KeyKOS is another operating system that runs on S/370 mainframes (it is being refitted for other systems). It was a project begun by Tymshare Corp. in the early 1970s in response to the following requirements:

• Applications should be able to use large memories.
• High availability is required for many applications.
• Security is of primary concern to large networks.
• Transaction processing is not well supported by current systems.

1972

First description of the system

1974

First funding for development

1976

The first message ("hello") was received on a KeyKOS terminal, running under VM

1979

SHARE presentation on the architecture of the system

1981

First IPL of KeyKOS as a standalone operating system

1983

First production application running under KeyKOS

1985

First IPL of CMS under KeyKOS

1985

Key Logic formed as a corporation, split from Tymshare Corp.

1986

First real paying customer buys into KeyKOS

1987

First online transaction processing application runs

• Virtual storage is "persistent". Memory allocated to an application remains constant BETWEEN IPLs. Weird.
• Systemwide checkpoints are taken periodically. If an interruption occurs, IPL processing restores the system to the last checkpoint, with transactions in progress, and database recovery automatically completed.
• DASD mirroring is an optional feature that maintains two copies of all disk data. If one goes down, the other keeps running. When the failing drive is repaired, the system automatically recreates a duplicate copy of the production data in real-time, and restores the mirroring environment. This is all automatic, with no down time required of any application.
• System backups can be taken while the system is running. The system is smart enough to make the backup look as if it was taken at a checkpoint, even though the system keeps running applications during the backup process.
• The system is designed for unattended operation (tapes and printers excluded).
• Only the Kernel (a VERY small subset of the operating system) runs in supervisor state. MVS is "bimodal" - either you have all system privileges or you have none. Multics was multimodal in the sense that it implemented "rings of protection", where privileges were apportioned hierarchically. Under KeyKOS, privileges are given incrementally in network fashion; any object can confer its own privileges (or a subset) to any other object. Security is integral to the system; it has the highest Defense rating of any operating system.
• Each "object" (program) lives in its own address space. It communicate with other "objects" via messages. No object can inspect another.

The Department of Defense has classified computer systems into several groups. These are, in descending security order:

A:

Verified Protection (no systems at this level).

B:

Mandatory Protection - security officer can impose security measures without the user's cooperation

B3:

Security Domains - security precautions are implemented at the recovery level (KeyKOS is certified at this level).

B2:

Structured Protection

B1:

Labeled Security Protection

C:

Selectable Protection

C2:

Controlled Access (ACF2 implements this level)

C1:

Discretionary Protection (RACF implements this level)

D:

Minimal protection