Bear – A Resilient Operating System for Scalable Multiprocessors 1

This paper describes a minimalist operating system design aimed at scalable multiprocessor systems whose primary goal is resilience. The design is expressly targeted toward critical military applications for the purpose of operating through failures, errors, and malicious attacks. Lessons learned from several key proof-of-concept components, implemented as Linux kernel modules, are currently being incorporated into a new fromscratch system. Current operating system designs have sought to utilize a base of trust in hardware and extend trust to software through deliberate layering. Our approach assumes instead that adversaries will conduct surveillance, will be successful in gaining access, and will persist undetected. We propose multiple, overlapping, non-deterministic techniques that continually re-establish trust by dynamically regenerating core components of distributed computations and their underlying execution environment. The cumulative effect of these changes in design style is to increase attacker workload by denying surveillance and persistence over time-scales consistent with tactical military operations. Unlike other approaches to computer security, no attempt is made to detect intrusions: instead, we focus on continually validating, preserving, and re-establishing the ability of a military mission to proceed – living with insecurity.