{"id":"https://openalex.org/W2058200237","doi":"https://doi.org/10.1145/1278901.1278904","title":"Towards trustworthy computing systems","display_name":"Towards trustworthy computing systems","publication_year":2007,"publication_date":"2007-07-01","ids":{"openalex":"https://openalex.org/W2058200237","doi":"https://doi.org/10.1145/1278901.1278904","mag":"2058200237"},"language":"en","primary_location":{"id":"doi:10.1145/1278901.1278904","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1278901.1278904","pdf_url":null,"source":{"id":"https://openalex.org/S50071195","display_name":"ACM SIGOPS Operating Systems Review","issn_l":"0163-5980","issn":["0163-5980","1943-586X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGOPS Operating Systems Review","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://handle.unsw.edu.au/1959.4/39906","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025750562","display_name":"Gernot Heiser","orcid":"https://orcid.org/0000-0002-7069-0831"},"institutions":[{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Gernot Heiser","raw_affiliation_strings":["NICTA and University of New South Wales, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"NICTA and University of New South Wales, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I31746571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073718932","display_name":"Kevin Elphinstone","orcid":null},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Kevin Elphinstone","raw_affiliation_strings":["NICTA and University of New South Wales, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"NICTA and University of New South Wales, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I31746571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039470962","display_name":"Ihor Kuz","orcid":null},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Ihor Kuz","raw_affiliation_strings":["NICTA and University of New South Wales, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"NICTA and University of New South Wales, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I31746571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056561099","display_name":"Gerwin Klein","orcid":"https://orcid.org/0000-0001-8883-0559"},"institutions":[{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Gerwin Klein","raw_affiliation_strings":["NICTA and University of New South Wales, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"NICTA and University of New South Wales, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I31746571"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5062997023","display_name":"Stefan M. Petters","orcid":"https://orcid.org/0000-0002-7834-7798"},"institutions":[{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Stefan M. Petters","raw_affiliation_strings":["NICTA and University of New South Wales, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"NICTA and University of New South Wales, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I31746571"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5025750562"],"corresponding_institution_ids":["https://openalex.org/I31746571","https://openalex.org/I42894916"],"apc_list":null,"apc_paid":null,"fwci":24.3275,"has_fulltext":false,"cited_by_count":80,"citation_normalized_percentile":{"value":0.99522803,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"41","issue":"4","first_page":"3","last_page":"11"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10933","display_name":"Real-Time Systems Scheduling","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/microkernel","display_name":"Microkernel","score":0.9891139268875122},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8392159342765808},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.647823691368103},{"id":"https://openalex.org/keywords/trustworthiness","display_name":"Trustworthiness","score":0.5321615934371948},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.5249089002609253},{"id":"https://openalex.org/keywords/component","display_name":"Component (thermodynamics)","score":0.48130905628204346},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.4751458168029785},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4543232023715973},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.40656283497810364},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3144618272781372}],"concepts":[{"id":"https://openalex.org/C2777127024","wikidata":"https://www.wikidata.org/wiki/Q726378","display_name":"Microkernel","level":2,"score":0.9891139268875122},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8392159342765808},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.647823691368103},{"id":"https://openalex.org/C153701036","wikidata":"https://www.wikidata.org/wiki/Q659974","display_name":"Trustworthiness","level":2,"score":0.5321615934371948},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.5249089002609253},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.48130905628204346},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.4751458168029785},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4543232023715973},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.40656283497810364},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3144618272781372},{"id":"https://openalex.org/C97355855","wikidata":"https://www.wikidata.org/wiki/Q11473","display_name":"Thermodynamics","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C163258240","wikidata":"https://www.wikidata.org/wiki/Q25342","display_name":"Power (physics)","level":2,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/1278901.1278904","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1278901.1278904","pdf_url":null,"source":{"id":"https://openalex.org/S50071195","display_name":"ACM SIGOPS Operating Systems Review","issn_l":"0163-5980","issn":["0163-5980","1943-586X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGOPS Operating Systems Review","raw_type":"journal-article"},{"id":"pmh:oai:unsworks.unsw.edu.au:1959.4/39906","is_oa":true,"landing_page_url":"http://handle.unsw.edu.au/1959.4/39906","pdf_url":null,"source":{"id":"https://openalex.org/S4377196481","display_name":"UNSWorks (UNSW Sydney)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I31746571","host_organization_name":"UNSW Sydney","host_organization_lineage":["https://openalex.org/I31746571"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Journal