DoD-backed secure Unix precursor KSOS source code added to public archive
The source code for KSOS, an early security-focused Unix-like operating system funded by the U.S. Department of Defense in the late 1970s and 1980s, has been made publicly available through The Unix H...
The source code for KSOS, an early security-focused Unix-like operating system funded by the U.S. Department of Defense in the late 1970s and 1980s, has been made publicly available through The Unix Heritage Society (TUHS) archive for the first time.
Warren Toomey, founder of TUHS, announced the addition to the group’s mailing list. TUHS is best known for preserving historical Unix source code and documentation, and the KSOS release extends that effort with software that helped shape later ideas about secure operating systems.
KSOS, short for Kernelized Secure Operating System, was designed to provide a provably secure environment for larger minicomputers. Unlike many Unix descendants built in C, KSOS was written in Modula, a type-safe language associated with Niklaus Wirth. Its developers aimed for formal verification, meaning the system was intended to be mathematically analyzed and trusted for high-security use.
Ahead of its time
The project began in 1978 at Ford Aerospace and later continued at Logicon. People involved included security researcher Peter Neumann and engineer Tom Perrine, who later documented the system and discussed it in talks and articles. Although KSOS drew on Unix ideas and offered Unix-system-call compatibility in supervisor mode, it did not share Unix kernel code.
KSOS was not just a research prototype. According to historical accounts, it was deployed in production for multi-level secure intelligence systems, including trusted downgrade environments used by government agencies. It also had a VAX version, known as KSOS-32, while the earlier PDP-11 version was later referred to as KSOS-11.
- Written in Modula rather than C
- Designed for formal verification and strong isolation
- Used on commodity hardware
- Compiled under Unix rather than being self-hosted
The release surfaced after Perrine provided an old source tarball preserved by fellow developer Jeff Makey, with help from John O Goyo and Thalia Archibald in getting it into TUHS’s archive. One remaining historical puzzle is the original compiler used to build the system, which has not yet been identified.
The recovery adds another notable artifact to TUHS’s collection of early operating-system history, showing that concerns about secure design and type safety were being explored decades before modern languages such as Rust brought those ideas back into the mainstream.
