<p>Design principles are one of the most advocated ideas in software construction, but they are rarely systematically applied. They are particularly critical in se-cure, reliable systems. EROS, an operating system built from the ground up, provides formally verifiable security, practical reliability, and high performance. This article describes the primary design principles on which EROS is built, the impact these principles had on the design, the application structure that naturally emerged from the resulting system, and the how this affected the system's security and testability.</p>
Jonathan S. Shapiro, Norm Hardy, "EROS: A Principle-Driven Operating System from the Ground Up", IEEE Software, vol. 19, no. , pp. 26-33, January/February 2002, doi:10.1109/52.976938
