process computer system is some mechanism to
enable coexisting processes to communicate with one another. The basic
inter-process communication (IPC) mechanism is the exchange of messages
among independent processes in a commonly accessible data base and in
accordance with some pre-arranged convention.By introducing several
system wide conventions for initiating communication, and by utilizing
the Traffic Controller it is possible to expand the basic IPC mechanism
into a general purpose IPC facility. The Multics IPC facility is an
extension of the central supervisor which assumes the burden of
managing the shared data base and of respecting the IPC conventions,
thus providing a simple and easy way for the programmer to use the
interface.
* Spratt, Lindsey L., The transaction resolution journal: extending the
before journal, ACM SIGOPS Operating Systems Review, Volume 19 Issue 3,
July 1985.
* Stachour, Paul, and David Collier-Brown, You Don!t Know Jack About
Software Maintenance, Communications of the ACM, Vol. 52 No. 11, Pages
54-58, Nov 2009.
Long considered an afterthought, software maintenance is easiest and most
effective when built into a system from the ground up.
* Stamen, Jeffrey P., and Robert M. Wallace, Janus: a data management and
analysis system for the behavioral sciences, ACM CSC-ER, Proc 1973
national conference, 1973.
This paper describes the Janus data management and analysis system which
has been designed at the Cambridge Project. A prototype of Janus is
currently running on the Multics time-sharing system at M.I.T. The data
model for the design of Janus is very general and should be usable as a
model for data handling in general, as well as for Janus in particular.
The Janus command language is an English-like language based on
procedural functions - such as define, display, and delete - which act
on logical objects from the data model, such as datasets, attributes
and entities. For example, delete-attribute, define-attribute and
define-dataset are all commands. The implementation of Janus is
interesting for a number of reasons: it runs on the Multics system
which has segmented and paged memory; it is based almost entirely on
datasets (tables), which describe each other as well as themselves; and
it is organized in a functionally modular way that is often talked
about, but less often done.
* Stanke, Edward C., II, An Associative Processor Study, The RADCAP
Project, Rept. for 1 Sep 72-30 Nov 76, Rome Air Development Center,
Griffiss AFB N Y, Feb 1978. DTIC ADA052717
The underlying objective of the Rome Air Development Center Associative
Processor (RADCAP) Project is to investigate solutions to data
processing problems which strain conventional approaches due to high
data rates and heavy processing requirements. One group of data
processing functions, those inherent in the USAF Airborne Warning and
Control System (AWACS, now called the E-3A), have been chosen as being
representative of this class of problems. This report describes the
results of a five-year project which involved the implementation of the
AWACS functions on the RADCAP testbed system which consists of a STARAN
S-1000P associative processor interfaced to a Honeywell Information
Systems 645-MULTICS computer (later upgraded to a HIS 6180). Based on
these results, the key characteristics of an associative processor to
handle this type of problem are identified and some general conclusions
as to the applicability of associative/parallel processing to real-
world, real-time processing problems are drawn. The report also makes
some general statements concerning the future of associative/parallel
processing.
* Stein, Arthur, Processor and memory allocation in multics and TSS,
Thesis (M.B.A.)--Bernard M. Baruch College, 1977.
* Stern, J. A., Multics Security Kernel Top Level Specification, ESD-TR-
76-368, Honeywell Information Systems Inc Mclean Va Federal Systems
Operations, November 1976. NTIS AD-A060 000/7
Air Force Systems Command terminated the effort which this document
describes before the effort reached its logical conclusion. This report
is incomplete but was published in the interest of capturing and
disseminating the computer security technology that was available at
the time of the termination.
* Stern, J. A., Discretionary Access Control, memo, 15 March 1976.
* Steuert, James, and Jay Goldman, The relational data management system:
A perspective, SIGFIDET 1974: Proceedings of the 1974 ACM SIGFIDET (now
SIGMOD) workshop on Data description, access and control.
In this paper, the functional capabilities and economic features of the
Relational Data Management System (RDMS) are discussed. RDMS is a
generalized on-line data management system written in PL/1 for the
Multics operating system. The basic concepts of RDMS are introduced and
the similarities between the conventional file concept and the relation
concept are discussed. A data-base is shown to be a set of relations.
By generalizing the concept of field to be a property of the data-base,
and by labeling relations with the names of their columns (fields),
relations of a data-base may be implicitly linked by virtue of having a
common column or field name (the dataclass name). On-line commands for
operations on two such relations which yield a third result relation
are illustrated. Other facilities of RDMS, such as computational,
report-generation, and query-report packages are discussed. In RDMS,
the relation concept is implemented as a matrix of reference numbers
which refer to character string datums which are stored elsewhere in
distinct dataclass files. In addition to significant storage savings,
this allows a single representation-independent logical interface to
the storage and access of character string data. RDMS was developed
from graduate work done at M.I.T. by L. A. Kraning and A. I. Fillat in
1970 and is now being used by the administrative departments at M.I.T.
* Teichroew, D., A. Hershey, and S. Spewak, User Requirements Language
(URL) User's Manual. Part I. (Description) H6180/Multics/Version 3.2.,
Michigan Univ Ann Arbor Dept of Industrial and Operations Engineering,
200 pages, F19628-76-C-0197, ESD TR-78-127-VOL-1. NTIS ADA054096
This report is part of a series that deals with a Computer-Aided Design
and Specification Analysis Tool (CADSAT). The purpose of the tool is to
describe the requirements for information processing systems and to
record such descriptions in machine-processable form. The major
components of CADSAT are the User Requirements Language (URL) and the
User Requirements Analyzer (URA) which can operate in an interactive
computer environment. This report describes how the formal URL may be
used to define systems. It explains the language statements available,
their use and application on a Honeywell 6180 Multics Computer.
* Teichroew, D., A. Hershey, and S. Spewak, User Requirements Language
(URL) User's Manual. Part II. (Reference) H6180/Multics/Version 3.2.,
Michigan Univ Ann Arbor Dept of Industrial and Operations Engineering,
450 pages, F19628-76-C-0197. ESD TR-78-127-VOL-2
This report is part of a series that deals with a Computer-Aided Design
and Specification Analysis Tool (CADSAT). Its purpose is to describe
the requirements for information processing systems and to record such
descriptions in machine-processable form. The major components of
CADSAT are the User Requirements Language (URL) and the User
Requirement Analyzer (URA) which can operate in an interactive computer
environment. In parts I and II, this report describes how the formal
URL may be used to define systems. It explains the language statements
available, their use and application on a Honeywell 6180 Multics
Computer. This manual describes the User Requirements Language (URL) to
be used with Version 3.2 of the User Requirements Analyzer (URA). Part
I gives a detailed description of the URL statements available and
their use. Part II is a reference manual which gives the proper syntax
for each statement.
* Turner, Richard, An interactive simulator for MATHILDA-RIKKE on
multics: Concept, design and implementation, Computer Science Dept.,
University of Southwestern, Louisiana, 1977.
* US Deputy Assistant Secretary of Defense, Wartime Manpower Planning
System ADP System Users Manual, DoD 1100-19-M, March 1987.
* Van Vleck, T. H., An example of industry-university cooperation:
Multics, Proc IRIA Tenth Anniversary Conf, Paris, June 1978.
* Van Vleck, T. H., and C. T. Clingen, Implementation of security
concepts in a large-scale operating system, Proc Honeywell Security
Symposium, Monaco, December 1980.
* Van Vleck, T. H., and C. T. Clingen, The Multics system programming
process, Proc IEEE COMPCON 78, Atlanta, May 1978.
Reprinted in IEEE Tutorial on Software Maintenance, 1981. Features of the
Multics system programming process lead to high programmer productivity
with a small programming staff and a finished system with high software
reliability. Other workers' predictions of increasing difficulty of
system maintenance with time have not been observed; reasons for this
are suggested.
* Van Vleck, T. H., Control of access to computer system resources, Proc
IEEE COMPCON 74, San Francisco, February 1974.
* Van Vleck, T. H., The administration and management of Multics, Project
MAC Multics Symposium, January 1971.
* Van Vleck, Tom, Electronic Mail and Text Messaging in CTSS, 1965-1973,
IEEE Annals of the History of Computing Vol. 34, No. 1: January-March
2012, pp. 4-6. DOI 10.1109/MAHC.2012.6
My colleague Noel Morris and I implemented both an electronic mail
command and a text messaging facility for the Massachusetts Institute
of Technology's Compatible Time-Sharing System (CTSS) in 1965.
* Vestal, Stanley Curtis, Diane Anderson, and Henry Nirsberger,
GCOS/Multics File Transfer Facility, Honeywell Information Systems Inc
Minneapolis Minn, 440 pages, F30602-73-C-0327, RADC TR-75-137. NTIS
ADA013109
Rome Air Development Center currently operates two R and D computer
facilities: an HIS GCOS system and an HIS Multics system. Another Air
Force site also operates both a GCOS and a Multics installation. In
both cases, the GCOS system has preceded the Multics system by several
years. There is thus a large GCOS user applications and data files.
Many of these users desire to transfer these programs, applications,
and data files from the GCOS environment to the Multics environment in
order to take advantage of the unique design features of the Multics
system. To facilitate this transfer, and to make the process as simple
and easy to use as possible, Rome Air Development Center contracted
with Honeywell Information Systems to specify, design, and implement
procedures and software to provide an integrated capability for the
transfer of information, programs, and procedures from the GCOS to the
Multics environment. This technical report describes the activities
conducted in the performance of this contract.
* Vestal, Stanley Curtis, and Henry Nirsberger, GCOS/Multics File
Transfer Tool., Honeywell Information Systems Inc Minneapolis Minn, 157
pages, F30602-75-C-0162, RADC TR-75-312. NTIS ADA019748
The effort described in this report consisted of enhancements to the
GCOS/Multics File Transfer Facility which was developed under contract.
The facility provides for the transfer of data files from the GCOS
environment to the Multics environment. In particular, data base and
file backup facilities, performance monitoring instrumentation, and
Inner Ring Program/Data Protection have been added.
