Reflections on an Operating System Design The main features of a general purpose multiaccess operating system developed for the CDC 6400 at Berkeley are presented, and its good and bad points are discussed as they appear in retrospect. Distinctive features of the design were the use of capabilities for protection, and the organization of the system into a sequence of layers, each building on the facilities provided by earlier ones and protecting itself from the malfunctions of later ones. There were serious problems in maintaining the protection between layers when levels were added to the memory hierarchy; these problems are discussed and a new solution is described. CACM May, 1976 Lampson, B. W. Sturgis, H. E. operating system, protection, capabilities, layering domains, memory hierarchy, faults 4.35 CA760503 JB January 4, 1978 3:57 PM 2319 4 2868 2378 4 2868 2320 4 2868 2436 4 2868 2626 4 2868 2626 4 2868 2629 4 2868 2632 4 2868 2738 4 2868 2740 4 2868 2868 4 2868 2868 4 2868 2868 4 2868 2868 4 2868 2868 4 2868 2868 4 2868 2870 4 2868 2870 4 2868 2876 4 2868 2928 4 2868 2939 4 2868 2941 4 2868 2951 4 2868 3105 4 2868 3105 4 2868 3127 4 2868 3144 4 2868 3144 4 2868 2080 5 2868 2377 5 2868 2380 5 2868 2558 5 2868 2625 5 2868 2632 5 2868 2868 5 2868 2868 5 2868 2868 5 2868 3105 5 2868 1471 6 2868 2625 6 2868 2632 6 2868 2868 6 2868 2939 6 2868 3068 6 2868