[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: To Jonathan [readonly?]
From: |
Pierre THIERRY |
Subject: |
Re: To Jonathan [readonly?] |
Date: |
Tue, 9 Jan 2007 04:24:19 +0100 |
User-agent: |
Mutt/1.5.13 (2006-08-11) |
Scribit Anton Tagunov dies 09/01/2007 hora 05:38:
> Can we design capabilities in such a way that reading a memory region
> holding them would give no benefit to the reader?
Not per se.
> Can they somehow be "tied" to the process holding them?
>
> For instance the process would have an int key known only to kernel
> and the capability would include a XOR of main part of it with this
> key?
You can achieve this reliably with the help of a reference monitor, if I
understand correctly your goal.
There is a very short and clear description of it's principle in some
documentation about KeyKOS:
http://www.cis.upenn.edu/~KeyKOS/Security.html
> P.S. Sorry for spawning 2 threads of discussion. I think both of my
> "To Jonathan" threads are promising avenues for thinking.
You sould probably try to use more specific subjects for your emails.
Quickly,
Pierre
--
address@hidden
OpenPGP 0xD9D50D8A
signature.asc
Description: Digital signature