* Vestal, S. C., T. Krocak, H. S. Schwenk, and A. Levy, Virtual Machine
Monitor Performance Analysis, Honeywell Information Systems Inc
Minneapolis Minn, 178 pages, F30602-77-C-0097, RADCTR-78-251. NTIS
ADA065087
This report describes the H6180 Virtual Machine Monitor Performance
Analysis. Included as part of this report is a description of the
Virtual Machine Monitor. This report also includes an approach for
enhancing the baseline VMM functionality by use of a service machine to
control peripheral sharing. The actual experimentation performed in
this effort identifies the feasibility of a VMM in a Programming
Environment and the performance tradeoffs required for its optimized
utilization.
* Vinograd, D. R., What's a system to do? -- Assuring system data
integrity, Proc IEEE Conf, September 1971.
* Vyssotsky, V. A., F. J. Corbato, and R. M. Graham, Structure of the
Multics Supervisor, AFIPS Conf Proc 27, 203-212, 1965.
This paper is a preliminary report on a system which has not yet been
implemented. Of necessity, it therefore reports on status and
objectives rather than on performance.
* Wade, W., M. Mortara, P. Leong, and V. Frost, Interactive Communication
Systems Simulation Model--ICSSM, IEEE Journal on Selected Areas in
Communications 2, 1, Jan 1984, pp 102-128.
The design of ICSSM, a nonreal time computer-aided simulation and
analysis tool for communications systems, is presented, ICSSM is
capable of supporting modeling, simulation, and analysis of any system
representable in terms of a network of multiport functional blocks. Its
applicability is limited only by the modeler's ingenuity to decompose
the system to functional blocks and to represent these functional
blocks algorithmically. ICSSM has been constructed modularly,
consisting of five subsystems to facilitate the tasks of formulating
the model, exercising the model, evaluating and showing the simulation
results, and storing and maintaining a library of modeling elements,
analysis, and utility subroutines. It is written exclusively in ANSI
Standard Fortran IV language, and is now operational in a Honeywell DPS
7/80 M computer under the MULTICS Operating System. Description of a
recent simulation using ICSSM and some generic modules of general
interest developed as a result of the modeling work are also presented.
* Walden, David, and Tom Van Vleck, Compatible Time Sharing System (1961-
1973) Fiftieth Anniversary Commemorative Overview, IEEE Computer
Society, Washington DC, 2011. 3MB
The IEEE Computer Society History Committee prepared a document in June
2011 in honor of the 50th anniversary of CTSS, edited by Dave Walden
and Tom Van Vleck. It contains an extensive bibliography and interviews
with Corby, Marge Daggett, Bob Daley, Peter Denning, David Alan Grier,
Dick Mills, Roger Roach, Allan Scherr, and Tom Van Vleck.
* Walden, David, Fernando Corbato, IEEE Annals of the History of
Computing Vol. 34, No. 1: January-March 2012, pp. 83-87. DOI
10.1109/MAHC.2012.8
An interview with Corby by Dave Walden, IEEE History Commitee
* Waldrop, M. Mitchell, The Dream Machine: J. C. R. Licklider and the
Revolution That Made Computing Personal, Viking Press, 2001.
The history of time-sharing and networks and ARPA's part in supporting
the activities. It has one or two chapters which focus on CTSS and
Multics. It also includes the saga of PARC.
* Walter, K. G., J. M. Gilligan, S. I. Schaen, W. F. Ogden, W. C. Rounds,
D. G. Shumway, D. D. Schaeffer, K. J. Biba, F. T. Bradshaw, and S. R.
Ames, Structured specification of a Security Kernel, Proceedings of the
SIGPLAN international conference on Reliable software, pp 285 - 293,
Los Angeles, California, 1975.
Certifying an entire operating system to be reliable is too large a task
to be practicable. Instead, we are designing a Security Kernel which
will provide information security. The kernel's job is to monitor
information flow in order to prevent compromise of security. Sound
design is encouraged by using a technique called Structured
Specification, in which successively more detailed models of the
Security Kernel are developed. The initial model, M0, is an abstract
description which formalizes governmental security applied to computer
systems. Subsequent levels of modeling provide increasingly more
detail, and gradually the models begin to resemble a particular system
(Multics in this case). The second model, M1, defines a tree-structured
file system, and an interagent communication system while M2 adds
details concerning segmentation in a dynamic environment. It is
intended that the final level of modeling will specify the primitive
commands for the kernel of a Multics-like system and will enumerate
precisely those assertions which must be proved about the
implementation in order to establish correctness.
* Walter, K. G., W. F. Ogden, W. C. Rounds, F. T. Bradshaw, S. R. Ames,
and D. G. Shumway, Primitive Models for Computer Security, 23 January
1974, Case Western Reserve University, Cleveland, OH: HQ Electronic
Systems Division, Hanscom AFB, MA.. ESD-TR-74-117
* Watson, R., Time-Sharing System Concepts, McGraw Hill, 1970.
* Webber, Steven H., Oral History of Fernando Corbato conducted by Steven
Webber on February 1, 2006, Computer History Museum reference number
X3438.2006.
Fernando CorbatĂ³ reviews his early educational and naval experiences in
the Eddy program during World War II. CorbatĂ³ attended Cal Tech and
MIT, where he received his PhD under the tutelage of Professor Phil
Morse and worked with Whirlwind. A detailed exploration of CorbatĂ³'s
time-sharing systems projects including the Compatible Time-Sharing
System (CTSS), Project MAC, and Multics completes the oral history.
* Weeldreyer, J. A., and O. D. Friesen, Multics Relational Data Store: An
Implementation of a Relational Data Base Manager, Proc 11th Hawaii Intl
Conf on System Sciences, Vol 1, pp. 52-66. 1978.
* Weizenbaum, Pm, Creating a campus on-line news system, Proceedings of
the 4th annual international conference on Systems documentation .
Information Systems, MIT's campus-wide computing service organization,
recently reorganized and strengthened its resources. Out of this recent
effort came the decision to explore several ways of reporting on the
expanded range of systems and services we offer. One service that
central computing facilities must provide is timely notice of changes
to the supported systems. This paper presents the design and
implementation of Information Systems' "On-Line News System", which
keeps users updated about changes in the wide variety of services
offered by Information Systems.
* Whiteside, Thomas, Computer Capers: Tales of Electronic Thievery,
Embezzlement, and Fraud, New York: Thomas Y. Crowell Co., NY, 1978.
ISBN 0-690-01743-X
* Whitmore, Jerold, Andre Bensoussan, Paul Green, Douglas Hunt, Andrew
Kobziar, and Jerry Stern, Design for Multics security enhancements, ESD
AFSC Hanscom AFB Mass, 1974. ESD-TR-74-176
The results of a 1973 security study of the Multics Computer System are
presented detailing requirements for a new access control mechanism
that would allow two levels of classified data to be used
simultaneously on a single Multics system. The access control policy
was derived from the Department of Defense Information Security
Program. The design decisions presented were the basis for subsequent
security enhancements to the Multics system.
* Whitmore, J., A. Bensoussan, P. Green, D. Hunt, and A. Kobziar, Design
for Multics Security Enhancements, Honeywell Information Systems Inc.,
Cambridge Mass,, December 1973. NTIS AD-A030 801/5
The results of a 1973 security study of the Multics computer system are
presented detailing requirements for a new access control mechanism
that would allow two levels of classified data to be used
simultaneously on a single Multics system. The access control policy
was derived from the Department of Defense Information Security
Program. The design decisions presented were the basis for subsequent
security enhancements to the Multics system.
* Withington, P. T., Design and Abstract Specification of a Multics
Security Kernel, Volume 2, MITRE Corp Bedford MA, March 1978. NTIS AD-
A053 148/3
* Withington, P. T., A Secure Flat File System for Multics, MITRE Corp
Bedford MA. no date.
* Wolman, B. L., Debugging PL/I programs in the Multics environment,
AFIPS Conf Proc 41, Part I, (1972 FJCC), 507-514, AFIPS Press, 1972.
One of the popular misconceptions concerning PL/I is that programs
written in PL/I are necessarily inefficient and hard to debug. Several
years experience with the Multics PL/I compiler running on the
Honeywell 645 has shown that in spite of the apparent complexity of the
PL/I language, PL/I programs are easily debugged in the Multics
environment, even by novice users who are newcomers to PL/I and are
unfamiliar with the Honeywell 645. In most cases the user can debug his
program symbolically without having to refer to a listing of the
generated instructions or add debugging output statements to the
program. This is due to a number of factors: * the run-time environment
provided by the system. * the implementation of PL/I. * the
availability of a variety of powerful debugging facilities.
* Woodward, J. P. L., Design and Abstract Specification of a Multics
Security Kernel. Volume 3, MITRE Corp Bedford MA, March 1978. NTIS AD-
A053 149/1
* Yntema, Douwe B., Arthur P. Dempster, John P. Gilbert, John C. Klensin,
Wren M. McMains, William Porter, Jeffrey P. Stamen, and Raymond A.
Wiesen, The Cambridge Project's Consistent System, Proceedings of the
ACM annual conference, August 1972.
One of the main goals of the Cambridge Project is a Consistent System of
programs, data, and models for use in the behavioral sciences. A
framework for the System has been constructed on the Multics time-
sharing system at M.I.T., and a collection of programs has begun to
accumulate within it. This session will be devoted to that framework
and to three examples of subsystems that are being fitted into it. They
will be described briefly, and the reasons why they are expected to be
more useful when surrounded by the rest of the Consistent System will
be discussed.
* Yntema, Douwe B., The Cambridge Project: Computer Methods for Analysis
and Modeling of Complex Systems, Massachusetts Institute of Technology,
AD-783 626, pp. 1-29 , Feb. 1974. DTIC AD0783626
The Cambridge Project is a cooperative effort by a number of scientists
at M.I.T. and Harvard; its purpose is to make the digital computer more
useful and usable by scientists in the basic and applied behavioral
sciences, and in other sciences that have similar computing problems.
The most notable single achievement of the half year covered in this
report was the transfer of the entire Consistent System from the old
Multics computer, which was a Honeywell 645, to a new Multics computer,
a Honeywell 6180, and the subsequent transfer to another 6180 operated
by the Air Force Data Services Center.
