[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Translucent storage: design, pros, and cons
From: |
Jonathan S. Shapiro |
Subject: |
Re: Translucent storage: design, pros, and cons |
Date: |
Fri, 12 Jan 2007 10:59:55 -0500 |
On Fri, 2007-01-12 at 15:41 +0100, Tom Bachmann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jonathan S. Shapiro schrieb:
> > Translucent storage does not undermine confinement at all, so your
> > supposition is mistaken.
>
> But there is no constructor needed to confine a program.
Why do you believe this?
> As I understand it, the constructor serves as a trusted "mediator", that
> allows to check the confinedness without constructing the process (in
> non-translucent designs), that is, to run a program that is untrusted
> without risking leakage, and without inspecting it.
In EROS/Coyotos, this is true. Actually, it is a certifier, not a
mediator (the constructor does not remain in the loop after creation).
However: you ignored the other thing I said. Simply having a common
place to encapsulate these algorithms is a sufficient reason to have a
constructor.
--
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100
- Re: Translucent storage: design, pros, and cons, (continued)
- Re: Translucent storage: design, pros, and cons, Sam Mason, 2007/01/11
- Re: Translucent storage: design, pros, and cons, Marcus Brinkmann, 2007/01/11
- Re: Translucent storage: design, pros, and cons, Jonathan S. Shapiro, 2007/01/11
- Re: Translucent storage: design, pros, and cons, Jonathan S. Shapiro, 2007/01/11
- Re: Translucent storage: design, pros, and cons, Jonathan S. Shapiro, 2007/01/11
- Re: Translucent storage: design, pros, and cons, Marcus Brinkmann, 2007/01/11
- Re: Translucent storage: design, pros, and cons, Jonathan S. Shapiro, 2007/01/11
- Re: Translucent storage: design, pros, and cons, Tom Bachmann, 2007/01/12
- Re: Translucent storage: design, pros, and cons, Jonathan S. Shapiro, 2007/01/12
- Re: Translucent storage: design, pros, and cons, Tom Bachmann, 2007/01/12
- Re: Translucent storage: design, pros, and cons,
Jonathan S. Shapiro <=
- Re: Translucent storage: design, pros, and cons, Tom Bachmann, 2007/01/12
- Re: Translucent storage: design, pros, and cons, Jonathan S. Shapiro, 2007/01/12
- Re: Translucent storage: design, pros, and cons, Tom Bachmann, 2007/01/12
- Re: Translucent storage: design, pros, and cons, Jonathan S. Shapiro, 2007/01/12
- Re: Translucent storage: design, pros, and cons, Tom Bachmann, 2007/01/12
- Program instantiation (was: Re: Translucent storage: design, pros, and cons, Marcus Brinkmann, 2007/01/12
- Re: Program instantiation (was: Re: Translucent storage: design, pros, and cons, Jonathan S. Shapiro, 2007/01/14
- Re: Program instantiation (was: Re: Translucent storage: design, pros, and cons, Marcus Brinkmann, 2007/01/15
- Re: Program instantiation (was: Re: Translucent storage: design, pros, and cons, Jonathan S. Shapiro, 2007/01/15
- constructor daemon vs. constructor library, Neal H. Walfield, 2007/01/15