Article"},{"id":"pmh:oai:unsworks.library.unsw.edu.au:1959.4/39906","is_oa":true,"landing_page_url":"http://hdl.handle.net/1959.4/39906","pdf_url":null,"source":{"id":"https://openalex.org/S4306401737","display_name":"UNSWorks (University of New South Wales, Sydney, Australia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I40053085","host_organization_name":"Australian Defence Force Academy","host_organization_lineage":["https://openalex.org/I40053085"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Operating Systems Review, 41, 4, 3-11","raw_type":"http://purl.org/coar/resource_type/c_6501"}],"best_oa_location":{"id":"pmh:oai:unsworks.unsw.edu.au:1959.4/39906","is_oa":true,"landing_page_url":"http://handle.unsw.edu.au/1959.4/39906","pdf_url":null,"source":{"id":"https://openalex.org/S4377196481","display_name":"UNSWorks (UNSW Sydney)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I31746571","host_organization_name":"UNSW Sydney","host_organization_lineage":["https://openalex.org/I31746571"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Journal Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":69,"referenced_works":["https://openalex.org/W58461050","https://openalex.org/W107760554","https://openalex.org/W206628711","https://openalex.org/W1492360400","https://openalex.org/W1535752867","https://openalex.org/W1556227328","https://openalex.org/W1556316449","https://openalex.org/W1595905761","https://openalex.org/W1607932714","https://openalex.org/W1957415375","https://openalex.org/W1970468735","https://openalex.org/W1995825564","https://openalex.org/W2002915275","https://openalex.org/W2003837456","https://openalex.org/W2006989942","https://openalex.org/W2010365467","https://openalex.org/W2012402082","https://openalex.org/W2014942166","https://openalex.org/W2036790532","https://openalex.org/W2039804807","https://openalex.org/W2049217678","https://openalex.org/W2074955133","https://openalex.org/W2076039932","https://openalex.org/W2093852121","https://openalex.org/W2096165352","https://openalex.org/W2096396200","https://openalex.org/W2104532741","https://openalex.org/W2104634303","https://openalex.org/W2106192381","https://openalex.org/W2108009943","https://openalex.org/W2108748002","https://openalex.org/W2115696550","https://openalex.org/W2121835426","https://openalex.org/W2123022344","https://openalex.org/W2125579889","https://openalex.org/W2130696365","https://openalex.org/W2130970533","https://openalex.org/W2131726714","https://openalex.org/W2136077912","https://openalex.org/W2137186143","https://openalex.org/W2138963968","https://openalex.org/W2146878883","https://openalex.org/W2160292492","https://openalex.org/W2163117779","https://openalex.org/W2165581146","https://openalex.org/W2167500728","https://openalex.org/W2167800525","https://openalex.org/W2169086742","https://openalex.org/W2169497125","https://openalex.org/W2240715926","https://openalex.org/W2311215115","https://openalex.org/W2342083136","https://openalex.org/W2470007019","https://openalex.org/W2528472287","https://openalex.org/W2528812583","https://openalex.org/W3025363883","https://openalex.org/W4232666937","https://openalex.org/W4240429321","https://openalex.org/W4242574860","https://openalex.org/W4243443630","https://openalex.org/W4244704438","https://openalex.org/W4250846042","https://openalex.org/W4252125305","https://openalex.org/W4285719527","https://openalex.org/W6608386446","https://openalex.org/W6629464551","https://openalex.org/W6674433267","https://openalex.org/W6677947940","https://openalex.org/W6683747527"],"related_works":["https://openalex.org/W2128759721","https://openalex.org/W123164316","https://openalex.org/W2384001000","https://openalex.org/W2283765886","https://openalex.org/W2527066260","https://openalex.org/W2590612303","https://openalex.org/W2546751581","https://openalex.org/W2106176233","https://openalex.org/W2788290641","https://openalex.org/W2901063172"],"abstract_inverted_index":{"As":[0],"computer":[1,92],"systems":[2,32,93,164],"become":[3],"increasingly":[4],"mission-critical,":[5],"used":[6],"in":[7,94],"life-critical":[8,30],"situations,":[9],"and":[10,29,49,110,156],"relied":[11],"upon":[12],"to":[13,69,73,146],"protect":[14],"intellectual":[15],"property,":[16],"operating-system":[17],"reliability":[18,64],"is":[19,119],"becoming":[20],"an":[21,74,121],"ever":[22],"growing":[23],"concern.":[24],"In":[25],"the":[26,54,85,95,100,107,137,148,154,167,179,192],"past,":[27],"mission-":[28],"embedded":[31],"consisted":[33],"of":[34,41,56,77,136,153,182],"simple":[35],"microcontrollers":[36],"running":[37],"a":[38,125,132,159],"small":[39],"amount":[40],"software":[42,57,63],"that":[43,82,165],"could":[44],"be":[45],"validated":[46],"using":[47],"traditional":[48,59],"informal":[50],"techniques.":[51],"However,":[52],"with":[53,143,172],"growth":[55],"complexity,":[58],"techniques":[60],"for":[61,88,124,162],"ensuring":[62],"have":[65],"not":[66],"been":[67],"able":[68],"keep":[70],"up,":[71],"leading":[72],"overall":[75],"degradation":[76],"reliability.":[78],"This":[79],"paper":[80],"argues":[81],"microkernels":[83],"are":[84],"best":[86],"approach":[87],"delivering":[89],"truly":[90],"trustworthy":[91],"foreseeable":[96],"future.":[97],"It":[98],"presents":[99],"NICTA":[101,177],"operating-systems":[102],"research":[103,180],"vision,":[104],"centred":[105],"around":[106],"L4":[108],"microkernel":[109],"based":[111],"on":[112],"four":[113],"core":[114],"projects.":[115],"The":[116],"seL4":[117],"project":[118],"designing":[120],"improved":[122],"API":[123],"secure":[126],"microkernel,":[127,138],"L4,":[128],"verified":[129],"will":[130,185],"produce":[131],"full":[133],"formal":[134],"verification":[135],"Potoroo":[139],"combines":[140],"execution-time":[141],"measurements":[142],"static":[144],"analysis":[145],"determine":[147],"worst":[149],"case":[150],"execution":[151],"profiles":[152],"kernel,":[155],"CAmkES":[157],"provides":[158],"component":[160],"architecture":[161],"building":[163],"use":[166],"microkernel.":[168],"Through":[169],"close":[170],"collaboration":[171],"Open":[173],"Kernel":[174],"Labs":[175],"(a":[176],"spinoff)":[178],"output":[181],"these":[183],"projects":[184],"make":[186],"its":[187],"way":[188],"into":[189],"products":[190],"over":[191],"next":[193],"few":[194],"years.":[195]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":2},{"year":2013,"cited_by_count":4},{"year":2012,"cited_by_count":3}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}