Newspaper & magazine articles about Multics
* Fano, Robert M., Excerpts from "The MAC System: A Progress Report",
IEEE Annals of the History of Computing, vol. 14, no. 2, pp. 10-11,
Apr-Jun, 1992.
* Fano, Robert M., The Computer Utility and the Community, IEEE Annals of
the History of Computing, vol. 14, no. 2, pp. 39-41, Apr-Jun, 1992.
* Frankston, Robert M., Nonhistory of IBM Time-Sharing, (letter), IEEE
Annals of the History of Computing, vol. 18, no. 3, pp. 72-73, Fall,
1996.
Yes, Multics was a market failure but not because the market had changed.
It was because Honeywell (which bought out the GE computer division)
worked hard not to sell it. ...Did the world pass Multics by? As noted
above, Honeywell wounded it and then eventually killed it. But Unix,
though weak as an implementation of Multics, has achieved great success
in the marketplace.
* Gedda, Rodney, CIO Blast from the Past: 40 years of Multics, 1969-2009,
CIO.
October 2009 marked an important milestone in the history of computing.
It was exactly 40 years since the first Multics computer system was
used for information management at the Massachusetts Institute of
Technology.
* Kornel, Amiel, Honeywell decision puts Groupe Bull in sticky situation,
Computerworld Vol. XX, No. 2, p 15, January 13, 1986.
* Korzeniowski, Paul, Honeywell phasing out Multics line, Computerworld,
Vol. XX, No. 2, p 1, January 13, 1986.
* Lee, J. A. N., Robert Rosin, F. J. Corbato, R. M. Fano, M. Greenberger,
J. C. R. Licklider, D. T. Ross, and A. L. Scherr, The Project MAC
Interviews, IEEE Annals of the History of Computing, vol. 14, no. 2,
pp. 14-35, Apr-Jun, 1992.
On the day following the Celebration of the 25th anniversary of Project
MAC held in Cambridge on October 16 and 17, 1988, two small groups of
participants in the developments of CTSS and Project MAC met to
exchange recollections about their activities. These interviews are
separated into two parts, concentrating on each of the two
developmental stages of time-sharing, although it was impossible to
strictly maintain the separation since the discussions naturally
overlapped the time periods. By choice, the interviewers guided the
discussion to concentrate on the more personal and background aspects
of this history, since the technological history has been well
documented in the open literature.
* Lee, J. A. N., Time-Sharing at MIT: Introduction, IEEE Annals of the
History of Computing vol. 14, no. 1, pp. 13-15, Jan.-Mar. 1992.
Introduction to an issue describing the beginnings of time-sharing at
MIT.
* Metcalfe, Bob, Internet services moving us back toward Multics utility
computing of old, InfoWorld, October 18, 1999.
* Schell, R. R., "Computer Security: The Achilles' Heel of the Electronic
Air Force", Air University Review, January - February 1979, p. 16,
1979.
It is not easy to make a computer system secure, but neither is it
impossible. The greatest error is to ignore the problem.
* staff, Honeywell introduces commercial version of its large Multics
computer system, Wall Street Journal, p 9, January 18, 1973.
* staff, FORD WEIGHING HONEYWELL BOYCOTT?, Datamation, In the LOOK AHEAD
column, p. 10., June 1, 1986.
* Verity, John W., Multics users face their maker, Datamation, Vol. 32,
No. 9, 102-112, May 1, 1986.
* Whiteside, Thomas, Dead Souls in the Computer, The New Yorker, 29 Aug
1977, pp 59-62.
Videos
* Corbato, Fernando J., Timesharing: A Solution to Computer Bottlenecks,
John Fitch, MIT Science Reporter, May 16, 1963. (27:38 video)
Aired on WGBH-TV Boston. The initial sequence shows the CTSS account of
M1416 786 (Bob Daley) running a square root program.
* Fano, Robert M., Prof. Fano explaining scientific computing, ARPA film.
(9:28 video)
Short film from 1964 taken in Prof. Fano's Project MAC office. He uses
CTSS from an Model 35 Teletype.
MIT Project MAC TRs and TMs
Source: LCS document handed out at the Project MAC 25th reunion, updated
by Jerry Saltzer 5/8/98. The Library 2000 project at MIT scanned many
old MAC TRs and the images were available on a server provided by the
MIT libraries.
See also the LCS on-line list of publications.
* Bawden, Alan, Glenn S. Burke, and Carl W. Hoffman, MacLisp Extensions,
MAC-TM-203, July 1981.
* Benedict, Gordon, An Enciphering Module for Multics, MAC-TM-50 (Lucifer
for Multics), 7-1-1974.
* Bratt, R. G., Minimizing the naming facilities requiring protection in
a computer utility, MAC-TR-156 (S.M. thesis), September 1975. 6.5M
This thesis examines the various mechanisms for naming the information
objects stored in a general-purpose computing utility, and isolates a
basic set of naming facilities that must be protected to assure
complete control over user interaction and that allow desired
interactions among users to occur in a natural way. Minimizing the
protected naming facilities consistent with the functional objective of
controlled, but natural, user interaction contributes to defining a
security kernel for a general-purpose computing utility. The security
kernel is that complex of programs that must be correct if control on
user interaction is to be assured. The Multics system is used as a test
case, and its segment naming mechanisms are redesigned to reduce the
part that must be protected as part of the supervisor. To show that
this smaller protected naming facility can still support the complete
functionality of Multics, a test implementation of the design is
performed. The new design is shown to have a significant impact on the
size and complexity of the Multics supervisor.
* Clark, D. D., R. M. Graham, J. H. Saltzer, and M. D. Schroeder, The
classroom information and computing service, MAC-TR-80, January 1971.
This report describes the Classroom Information and Computing Service
(Clics), a pedagogical computer-based information system that is used
as a case study in the subject "Information Systems" in the Department
of Electrical Engineering at M.I.T. Clics is an abstraction of the
Multiplexed Information and Computing Service (Multics) that is being
implemented by Project MAC at M.I.T. As such, it is an example of a
computer utility. Clics is derived from Multics by a combination of
simplifying the mechanisms of Multics and removing some of its more
exotic features; and embodies research into ways to simplify the
mechanisms of Multics without sacrificing service objectives. This
report is a specification of the hardware, control programs, and system
implementation language of the Clics system, as developed to date. The
system is specified in sufficient detail for students to develop a
structural as well as a functional understanding of its operation and
mechanisms. As the primary case study for an undergraduate subject,
Clics provides specific examples of the complexities in a general
purpose information system, and methods of coping with them.
* Clark, D. D., An input-ouput architecture for virtual memory computer
systems, MAC-TR-117 (Ph.D. thesis), January 1974. 7.2M
In many large systems today, input/output is not performed directly by
the user, but is done interpretively by the system for him, which
causes additional overhead and also restricts the user to whatever
algorithms the system has implemented. Many causes contribute to this
involvement of the system in user input/output, including the need to
enforce protection requirements, the inability to provide adequate
response to control signals from devices, and the difficulty of running
devices in a virtual environment, especially a virtual memory. The goal
of this thesis was the creation of an input/output system which allows
the user the freedom of direct access to the device, and which allows
the user to build input/output control programs in a simple and
understandable manner. This thesis presents a design for an
input/output subsystem architecture which, in the context of a
segmented, paged, time-shared computer system, allows the user direct
access to input/output devices. This thesis proposes a particular
architecture, to be used as an example of a class of suitable designs,
with the intention that this example serve as a tool in understanding
the large number preferable form.
* Clark, D. D., Ancillary reports: kernel design project, MAC-TM-87, June
1977.
contents:
* Repaired Security Bugs in Multics (2/7/73) by J. H. Saltzer. (reprint
of RFC-5)
* A Census of Ring 0 (9/5/73) by V. L. Voydock (reprint of RFC-37)
* Some Multics Security Holes which were Closed by 6180 Hardware
(1/28/74) by J. H. Saltzer, P. A. Janson, D. H. Hunt (reprint of RFC-
46)
* Some Recently Repaired Security Holes of Multics (1/28/74) by J. H.
Saltzer, D. H. Hunt (reprint of RFC-47)
* Patterns of Security Violations: Multiple References to Arguments
(11/8/74) by H. C. Forsdick, D. P. Reed (reprint of RFC-59)
* A Two-Level Implementation of Processes for Multics (9/8/76) by R. M.
Frankston (reprint of RFC-123)
* Further Results with Multi-Process Page Control (2/9/77) by R. F. Mabee
(reprint of RFC-135)
See individual entries for the RFCs.
* Corbato, F. J., System requirements for multiple-access, time-shared
computers, MAC-TR-3, May 1964. 907K
It is now clear that it is possible to create a general-purpose time-
shared multiple access system on most contemporary computers. However,
it is equally clear that none of the existent computers are well
designed for multiple access systems. At present, good service to a few
dozen simultaneous users is considered state-of-the-art. Discussions
include: clocks, memory protection and supervisor mode, program
relocation and common subroutines which expose the reader to the
difficulties encountered with contemporary machines when multiple user
multiple-processor systems are considered.
* Deitel, H. M., Absentee computations in a multiple-access computer
system, MAC-TR-52 (S.M. thesis), August 1968. 4.0M
* Denning, P. J., Resource allocation in multiprocess computer systems,
MAC-TR-50 (Ph.D. Thesis), May 1968. 6.1M
* Denning, P. J., Queueing models for file memory operations, MAC-TR-21
(S.M. Thesis), May 1965. 2.3M
A model for the auxiliary memory function of a segmented, multiprocessor,
time-shared computer system is set up. A drum system in particular is
discussed, although no loss of generality is implied by limiting the
discussion to drums. Particular attention is given to the queue of
requests waiting for drum use. It is shown that a shortest access time
first queue discipline is the most efficient, with the access time
being defined as the time required for the drum to be positioned, and
is measured from the finish of service of the last request to the
beginning of the data transfer for the present request. A detailed
study of the shortest access time queue is made, giving the minimum
access time probability distribution, equations for the number in the
queue, and equations for the wait in the queue. Simulations were used
to verify these equations; the results are discussed. Finally, a
general Markov Model for Queues is discussed in an Appendix.
