secure, as in what and how ?
my vote is iRMx running from ROM (not flash , real hard unwriteable ROM).
Very hard to bring down. Even catastrophical memory failure doesn't bring that down.
I've told the story before , but : we ( begin the time i worked in the waferfab) had a ion implanter from Eaton. A -very- expensive piece of semiconductor machinery , and potentially very dangerous as it used hydrogen as a coolant ...
The machine was controlled by a 286 computer . industrial version of a standard PC. This machine booted from ROM containing an iRMX kernel. All memory was considered a ram drive. All applications were loaded from hardddisk in 'virtual partitions'.
This thing had a graphical user interface with touch screen and windowing. Every loaded object lived in its own 'container' ( think something like a virtual drive. the application or object cannot step outside of its container. it only knows its own world.)
items talk to each other passing messages. only the Os has access to load something. if a process or object 'hangs' : destroy the container and reload from disk. The data associated with a process lived in its own container. So that could be preserved and freshly loaded object could be reconnected to the operational state of the crashed one.
This thing was so bulletproof that even failing ram memory could not bring this machine down. The Os would detect parity errors in a segment and simply reload the appliction in a different location and reconnect it to the datapool and then mark this segment as 'bad'. just like in a harddisk. Weeks later , during scheduled downtime, we swapped the memory chips and ran the memtest , freeing that 'sector'.
The Os could never be hacked as it sat in rom and there was no way to 'write' that. It did not get copied to ram, it ran from rom. Any user world stuff was loaded from disk. since all those things lived in their own container there was no way to contaminate anything.
you booted in user mode or in admin mode. There was no way to switch between them apart form a hard system reset. in admin mode you could install new software . in run mode nothing could be written to the application section of the drive. only the data block was accessible for write. If i remember correctly there were two partitions. or two drives. it;s a long time ago.
i have never encountered any other kind of OS that could failing ram memory and keep running.
-edit- and today it is still around.
www.tenasys.com . runs parallel with windows , on a multicore cpu it steals a single core and runs in its own section of hardware. you can allocate ow many instances of the os you need. Each grabbing its own core.
it can also run parallel with linux or some other Os's.
Worth reading up on as it is really designed to be a a true RTOS
Home
Help
Search
Login
Register
