Outside the mainframes, the survivors are IBM i (System/38 descendant), HP NonStop, Boeing SNS Server, BAE's STOP OS on XTS-400/500, and maybe Aesec's GEMSOS. That's not many... And B5000 blew my mind as well: so far ahead of its time then, even now somewhat, that I can't see how they came up with it given designs of the time. Must have had a time machine that gave them brief glimpses into the future of computer science or at least one real wizard on the team. Occam's Razor is clearly no fun here. ;) The System/38 architecture was also brilliantly designed in that it chose right tradeoffs to have much robustness plus being very practical. Both described here [1] in detail with others.
There are new projects copying some of the lessons learned such as Sandia Secure Processor (SSP/Score), SAFE (crash-safe.org), CHERI (Cambridge), and quite a number of academic/proprietary works. I suggested on Schneier's blog we could do what Geer thought was impossible by straight up copying the old NonStop architecture (published in detail) while swapping legacy CPU's for security-enhanced variants like above w/ extra I/O security. Five 9's, linear scaling, immunity to most attacks, and support for higher-level languages. I'll take 10! In theory, it might get down to a few grand a unit for each logical processor with careful management of development costs & sacrificing multicore for first generation. Be a nice root of trust for other systems security, administration, and recovery needs.
There are new projects copying some of the lessons learned such as Sandia Secure Processor (SSP/Score), SAFE (crash-safe.org), CHERI (Cambridge), and quite a number of academic/proprietary works. I suggested on Schneier's blog we could do what Geer thought was impossible by straight up copying the old NonStop architecture (published in detail) while swapping legacy CPU's for security-enhanced variants like above w/ extra I/O security. Five 9's, linear scaling, immunity to most attacks, and support for higher-level languages. I'll take 10! In theory, it might get down to a few grand a unit for each logical processor with careful management of development costs & sacrificing multicore for first generation. Be a nice root of trust for other systems security, administration, and recovery needs.
[1] http://homes.cs.washington.edu/~levy/capabook/index.html
[2] https://www.schneier.com/blog/archives/2014/04/dan_geer_on_h...