* Dennis, J. B., and E. C. Van Horn, Programming semantics for
multiprogrammed computations, MAC-TR-21, 1966. 2.3M
* Dennis, J. B., Program structure in a multi-access computer, MAC-TR-11,
May 1964. 1.3M
* Fillat, A. I., and A. L. Kraning, Generalized organization of large
data-bases: a set-theoretic approach to relations, MAC-TR-70 (S.M. and
S.B. thesis), June 1970. 5.5M
* Forsdick, H. C., and D. P. Reed, Patterns of Security Violations:
Multiple References to Arguments, CSR-RFC-59, Nov 8 1974.
part 5 of MAC-TM-87
* Frankston, R. M., A Two-Level Implementation of Processes for Multics,
CSR-RFC-123, Sep 8 1976.
part 6 of MAC-TM-87
* Frankston, R. M., The computer utility as a marketplace for computer
services, MAC-TR-128 (S.M. & E.E. thesis), May 1974. 5.8M
* Gifford, D., Hardware estimation of a process's primary memory
requirements, MAC-TM-81 (S.B. Thesis), May, 1976. 2.3M
* Graham, R. M., File management and related topics, MAC-TM-12, September
1970. 2.3M
* Graham, R. M., Use of high level language for systems programming, MAC-
TM-13, September 1970. 938K
* Greenbaum, H. J., A simulator of multiple interactive users to drive a
time-shared computer system, MAC-TR-58 (S.M. Thesis), October 1968.
3.5M
* Greenberg, B. S., An experimental analysis of program reference
patterns in the Multics virtual memory, MAC-TR-127 (S.M. thesis), May
1974. 8.4M
This thesis reports the design, conducting, and results of an experiment
intended to measure the paging rate of a virtual memory computer system
as a function of paging memory size. This experiment, conducted on the
Multics computer system at MIT, a large interactive computer utility
serving an academic community, sought to predict paging rates for
paging memory sizes larger than the existent memory at the time. A
trace of all secondary memory references for two days was accumulated,
and simulation techniques applicable to "stack" type page algorithms
(of which the least-recently-used discipline used by Multics is one)
were applied to it. A technique for interfacing such an experiment to
an operative computer utility in such a way that adequate data can be
gathered reliably and without degrading system performance is
described. Issues of dynamic page deletion and creation are dealt with,
apparently for the first reported time. The successful performance of
this experiment asserts the viability of performing this type of
measurement on this type of system. The results of the experiment are
given, which suggest models of demand paging behavior.
* Grochow, J. M., The graphic display as an aid in the monitoring of a
time-shared computer system, MAC-TR-54 (S.M. thesis), November 1968.
2.3M
The problem of dynamic observation of the state of a time-shared computer
system is investigated. The Graphical Display Monitoring System was
developed as a medium for this experimental work. It is an integrated
system for creating graphic displays, dynamically retrieving data from
Multics Time-Sharing System supervisor data bases, and on-line viewing
of this data via the graphic displays. On-line and simulated
experiments were performed with various members of the Multics staff at
Project MAC in an effort to determine what data is most relevant for
dynamic monitoring, what display formats are most meaningful, and what
sampling rates are most desirable. The particular relevance of using a
graphic display as an output medium for the monitoring system is noted.
As a guide to other designers, a generalized description of the
principles involved in the design of this on-line, dynamic monitoring
device includes special mention of those areas of particular hardware
or software system dependence. Several as yet unsolved problems
relating to time-sharing system monitoring, including those of security
and data base protection, are discussed.
* Huber, A. R., A multi-process design of a paging system, MAC-TR-171
(S.M. thesis), December 1976. 5.7M
This thesis presents a design for a paging system that may be used to
implement a virtual memory on a large scale, demand paged computer
utility. A model for such a computer system with a multi-level,
hierarchical memory system is presented. The functional requirements of
a paging system for such a model are discussed, with emphasis on the
parallelism inherent in the algorithms used to implement the memory
management functions. A complete, multi-process design is presented for
the model system. The design incorporates two system processes, each of
which manages one level of the multi-level memory, being responsible
for the paging system functions for that memory. These processes may
execute in parallel with each other and with user processes. The multi-
process design is shown to have significant advantages over
conventional designs in terms of simplicity, modularity, system
security, and system growth and adaptability. An actual test
implementation on the Multics system was carried out to validate the
proposed design.
* Hunt, D. H., A case study of intermodule dependencies in a virtual
memory, system, MAC-TR-174 (S.M. thesis), December 1976. 5.5M
A problem currently confronting computer scientists is to develop a
method for the production of large software systems that are easy to
understand and certify. The most promising methods involve decomposing
a system into small modules in such a way that there are few
intermodule dependencies. In contrast to previous research, this thesis
focuses on the nature of the intermediate module dependencies, with the
goal of identifying and eliminating those that are found to be
unnecessary. Using a virtual memory subsystem as a case study, the
thesis describes a structure in which apparent dependencies can be
eliminated. Owing to the nature of virtual memory subsystems, many
higher level functions can be performed by lower level modules that
exhibit minimal interaction. The structuring methods used in this
thesis, inspired by the structure of the LISP world of atomic objects,
depend on the observation that a subsystem can maintain a copy of the
name of an object without being dependent upon the object manager.
Since the case study virtual memory subsystem is similar to that of the
Multics system, the results reported here should aid in the design of
similar sophisticated virtual memory subsystems in the future.
* Janson, P. A., Removing the dynamic linker from the security kernel of
a computing utility, MAC-TR-132 (S.M. thesis), June 1974. 6.8M
* Janson, P. A., Using type extension to organize virtual memory
mechanisms, MAC-TR-167 (Ph.D. thesis), September 1976. 9.1M
* Jones, Malcolm, Incremental Simulation on a Time-Shared Computer, MAC-
TR-48 (OPS/3 language), 1-1-1968. 7.5M
* Karger, P. A., Non-discretionary access control for decentralized
computing systems, MAC-TR-179 (S.M. thesis), May 1977. 3.8M
(Also available as NTIS AD-A040 808/8)
* Kent, Steve, Encryption-Based Protection Protocols For Interactive
User-Computer Communication, MAC-TR-162, 6-1-1976. 5.9M
This thesis develops a complete set of protocols, which utilize a block
cipher, e.g., the NBS data encryption standard, for protection
interactive user-computer communication over physically unsecured
channels. The use of the block cipher protects against disclosure of
message contents to an intruder, and the protocols provide for the
detection of message stream modification and denial of message service
by an intruder. The protocols include facilities for key distribution,
two-way login authentication, resynchronization following channel
disruption, and expedition of high priority messages. The thesis
presents designs for modules to implement the protocols, both in the
terminal and in a host computer system, and discusses the results of a
test implementation of the modules on Multics.
* Luniewski, A. W., A simple and flexible system initialization
mechanism, MAC-TR-180 (S.M. thesis), May 1977. 3.8M
* Mabee, R. F., Further Results with Multi-Process Page Control, CSR-RFC-
135, Feb 9 1977.
part 7 of MAC-TM-87
* Mason, A. H., A layered virtual memory manager, MAC-TR-177 (S.M. & E.E.
thesis), May 1977. 4.4M
* Montgomery, W. A., A secure and flexible model of process initiation
for a computer utility, MAC-TR-163 (S.M. & E.E. thesis), June 1976.
6.4M
This thesis demonstrates that the amount of protected, privileged code
related to process initiation in a computer utility can be greatly
reduced by making process creation unprivileged. The creation of
processes can be controlled by the standard mechanism for controlling
entry to a domain, which forces a new process to begin execution at a
controlled location. Login of users can thus be accomplished by an
unprivileged creation of a process in the potential user's domain,
followed by authentication of the user by an unprivileged initial
procedure in that domain. The thesis divides the security constraints
provided by a computer utility into three classes: Access control,
prevention unauthorized denial of service, and confinement. We develop
a model that divides process changing, resource control,
authentication, and environment initialization. We show which classes
of security constraints depend on each of these functions and show how
to implement the functions such that these are the only dependencies
present. The thesis discusses an implementation of process initiation
for the Multics computer utility based on the model. The major problems
encountered in this implementation are presented and discussed. We show
that this implementation is substantially simpler and more flexible
than that used in the current Multics system.
* Pitman, K. M., The Revised MacLisp Manual, MAC-TR-295, 1 Jun 1983.
MACLISP is a dialect of Lisp developed at M.I.T.'s Project MAC (now the
MIT Laboratory for Computer Science) and the MIT Artificial
Intelligence Laboratory for use in artificial intelligence research and
related fields. Maclisp is descended from Lisp 1.5, and many recent
important dialects (for example Lisp Machine Lisp and NIL) have evolved
from Maclisp. David Moon's original document on Maclisp, The Maclisp
Reference Manual (alias the Moonual ) provided in-depth coverage of a
number of areas of the Maclisp world. Some parts of that document,
however, were never completed (most notably a description of Maclisp's
I/O system); other parts are no longer accurate due to changes that
have occurred in the language over time. This manual includes some
introductory information about Lisp, but is not intended as tutorial.
It is intended primarily as a reference manual; particularly, it comes
in response to user's please for more up-to-date documentation. Much
text has been borrowed directly from the Moonual, but there has been a
shift in emphasis. While the Moonual went into greater depth on some
issues, this manual attempts to offer more in the way of examples and
style notes. Also, since Moon had worked on the Multics implementation,
the Moonual offered more detail about compatibility between ITS and
Multics Maclisp. While it is hoped that Multics users will still find
the information contained herein to be useful, this manual focuses more
on the ITS and TOPS-20 implementations since those were the
implementations most familiar to the author.
* Rappaport, R. L., Implementing multi-process primitives in a
multiplexed computer system, MAC-TR-55 (S.M. thesis), November 1968.
