Dynamic Verification of Operating System Decisions
Dynamic verification of a decision implies
that every time the decision is made there is a 
consistency check performed on the decision using independent
hardware and software.  The dynamic verification 
of operating system decisions is used on the PRIME system
being designed and constructed at the University 
of California, Berkeley.  PRIME is an experimental time-sharing
which is to have the properties of continuous 
availability, data privacy, and cost effectiveness.
 The technique of dynamic verification allows the 
construction of an operating system which does not make certain
decisions improperly even in the presence 
of a single hardware or software fault.  Furthermore,
multiple faults lead to unreliable operation only 
if the faults happen to reinforce each other.  On PRIME,
dynamic verification is used to ensure that 
one user's information cannot become available to another
user gratuitously even in the presence of a 
single hardware or software fault.the amount of additional
hardware and software required for dynamic 
verification can be modest.
CACM November, 1973
Fabry, R. S.
