Multics
Multics is an influential early time-sharing operating system based on the concept of a single-level memory. It has been written that Multics "has influenced all modern operating systems since, from microcomputers to mainframes."
Initial planning and development for Multics started in 1964, in Cambridge, Massachusetts. Originally it was a cooperative project led by MIT along with General Electric and Bell Labs. It was developed on the GE 645 computer, which was specially designed for it; the first one was delivered to MIT in January 1967. GE offered their earlier GE 635 systems with the Dartmouth Time-Sharing System, which they called "Mark I" and intended to offer the 645 with Multics as a larger successor. Bell withdrew from the project in 1969 as it became clear it would not deliver a working system in the short term. Shortly thereafter, GE decided to exit the computer industry entirely and sold the division to Honeywell in 1970. Honeywell offered Multics commercially, but with limited success.
Multics has numerous features intended to ensure high availability so that it would support a computing utility similar to the telephone and electricity utilities. Modular hardware structure and software architecture are used to achieve this. The system can grow in size by simply adding more of the appropriate resource, be it computing power, main memory, or disk storage. Separate access control lists on every file provide flexible information sharing, but complete privacy when needed. Multics has a number of standard mechanisms to allow engineers to analyze the performance of the system, as well as a number of adaptive performance optimization mechanisms.
Due to its many novel and valuable ideas, Multics has had a significant influence on computer science despite its faults. Its most lasting effect on the computer industry was to inspire the creation of Unix, which carried forward many Multics features, but was able to run on less expensive hardware. Unix was developed at Bell to allow their Multics team to continue their research using smaller machines, first a PDP-7 and ultimately the PDP-11.
Novel ideas
Multics implements a single-level store for data access, discarding the clear distinction between files and process memory. The memory of a process consists solely of segments that were mapped into its address space. To read or write to them, the process simply uses normal central processing unit instructions, and the operating system takes care of making sure that all the modifications were saved to disk. In POSIX terminology, it is as if every file weremmaped; however, in Multics there is no concept of process memory, separate from the memory used to hold mapped-in files, as Unix has. All memory in the system is part of some segment, which appears in the file system; this includes the temporary scratch memory of the process, its kernel stack, etc.Segments are limited to 256 kilowords, just over 1 MB, because Multics hardware had 18-bit word addresses for the content of a segment. Larger files are "multisegment files" and are handled differently. The 256 kiloword limit was rarely encountered in practice, because at the time, one megabyte of memory was prohibitively expensive.
Another major new idea of Multics was dynamic linking, in which a running process can make external routines available by adding the segments containing them to its address space. This allows applications to always use the latest version of any external routine, since those routines are kept in other segments, which are dynamically linked only when a process first attempts to begin execution in them. Since different processes can use different search rules, different users can end up using different versions of external routines. Equally importantly, with the appropriate settings in the Multics security facilities, the code in the other segment can gain access to data structures maintained in a different process. Dynamic linking in Multics does not require special dynamic-link libraries ; a program can dynamically link to any executable segment to which it has access rights.
Thus, to interact with an application running in part as a daemon, a user's process simply performs a normal procedure-call instruction to a code segment to which it had dynamically linked. The code in that segment can then modify data maintained and used in the daemon. When the action necessary to commence the request is completed, a simple procedure return instruction returns control of the user's process to the user's code.
Multics also supports extremely aggressive on-line reconfiguration: central processing units, memory banks, disk drives, etc. can be added and removed while the system continues operating. At the MIT system, where most early software development was done, it was common practice to split the multiprocessor system into two separate systems during off-hours by incrementally removing enough components to form a second working system, leaving the rest still running for the original logged-in users. System software development testing could be done on the second system, then the components of the second system were added back to the main user system, without ever having shut it down. Multics is one of the earliest multiprocessor systems.
Multics is the first major operating system to be designed as a secure system from the outset. Despite this, early versions of Multics were compromised repeatedly. This led to further work that made the system more secure, and prefigured modern security engineering techniques. Break-ins became very rare once the second-generation hardware base was adopted; it has hardware support for ring-oriented security, a multilevel refinement of the concept of master mode. A US Air Force tiger team project tested Multics security in 1973 under the codeword ZARF. On 28 May 1997, the American National Security Agency declassified this use of the codeword ZARF.
Multics is the first operating system to provide a hierarchical file system, and file names can be of almost arbitrary length and syntax. A given file or directory can have multiple names, and symbolic links between directories are also supported. Multics is the first to use the now-standard concept of per-process stacks in the kernel, with a separate stack for each security ring. It is also the first to have a command processor implemented as ordinary user code – an idea later used in the Unix shell. It is also one of the first written in a high-level language, after the Burroughs MCP system written in ESPOL, an expanded version of ALGOL.
The deployment of Multics into secure computing environments also spurred the development of innovative supporting applications. In 1975, Morrie Gasser of MITRE Corporation developed a pronounceable random word generator to address password requirements of installations such as the Air Force Data Services Center processing classified information. To avoid guessable passwords, the AFDSC decided to assign passwords but concluded the manual assignment required too much administrative overhead. Thus, a random word generator was researched and then developed in PL/I. Instead of being based on phonemes or individual letters or clarities, the system employed phonemic segments and other rules to enhance pronounceability and randomness, which was statistically modeled against other approaches. A descendant of this generator was added to Multics during Project Guardian.
Project history
In 1964, Multics was developed initially for the GE-645 mainframe, a 36-bit system. GE's computer business, including Multics, was taken over by Honeywell in 1970; around 1973, Multics was supported on the Honeywell 6180 machines, which included security improvements including hardware support for protection rings.Bell Labs pulled out of the project in 1969; some of the people who had worked on it there went on to create the Unix system. Multics development continued at MIT and General Electric. At MIT in 1975, use of Multics was declining and did not recover by 1976 to prior levels. Finally by slashing prices, MIT managed to lure users back to Multics in 1978.
In 1974 Honeywell entered into a development contract with the Air Force to develop a security kernel for Multics. This would involve reducing the size of the Multics hardcore by moving specific components of the supervisor out of Ring 0. One of the initial steps after carrying out a security evaluation was the implementation of a multilevel security framework within Multics called AIM. This provided mandatory access control which could be enabled to supplement the already existing discretionary access control that Multics already possessed. The resulting Project Guardian ran until termination in 1976; whilst most of its changes were not added to Multics, some parts of the project such as the proposed Secure Front End Processor was productized by Honeywell as SCOMP. The SCOMP and its STOP operating system eventually evolved via XTS-200 and XTS-300 into current XTS-400 offering of secure operating systems.
Honeywell continued system development until 1985. About 80 multimillion-dollar sites were installed, at universities, industry, and government sites. The French university system had several installations in the early 1980s. After Honeywell stopped supporting Multics, users migrated to other systems, such as Unix. Honeywell later slowly sold its Information Systems division into a joint venture with Bull, and with NEC also participated, in 1986.
In 1985, Multics was issued certification as a B2 level secure operating system using the Trusted Computer System Evaluation Criteria from the National Computer Security Center, a division of the NSA; it was the first operating system evaluated to this level.
Multics was distributed from 1975 to 2000 by Groupe Bull in Europe, and by Bull HN Information Systems Inc. in the United States. In 2006, Bull SAS released the source code of Multics versions MR10.2, MR11.0, MR12.0, MR12.1, MR12.2, MR12.3, MR12.4 & MR12.5 under a free software license.
The last known Multics installation running natively on Honeywell hardware was shut down on October 30, 2000, at the Canadian Department of National Defence in Halifax, Nova Scotia, Canada.