3.6M
In any computer system primitive functions are needed to control the
actions of processes in the system. This thesis discusses a set of six
such process control primitives which are sufficient to solve many of
the problems involved in parallel processing as well as in the
efficient multiplexing of system resources among the many processes in
a system. In particular, the thesis documents the work performed in
implementing these primitives in a computer system, the Multics system,
which is being developed at Project MAC of M.I.T. During the course of
work that went into the implementation of these primitives, design
problems were encountered which caused the overall design of the
programs involved to go through two iterations before the performance
of these programs was deemed acceptable. The thesis discusses the way
design of these program evolved over the course of work.
* Reed, D. P., Processor multiplexing in a layered operating system, MAC-
TR-164 (S.M. thesis), July 1976. 7.1M
This thesis presents a simply structured design for the implementation of
process in a kernel-structured operating system. The design provides a
minimal mechanism for the support of two distinct classes of processes
found in the computer system - those which are part of the kernel
operating system itself, and those used to execute user-specified
computations. The design is broken down into two levels, one which
implements a fixed number of virtual processors, which are then used to
run kernel processes, and are multiplexed to provide processes for user
computation. Eventcount primitives are provided, in order to provide a
simple unified interprocess control communication mechanism. The design
is intended to be used in the creation of a secure kernel for the
Multics Operating System.
* Richards, M., A. Evans, and R. Mabee, The BCPL reference manual, MAC-
TR-141, December 1974.
BCPL is a language which is readable and easy to learn, as well as
admitting of an efficient compiler capable of generating efficient
code. It is made self consistent and easy to define accurately by an
underlying structure based on a simple idealized object machine. The
treatment of data types is unusual and it allows the power and
convenience of a language with dynamically varying types and yet the
efficiency of FORTRAN. BCPL has been used successfully to implement a
number of languages and has proved to be a useful tool for compiler
writing. The BCPL compiler itself is written in BCPL and has been
designed to be easy to transfer to other machines; it has already been
transferred to more than ten different systems.
* Rodriguez Jr, H., Measuring user characteristics on the Multics system,
MAC-TM-89 (S. B. Thesis), August 1977.
* Saltzer, J. H., Traffic control in a multiplexed computer system, MAC-
TR-30 (Sc.D. Thesis), July, 1966. 3.3M
* Saltzer, J. H., Introduction to Multics, MAC-TR-123, February 1974.
14.2M
The Multics project was begun in 1964 by the Computer Systems Research
group of M.I.T. Project MAC. The goal was to create a prototype of a
computer utility. This technical report represents the Introduction to
the users manual for the Multics System. It is published in this form
as a convenient method of communications with researchers and students
of computer system design. It is divided into three major parts: 1)
Introduction to Multics, 2) Reference Guide to Multics and 3)
Subsystems Writers' Guide to Multics.
* Saltzer, J. H., Repaired Security Bugs in Multics, CSR-RFC-5, Feb 27
1973.
part 1 of MAC-TM-87
* Saltzer, J. H., P. A. Janson, and D. H. Hunt, Some Multics Security
Holes which were Closed by 6180 Hardware, CSR-RFC-46, Jan 28 1974.
part 3 of MAC-TM-87
* Saltzer, J. H., and D. H. Hunt, Some Recently Repaired Security Holes
of Multics, CSR-RFC-47, Jan 28 1974.
part 4 of MAC-TM-87
* Schell, R. R., Dynamic reconfiguration in a modular computer system,
MAC TR-86, 1971. 5.9M
This thesis presents an orderly design approach for dynamically changing
the configuration of constituent physical units in a modular computer
system. Dynamic reconfiguration contributes to high system availability
by allowing preventative maintenance, development of new operating
systems, and changes in system capacity on a non-interference basis.
The design presented includes the operating system primitives and
hardware architecture for adding and removing any (Primary or
secondary) storage module and associated processing modules while the
system is running. Reconfiguration is externally initiated by a simple
request from a human operator and is accomplished automatically without
disruption to users of the system. This design allows the modules in an
installation to be partitioned into separate non-interfering systems.
The viability of the design approach has been demonstrated by employing
it for a practical implementation of processor and primary memory
dynamic reconfiguration in the Multics system at M.I.T.
* Schroeder, M. D., Cooperation of mutually suspicious subsystems in a
computer utility, MAC-TR-104 (Ph.D. Thesis), September 1972. 4.9M
* Schroeder, M. D., D. D. Clark, J. H. Saltzer, and D. M. Wells, Final
report of the Multics kernel design project, MAC-TR-196, March 1978.
3.7M
* Sekino, A., Performance evaluation of multiprogrammed time-shared
computer systems, MAC-TR-103 (Ph.D. thesis), September 1972.
This thesis presents a comprehensive set of hierarchically organized
modular analytical models developed for the performance evaluation of
multiprogrammed virtual-memory time-shared computer systems using
demand paging. The hierarchy of models contains a user behavior model,
a secondary memory model, a program behavior model, a processor model,
and a total system model. This thesis is particularly concerned with
the last three models. The program behavior model developed in this
thesis allows us to estimate the frequency of paging expected on a
given processing system. The processor model allows us to evaluate the
throughput of a given multi-processor multi-memory processing system
under multiprogramming. Finally, the total system model allows us to
derive the response time distribution of an entire computer system
under study. Since all major factors (such as various system overhead
times and idle times) which may decrease a system's computational
capacity available for users' useful work are explicitly considered in
the analyses using the above models, the performance predicted by these
analyses is very realistic. A comparison of the performance of an
actual system, the Multics system of M.I.T., and the corresponding
performance predicted by these analyses confirms the accuracy of
performance prediction by these models. Then, these analyses are
applied to the optimization of computer systems and to the selection of
the best performing system for a given budget. The framework of a
performance evaluation using these hierarchically organized analytical
models guides human intuition in understanding the actual performance
problems and provides us with reliable answers to most of the basic
quantitative performance questions concerning throughput and response
time of actual modern large-scale time-shared computer systems.
* Smith, A. A., Input-output in time-shared, segmented multiprocessor
systems, MAC-TR-28 (S.M. thesis), June 1966. 1.5M
* Stern, J. A., Backup and recovery of on-line information in a computer
utility, MAC-TR-116 (S.M. & E.E. thesis), January 1974. 4.2M
This thesis describes a design for an automatic backup mechanism to be
incorporated in a computer utility for the protection of on-line
information against accidental or malicious destruction. This
protection is achieved by preserving on magnetic tape recent copies of
all items of information known to the on-line file system. In the event
of a system failure, file system damage is automatically assessed and
missing information is recovered from backup storage. For isolated
mishaps, users may directly request the retrieval of selected items of
information. The design of the backup mechanism presented in this
thesis is based upon existing backup mechanism contained in the Multics
system. As compared to the present Multics backup system, the new
design lessens overhead, drastically reduces recovery time from system
failures, eliminates the need to interrupt system operation for backup
purposes, and scales up significantly better with on-line storage
growth.
* Van Horn, E. C., Computer design for asynchronously reproducible
multiprocessing, MAC-TR-34 (Ph.D. thesis), November 1966. 7.3M
* Vogt, C. M., Suspension of processes in a multiplexed computer system,
MAC-TM-14, September 1970.
* Voydock, V. L., A Census of Ring 0, CSR-RFC-37, Sep 5 1973.
part 2 of MAC-TM-87
Multics Manuals
Published by Honeywell.
Al Kossow at bitsavers.org has scanned many Honeywell Multics manuals and
placed them online.
* 43A239851 DSS181-DSS190 Specification, May 1974 (5.5 MB pdf)
* 43A239854 600B IOM Specification, Jul 1975 (6.2 MB pdf)
* 58009906 DPS8 System Manual, Freestanding DPS8 Multics, Aug 1982 This
manual is intended as a general system review and maintenance aid for
TAC personnel in analyzing and diagnosing system problems beyond level
1 procedure. (4.4 MB pdf)
* 58009917 DPS8 CPU Installation Instructions, Aug 1984 Installation
instructions for a DPS8 CPU. Unpacking, inspection, cable routing, and
power-up. (1.5 MB pdf)
* 60132445 FEP Coupler Specification, Nov 1977 (3.7 MB pdf)
* AG90 Multics Programmer's Manual: Introduction to Programming on
Multics, Dec 1981 (7 MB pdf)
* AG91 Multics Programmer's manual: Reference Guide, Dec 1975 (11 MB pdf)
* AG91 Multics Programmer's manual: Reference Guide, Jan 1987 (36 MB pdf)
* AG92 Multics Programmer's manual: Commands and Active Functions, Feb
1980 861 pages. (39 MB pdf)
* AG92 Multics Programmer's manual: Commands and Active Functions, Nov
1987 (60 MB pdf)
* AG93 Multics Programmer's manual: Subroutines and I/O Modules, Nov 1986
(64 MB pdf)
* AG94 Multics PL/I Language Specification, Mar 1981 (14 MB pdf)
* AG95 The Multics Virtual Memory, Jun 1972 (reprint of Bensoussan,
Clingen, and Daley paper; "Access Control to the Multics Virtual
Memory"; and "Series 6000 Features for the Multics Virtual Memory") (11
MB pdf)
* AK15 The Multics System Summary Description, (brochure), 1974
* AK24 Multics Software Overview Product Brief, 1973
* AK26 Multics Model 6180 Hardware Product Brief, 1973
* AK27 The Multics System, (brochure), 1973
* AK27-2 The Multics System, (brochure), 1975
* AK27-3 The Multics System, (brochure), 1977
* AK50 Multics System Administrators' Manual, Feb 1973 An early version
of the MSAM. (4 MB pdf)
* AK50 Multics System Administrators' Manual, Dec 1987 The Trusted
Facilities Manual required for B2 certification is contained in Part VI
"Assuring System Security" and Appendix B "Audit Tables and Include
Files" of AK50-03 (Renamed the "Multics System Administration
Procedures Manual", May 1985). Part VI consists of Chapters 18 through
26 of the manual and provides guidelines for the system administrator
on how to manage Multics as a secure system. [info from Ed Ranzenbach]
(21 MB pdf)
* AK51 Multics Project Administrators' Manual, Feb 1985 (4 MB pdf)
* AK52 Multics Administrative Functions Product Brief, 1973
* AK92 Multics Programmer's manual: Subsystem Writer's Guide, Mar 1979
(20 MB pdf)
* AK95 Multics APL Users' Guide, Dec 1985 (11 MB pdf)
* AK96 Multics Programmer's manual: System Programmer's Supplement
* AL39 Multics Processor Manual, Nov 1985 461 pages. (18 MB pdf)
* AL39-01C Multics Processor Manual, Nov 1985 358 pages. (1.5 MB
searchable pdf thanks to Bob Mabee)
* AM81 Multics Operator's Handbook, Nov 1986 (29 MB pdf)
* AM82 Multics BASIC, Feb 1981 (29 MB pdf)
* AM82 Multics BASIC Update, Dec 1984 (2 MB pdf)
* AM83 Multics PL/I Reference Manual, Sep 1978 (31 MB pdf)
* AN05 GCOS Environment Simulator, Dec 1985 (6 MB pdf)
* AN50 Guide to Multics Manuals
* AN51 System Tools PLM, 1979 This Program Logic Manual (PLM) is not
structured in the same manner as most others in this series. The System
Tools PLM consists only of a number of command and subroutine
descriptions with no design motivation, implementation description, or
data structure description except what is needed to describe the use of
the command or subroutine as a tool. (source at web.mit.edu)
* AN52 Multics System Metering, Feb 1979 (5 MB pdf)
* AN53 Multics System Dump Analysis, June 1975 (5 MB pdf) (source at
web.mit.edu)
* AN54 PL/I Compiler PLM, Aug 1974 The PL/1 compiler translates a source
program written in the PL/1 language into an equivalent Multics
standard object segment. This compiler represents an implementation of
the PL/1 language as defined in the PL/1 Language Manual (Order No.
AG94). The entire compiler is written in the same language, and
therefore, is self reproducible. (source at web.mit.edu)
* AN57 Multics User Ring Input/Output System PLM, May 1977 (13 MB pdf)
(source at web.mit.edu)
* AN61 Multics Storage System: Program Logic Manual, Sep 1978 Internal
logic of the Multics Storage System. (23 MB pdf) (source at
web.mit.edu)
* AN63 Multics ALM Assembler SDN, February 1975 (1 MB pdf)
* AN69 Multics Message Segment Facility SDN, Oct 1979 (3 MB pdf) (source
at web.mit.edu)
* AN70 System Initialization Program Logic Manual, Feb 1975 (8 MB pdf)
* AN70 System Initialization Program Logic Manual, May 1984 (8 MB pdf)
(source at web.mit.edu)
* AN71 Reconfiguration Program Logic Manual, June 1974 (2 MB pdf)
* AN71 Reconfiguration Program Logic Manual, Apr 1977 (2 MB pdf) This
document describes the implementation and design of the Multics dynamic
reconfiguration software for the major hardware modules of the system.
This document is limited to processor, system controller and bulk store
memory reconfiguration although there are many more hardware and
software switchable modules in the system. (source at web.mit.edu)
* AN76 Multics Carry Facility, Feb 1981 (1 MB pdf)
* AN77 Multics GCOS Environment Simulator, Apr 1977 (source at
web.mit.edu)
* AN80 Level 68 & DPS8/M Library Maintenance SDN, May 1979 (6 MB pdf)
(source at web.mit.edu)
* AN82 Multics Standards SDN, June 1980 (3 MB pdf) Description of the
Standards, Conventions, and Guidelines Used in the Software and
Documentation of the Multics Operating System. (source at web.mit.edu)
* AN83 FORTRAN Compiler PLM, Mar 1979 The FORTRAN Program Logic Manual
(PLM) deals solely with the parse and semantic translation phases of
the Multics FORTRAN Compiler. (source at web.mit.edu)
* AN85 Multics Communication System SDN, Oct 1979 (14 MB pdf)
* AN87 Multics Hardware and Software Formats PLM, March 1980 (7 MB pdf)
(source at web.mit.edu)
* AR97 Multics System Diagnostic Aids, Dec 1983 (7 MB pdf)
* AS40 Multics Graphics System, Aug 1981 (12 MB pdf)
* AS43 Multics COBOL Users' Guide, Jul 1981 (12 MB pdf)
* AS44 Multics COBOL Reference Manual, Jul 1981 (20 MB pdf)
* AS68 Multics Administrator's Manual - Registration and Accounting
* AT58 Multics FORTRAN, Dec 1983 (8 MB pdf)
* AT59 Multics DFAST Subsystem Users' Guide, Mar 1976 (3 MB pdf)
* AT71 MSU0402 Manual, Oct 1983 (1 MB pdf)
* AU25 Multics FAST Subsystem Reference Guide, Sep 1979 (5 MB pdf)
* AU77 Multics Online Test and Diagnostics Reference Manual, Mar 1984 (7
MB pdf)
* AW17 Multics Pocket Guide: Commands and Active Functions, Apr 1976 (2
MB pdf)
* AW32 Multics SORT/MERGE, Jul 1976 (2 MB pdf)
* AW53 Multics Relational Data Store (MRDS) -- Reference Manual, Mar 1984
(15 MB pdf)
* AX31 VIP 72xx Operator Manual, May 1981 (3 MB pdf)
* AX49 Multics Peripheral Input/Output, Jul 1982 (10 MB pdf)
* AY03 MSU0500 Manual, Dec 1979 (1 MB pdf)
* AY34 Datanet Operator Manual, May 1980 (7 MB pdf)
* AZ03 System Programming Tools, (includes TECO), Jul 1982 (16 MB pdf)
* AZ49 Logical Inquiry and Update System (LINUS), Aug 1986 (7 MB pdf)
* AZ98 Multics WORDPRO Reference Guide, Jul 1983 (13 MB pdf)
* CC34 Multics Bulk Input/Output
* CC69 Multics Report Program Generator (MRPG) Reference Manual, Nov 1982
(7 MB pdf)
* CC70 FORTRAN Users' Guide, Dec 1983 (9 MB pdf)
* CC74 Multics Administrator's Manual - Resource Control
* CC75 Multics Administrator's Manual - Communications Administration,
Dec 1983 (6 MB pdf)
* CC75 Multics Administrator's Manual - Communications Administration,
Feb 1985 (6 MB pdf)
* CC92 Multics Communications Input/Output, Jul 1982 (8 MB pdf)
* CC96 Multics Transaction Processing Reference Manual, Jun 1979 (3 MB
pdf)
* CG18 Multics Remote Batch Facility (Level 68 to Level 6), Jul 1979 (2
MB pdf)
* CG40 QEDX Text Editor User's Guide, Feb 1983 (6 MB pdf)
* CH23 Multics Extended Mail System User's Guide, Feb 1982 (8 MB pdf)
* CH24 New Users' Introduction to Multics -- Part I, Nov 1979 (4 MB pdf)
* CH25 New Users' Introduction to Multics -- Part II, Nov 1979 (4 MB pdf)
* CH26 Multics Error Messages: Primer and Reference Manual, Sep 1980 ( MB
pdf)
* CH27 Emacs Manual, December 1979 (14 MB pdf)
* CJ27 Emacs Text Editor User's Guide, December 1979 (7.6 MB pdf)
* CJ52 Emacs Extension Writer's Guide, January 1980 (3.5 MB pdf)
* CJ52 Emacs Extension Writer's Guide, Jul 1982 (9.4 MB pdf)
* CJ97 Multics Page Processing System Utility Manual, May 1980 (1 MB pdf)
* CP31 Level 68 Introduction to Emacs
* CP50 Multics Text Editor (TED) Reference Manual, Oct 1985 (7 MB pdf)
* CP51 Multics Menu Creation Facilities, Feb 1985 (8 MB pdf)
* CP92 VIP7201 Reference Manual, Jul 1983 (6 MB pdf)
* CT38 Resource Control User Guide, Jun 1981 (3 MB pdf)
* CW99 PRU901 Manual, May 1982 (4 MB pdf)
* CX20 Fundamentals of Multics Executive Mail
* CX72 Executive Facilities Editing Operations Ref Card
* CY73 Inter-Multics File Transfer Facility Ref Manual, Dec 1983 (3 MB
pdf)
* CY74 Multics Forum Interactive Meeting System Users' Guide, Feb 1985
(10 MB pdf)
* CY93 PRU7070 Handbook, Dec 1982 (5 MB pdf)
* DB37 DSS190 Reference, May 1974 (2.6 MB pdf)
* DF48 Series 60 Level 68 DPS Pocket Guide, June 1978
* DJ18 Guide to Multics Wordpro for New Users
* DL92 Honeywell Multics Distributed Processing System, Summary Overview,
1982
* DL92 Multics brochure, 1982 (21.5 MB pdf)
* DS44 Honeywell Multics, (brochure), 1983
* DS45 Honeywell DPS8/Multics, (brochure), 1983
* DU06 Fundamentals of Multics Forum Interactive Meeting System
* DU34 DPS8 Site Preparation Manual, Jan 1986 (5 MB pdf)
* DV74 Texto Reference Manual
* DW19 Multics MegaCalc User's Guide
* DX71 Fundamentals of Multics Executive Forum
* F01 Introduction to Multics Course Notes, Oct 1978 (20 MB pdf)
* F15C Multics Course Notes F15C, Sep 1983 (7 MB pdf)
* F15D Multics Course Notes F15D, May 1981 (15 MB pdf)
* F21 Multics Course Notes F21, Jul 1981 (11 MB pdf)
* F80 Multics Course Notes F80, Mar 1983 (18 MB pdf)
* F86 Multics Course Notes F86 (7 MB pdf)
* F88 Multics Course Notes F88 (10 MB pdf)
* GA01 Multics Data Security, (brochure), 1983 Based on Dave Jordan's
article in Scientific Honeyweller, June 1981
* GB58 Multics Common Commands Manual, (GB18?), Feb 1983 (10 MB pdf)
* GB59 DPS 6/Multics Satellite 6M Reference Manual
* GB60 Multics HASP Service and Utility
* GB61 Operator's Guide to Multics, Dec 1987 (13 MB pdf)
* GB62 Multics Pascal User's Guide
* GB63 Multics Report Writer Reference Manual, Jan 1985 (5 MB pdf)
* GB64 Administration, Maintenance, and Operations Commands, Nov 1986 (26
MB pdf)
* GB65 Multics/Personal Computer File Transmission Facility
* GB66 Multics On-Line Work Station Environment User's Guide
* GL71 Multics Simplified Computing and Filing Facility
* GN08 Multics Emacs Reference Card
* HH07 Multics C User's Guide, Nov 1987 (7 MB pdf)
* YL77 Multics Cray Station Users' Guide
Multics Repository Documents
Internal design documents used by the development team in the 1960s.
Three series, M, G, and B, for MIT, GE, and Bell Labs. This table is
derived from TOC memos M0116, M0117, M0118, and M0119.
* B0005 EPL Design Journal #4, 08/09/65, McIlroy, M. D.
* B0008 FJCC: Structure of Multics Supervisor, 9/16/65, Vyssotsky, V. A.,
F. J. Corbato, and R. M. Graham
* B0009 FJCC: General Purpose File System, 09/16/65, Daley, R. C., and P.
G. Neumann
* B0010 FJCC: Communication in I/O Switching, 9/17/65, Ossanna, J. F., L.
Mikus, and S. D. Dunten
* B0021 Debugging and Multics (supersedes M0039), 11/09/65, Brown, W. S.
* B0039 Software Tools for Monitoring and Tracing in Multics, 02/15/66,
Gimpel, J. F.
* B0043 Big Computing and Multics, 03/30/66, McIlroy, M. D.
* B0044 EPL Manual -Reprint IBM Operating System/360 PL/I: Language
Specifications, 04/66, IBM
* B0045 A Proposed Outerview of Performance Monitoring in Multics,
04/13/66, Gimpel, J. F.
* B0057 Character Conversion for PRT-202 Line Printer, 05/10/66,
Vyssotsky, V. A.
* B0060 Fault Tags and the IT modifier in the 645 Processor, 06/03/66,
Tague, B. A.
* B0066 Proposed Context Editor Edit(Audit), 07/22/66, Kaiman, A.
* B0067 Some Thoughts and Ideas Pertaining to Tasking , 01/08/68, Farber,
D. J., and R. L. Wexelblat
* B0086 Compendium of PL/I (EPL) Run-Time Library, 06/15/17, Hyde, J. P.
* B0088 QED Text EdItor, 08/05/67, Thompson, K. L.
* B0095 Current History Permuted Index BTL/GE/MIT, 08/01/66, Serido, J.
* B0097 Current Permuted Index BTL/GE/MIT, 05/17/68, Serido, J.
* B0099 Obsolete Permuted Index BTL/GE/MIT, 05/17/68, Serido, J.
* B0100 The Multics Device Utility Package (DUP), OS/27/68, Jones, S. W.
* G0004 636 Simulation Package, 08/30/65, Ziegler, G. G.
* G0006 Free Standing GECOS - GIOC Version, nd, McGee, R. C.
* G0007 Proposal for Developing Multics Documentation, 10/11/65, Haig, H.
C., R. C. McGee, and B. A. Tague
* G0012 GE-645 Bootstrap Assembler(BSA), 01/01/66, anonymous
* G0013 Peripheral T and D Interface with 645 Software, 02/03/66,
Matthews, H. D.
* G0015 On-Line Testing in a 636 Time-Sharing System, 10/21/65, Mikus, L.
E.
* G0016 Memo on 645 Mnemonics, 01/18/66, McGee, R. C.
* G0029 Design Notebook Appendix C.Rev., 03/11/65, Oliver, G. A.
* G0030 Memo on Las Vegas Changes, 04/19/66, McGee, R. C.
* G0031 Definition of Inactive Mode in the GIOC, 04/20/66, McGee, R. C.
* G0034 645 Utility Program, 05/12/66, Hobbs, R. J., and R. M. Foster
* G0036 M50EB00131 -Performance Specification -Multics Assembler ,
06/15/66, McGee, R. C.
* G0037 SPS-B-645 Simulator, 08/9/66, McGee, R. C.
* G0038 SPS-B Multics Assembler (M50EB00131), 08/22/66, McGee, R. C.
* G0039 SPSB 645 Free-Standing Simulator (M50EB00171) , 08/22/66, McGee,
R. C.
* G0040 EPS MTH211 and MTH311 Magnetic Tape Units, 08/22/66, McGee, R. C.
* G0041 SPS GE-645 Gecos-IOC Version (M50EB00006), 08/22/66, McGee, R. C.
* G0042 SCU Instruction Format, 11/22/66, Stoller, G. S.
* G0043 SPS-C Multics/Gecos Monitor (M50EB00188), 09/01/66, McGee, R. C.
* G0044 SPS-B GE-645 PL/I Compiler (M50EB00175), 09/01/66, McGee, R. C.
* G0045 EPS Extended Character Set Printer Subsystem (PRT202)
(M50EB00070), 09/01/66, McGee, R. C.
* G0046 Errata G0042, 12/05/66, Stoller, G. S.
* G0047 600 Series GE Specifications , 12/08/66, Bash, J. L.
* G0048 Distribution of Specifications , 12/12/66, Bash, J. L.
* G0049 Fortran IV Language Manual, 01/12/67, Bash, J. L.
* G0050 GIOC Manual, 01/12/67, Bash, J. L.
* G0051 Correction to G0049, 01/12/67, Bash, J. L.
* G0053 Renumbering of Repository Document, INDEX, 05/11/67, Bash, J. L.
* G0054 Revised INDEX, 06/16/67, Bash, J. L.
* G0055 Compendium of PL/I (EPL) Run-Time Mathematics Library , 09/01/67,
Goldberg, I. B.
* G0056 Current INDEX Revision, 09/13/67, Bash, J. L.
* G0057 Current VOCAB Revision, 09/25/67, Bash, J. L.
* G0058 Phase I Test Experiment, 10/02/67, Shy, I.
* G0059 The Multics Operating System , 05/67, CISL
* G0060 EPL User's Reference Manual, 12/67, CISL
* G0061 CISL User Manuals on MULTICS (memo), ND, Bash, J. L.
* G0062 Current INDEX Revision, 01/26/68, Bash, J. L.
* G0063 CTSS Console User's Manual , 01/68, CISL
* G0065 Errata to EPL User's Reference Manual, 02/05/68, Benjafield, G.
* G0066 Memo Re: G0067, 02/12/68, CISL
* G0067 Handbook of Operating Information, Configuration A/Multics ,
11/68, CISL
* G0068 Current Revision of VOCAB , 02/15/68, Bash, J. L.
* G0069 Intermediate Update of INDEX and VOCAB, 03/08/68, Bash, J. L.
* G0070 EPL User's Reference Manual, Revision 1, 04/68, CISL
* G0071 Multics PL/I Language Reference Manual Questionnaire, 05/09/69,
Bash, J. L.
* G0072 EPLBSA Manual, 04/68, CISL
* G0073 Initial Multics Console User's Manual, 07/68, CISL
* G0074 EPL Glossary of Terms, 08/68, Hart, J. E.
* G0075 GE-645 Address Modification , 09/68, Riesenberg, D. J.
* G0076 Updates to the Glossary of Multics Terms (Vocabulary) , 09/04/68,
Bash, J. L.
* G0077 Interim FL Reference Manual, 10/29/68, Riesenberg, D. J.
* G0078 Interim I/O Document, 12/20/68, Goudy, M. L.
* G0080 Significant Features of Multics PL/I , 01/21/69, Freiburghouse,
R. A.
* G0081 Compatibility Consideration of the PL/I Implementation ,
01/21/69, Freiburghouse, R. A.
* G0082 Update to EPL Manual G0070, 01/22/69, Bash, J. L.
* G0084 MULTICS Condensed Guide, 06/69, CISL
* G0085 Chapter I of MULTICS User Procedures (Calls to the File System),
07/01/69, Hart, J. E.
* G0086 Multics User Procedures Update (Chapter 1), 07/28/69, Hart, J. E.
* G0087 Chapter II of MULTICS User Procedures (Interim Document on I/O
Calls), 08/06/69, Bash, J. L.
* G0088 Multics User Procedures Update (Chapter I) , 08/15/69, Hart, J.
E.
* G0089 Update to G0087, Interim Document on I/O Calls, ND, Bash, J. L.
* G0090 Working paper on Program Naming Problems in a Shared Tree
Structured Hierarchy, 08/22/69, Clingen, C. T.
* G0091 A User's Guide to the MULTICS Fortran Implementation, 10/69,
Freiburghouse, R. A.
* G0092 A User's Guide to the MULTICS PL/I Implementation, 10/69,
Freiburghouse, R. A.
* M0047 FJCC: Intro. & Overview of Multics, 9/17/65, Corbato, F. J., and
V. A. Vyssotsky
* M0048 FJCC: System Design of a Computer for Time Sharing Applications,
9/17/65, Glaser, E. L., J. F. Couleur, and G. A. Oliver
* M0049 FJCC: Some Thoughts about the Social Implications of Accessible
Computing , 9/17/65, David, E. E.
* M0052 Debugging Aids for the Multics System (Revised) , 11/09/65,
Wagner, D. B.
* M0054 Proposal for a System of Clocks for Multics , 11/16/65, Saltzer,
J. H.
* M0058 Outline of Proposed Interactive Debugging Aids for Multics,
1/19/66, Wagner, D. B.
* M0060 Thoughts About Operating Multics, 12/17/65, Oppert, D. E.
* M0062 System Metering , 3/17/66, Widrig, D. R.
* M0063 Conversion of Typset Files to Flexowriter Tapes, 3/11/66,
Magnuski, H. S.
* M0065 Operational Description of the EPLBSA Assembler , 5/26/66,
Poduska, J. W.
* M0066 Resource Management and Accounting for Multics, 6/26/66, Van
Vleck, T. H.
* M0070 Character Handling and PL/I, 6/30/66, Saltzer, J. H.
* M0071 ASCII Graphics on Multics , 6/30/66, Saltzer, J. H.
* M0076 Operating Procedures for the Model 2201 Flexowriter to Prepare
Documents for Multics , 8/25/66, Selwyn, L. L.
* M0077 Traffic Control in a Multiplexed Computer System, 0/22/66,
Saltzer, J. H.
* M0082 Examples of PL/I Subroutines, 11/22/66, Corbato, F. J., and A.
Evans
* M0085 Use of QED and ROFF, 1/19/67, Graham, R. M.
* M0086 A Guide to Multics for Subsystem Writers-I, 3/67, Organick, E. I.
* M0087 A Guide to Multics for Subsystem Writers-II, 4/67, Organick, E.
I.
* M0089 Error in hash-coding algorithm, 4/10/67, Corbato, F. J., and A.
Evans
* M0090 A Guide to Multics for Subsystem Writers Chapter III, 8/67,
Organick, E. I.
* M0094 Virtual Memory, Processes, and Sharing in Multics , 10/14/67,
Daley, R. C., and J. B. Dennis
* M0095 Protection in an Information Processing Utility, 10/14/67,
Graham, R. M.
* M0103 PL/I As a Tool for System Programming , 07/02/68, Corbato, F. J.
* M0104 A Paging Experiment with the Multics System , 07/68, Corbato, F.
J.
* M0105 Sensitive Issues in the Design of Multi-Use Systems, 11/12/68,
Corbato, F. J.
* M0106 A Guide to Multics for Subsystem Writers Chapter IV, 01/69,
Organick, E. I.
* M0107 A Guide to Multics for Subsystem Writers -Chapter V, 02/69,
Organick, E. I.
* M0108 A Guide to Multics for Subsystem Writers -Chapter VI, 03/69,
Organick, E. I.
* M0109 Annotated Bibliography of Multics, 04/16/69, Saltzer, J. H., and
R. M. Graham
* M0110 BCPL Manual for Multics, 07/30/69, Evans, A.
* M0111 The Multics Virtual Memory, 10/69, Bensoussan, A., C. T. Clingen,
and R. C. Daley
* M0112 The Instrumentation of Multics, 10/69, Saltzer, J. H., and J. W.
Gintell
* M0113 The Role of Motherhood in the Pop Art of System Programming,
08/21/69, Neumann, P. G.
* M0114 The Multics Interprocess Communication Facility , 07/29/69,
Spier, M. J., and E. I. Organick
* M0115 System performance effects of the new PL/I compiler , 10/14/69,
Corbato, F. J.
* M0116 MAC Repository list, 12/01/69, Gardner, R.
* M0117 GE Repository List, 07/19/69, Gardner, R.
* M0118 GE Repository list, 12/01/69, Gardner, R.
* M0119 BTL Repository list, 12/01/69, Gardner, R.
* M0132 A Multics Process (System 17.11a), 12/8/72, Greenberg, B., and M.
Miyazaki
Multics Design Document Series
The Multics Design Document series, specifically produced by Honeywell
for the B2 evaluation effort, includes some documents written for the
project. Others were existing manuals that were found to be adequate
for the evaluation but were to eventually be re-written for
consistency. [info from Ed Ranzenbach]
* MDD-001 Overview and Index of Multics Design Documents (Margulies, B.)
Introduction to Multics Design Documents. The index of all Multics
Design Documents.
* MDD-002-01 Multics Security Model -- Bell and La Padula (Tague, R.
Michael) The Multics system enforces a security policy that is an
implementation of the security model described by Bell and La Padula.
This Multics Design Document (MDD) presents the relationship between
the actual implementation in Multics and the model.
* MDD-003 Overview of the Multics TCB (Sibert, W. Olin) Overview of the
Multics Virtual Memory System, Metering, and the Supervisor.
* MDD-004-01 Multics Functional Testing (Dickson, Paul) This MDD contains
documentation on the Multics Functional Testing Suite.
* MDD-005-02 System Initialization (Farley, Paul) The internal
organization of Multics System Initialization.
* MDD-006-01 Directory Control (Dixon, Gary C.) Internal Organization of
the Directory Control and the Address and Name Space Management
functions within the Multics system.
* MDD-007-01 VTOCE File System (Sharpe, Ed) The management and internal
organization of storage system physical disk volumes on Multics.
* MDD-008 Online Storage Volume Management (Sharpe, Ed) This MDD
describes the management of Online Storage Volumes.
* MDD-009 Resource Control Package (Pozzo, Maria M.) This MDD covers the
management and internal organization of resources (devices and volumes)
on Multics.
* MDD-010-01 System / User Control (Swenson, E., and Jim Lippard) The
management and internal description of the system/user control
subsystem on Multics.
* MDD-011 Page Control (Honeywell) unpublished
* MDD-012-01 I/O Interface (IOI) (Jones, Chris) This MDD describes the
features and operations of the I/O interfacer (IOI), as well as those
hardware features which make its operation possible.
* MDD-013 Multics Message Segment Facility (Pandolf, Michael A.)
Description and documentation of the internal and user interfaces of
the Multics Message Segment Facility.
* MDD-014 Hierarchy Backup Dumper (Honeywell) unpublished
* MDD-015 Interprocess Communication (Honeywell) unpublished
* MDD-016 Volume Backup Dumper (Honeywell) unpublished
* MDD-017 Multics I/O SysDaemon (Gilcrease, George) An overview of the
operation of the I/O SysDaemon. The scope of this document is a
synopsis of the I/O SysDaemon software: a description of the primary
associated databases, and a narrative of the order of events and
communication between the I/O SysDaemon coordinator process and a
representative driver process.
* MDD-018 Reconfiguration (Honeywell) unpublished
* MDD-019 Traffic Control (Coren, Robert S.) This document describes the
policies and algorithms of Multics Traffic Control, which is that part
of the supervisor that manages the allocation of processors among
processes.
* MDD-020 Multics Runtime Environment (Weaver, Melanie) Explanation of
the runtime environment, including process structure and
initialization, ring crossing mechanisms, object format and dynamic
linking, area management, and condition signalling and handling.
* MDD-021 Fault and Interrupt Handling (Honeywell) unpublished
* MDD-022 System Administration (Honeywell) unpublished
* MDD-023 Online T&D (Honeywell) unpublished
* MDD-024 System Logging (Sharpe, Ed) Describes the system logging
mechanisms. This document also provides a foundation for MDD-029
"Security Auditing".
* MDD-025 Hardcore I/O (Honeywell) unpublished
* MDD-026 Salvaging and Scavenging (Honeywell) unpublished
* MDD-027 MCS (Honeywell) unpublished
* MDD-028 SysDaemons (Honeywell) unpublished
* MDD-029 Security Auditing (Sharpe, Ed) Describes the system security
audit trail. Some descriptions in this document are dependent upon the
contents of MDD-024 "System Logging".
Multics Operating Staff Notes
Documents given to machine operators at the MIT and GE/Honeywell
development sites. Later incorporated into Honeywell manuals.
* MOSN-A001 Operational Changes for MR4.0 (Van Vleck, T. H.) Initial
operator documents for NSS, describing BOS changes and operator command
changes. (2.0M pdf)
Multics Alternative Documentation
Here is a list, thanks to Bruce Sanderson, of documents produced by
Warren Johnson and Jim Homan, describing operational lore useful to
site analysts and operators.
* MAD-001 Multics Alternative Documentation, 10/29/80, Johnson, W.
* MAD-001.A Multics Alternative Documentation, 2/20/81, Johnson, W.
* MAD-001.B Multics Alternative Documentation, 3/3/81, Johnson, W.
* MAD-002 Reading Processor Lights, 10/29/80, Johnson, W.
* MAD-003 Multics Metering and Tuning, 10/30/80, Johnson, W.
* MAD-003.A Multics Metering and Tuning, 2/24/81, Johnson, W.
* MAD-004 Channel Master File, 11/5/80, Johnson, W.
* MAD-004.A Channel Master File, 4/17/81, Johnson, W.
* MAD-005 Disk Space Monitoring, 11/10/80, Homan, J.
* MAD-005.A Disk Space Monitoring, 7/7/81, Homan, J.
* MAD-006 So you're going to 6250 bpi..., 11/13/80, Homan, J.
* MAD-007 Operator Message Facility, 11/18/80, Homan, J.
* MAD-008 Recovery from ESD Failure, 11/18/80, Homan, J.
* MAD-009 Knocking the Initializer out of a loop, 11/19/80, Johnson, W.
* MAD-010 Sending Interrupt from IOM to System Console, 2/25/81, Johnson,
W.
* MAD-011 Fac_Totum.SysDaemon, 4/22/81, Homan, J., and W. Johnson
* MAD-011.A Factotum.SysDaemon, 7/7/81, Homan, J., and W. Johnson
* MAD-011.B Factotum.SysDaemon, 7/21/81, Homan, J., and W. Johnson
* MAD-012 Multics Failure Analysis, 5/21/81, Johnson, W.
* MAD-013 RCPRM For Tape Library Management, 6/1/81, Homan, J.
* MAD-014 Setting SAT Bit Count, 8/3/81, Johnson, W.
* MAD-015 Site Library Maintenance, 5/10/82, Homan, J., and W. Johnson
* MAD-016 Auto-Reboot Redone, 7/30/82, Homan, J.
* MAD-017 Yet Another start_up.ec Spiel, 3/29/83, Homan, J.
* MAD-018 Tools For Maintaining System Tables And Exec_coms, 3/29/83,
Homan, J.
* MAD-019 Installing A New Multics Site, 5/31/83, Homan, J.
* MAD-020 Survey of Privileged Accesses, 3/28/83, Homan, J.
Local Site memos
Memos local to particular sites.
* MIT IPC, MIT Author Maintained Library, April 1975
Documentation for 34 commands, 7 active functions, and 25 subroutines
contributed by the MIT user community, including XPL, TECO and BCPL.
(5.6M pdf)
* MIT IPC, MIT Installation Maintained Library, July 1974
Documentation for 5 commands and 2 subroutines installed locally at the
MIT site, including Multics versions of BMD and SSP. (1.8M pdf)
