[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Part 2: System Structure
From: |
Bas Wijnen |
Subject: |
Re: Part 2: System Structure |
Date: |
Thu, 25 May 2006 12:38:11 +0200 |
User-agent: |
Mutt/1.5.11+cvs20060403 |
On Thu, May 25, 2006 at 11:02:07AM +0200, Michal Suchanek wrote:
> >> I don't see how your proposal enables a process to check anything
> >> accurately and in a tamperproof way about it's environment. In your
> >> model, it is mandatory for a process to trust all of it's parents.
> >>
> >> In the ping or competition case, that's not possible.
> >
> >It is. The parent space bank is the user session, which is not under user
> >control.
>
> In your proposal the user can choose to run the program in opaque
> storage. But the administrator cannot choose to set up a program that
> can be run only in opaque storage to ensure its integrity (much like
> suid programs on unix).
He can. My proposal (which, for clarity, I'd prefer not to need. But if we
need opaque storage I think this is the way to implement it) makes opaque
storage possible. A constructor is simply a service which starts a program.
No special features are needed for it. A constructor which allows running on
opaque user provided storage of course needs a way for the user to provide
opaque storage (and for the constructor to check it). That's what the
proposal provides. Implementing a constructor around it which works identical
to constructors in Jonathan's proposal is trival.
Thanks,
Bas
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html
signature.asc
Description: Digital signature
- Re: Part 2: System Structure, (continued)
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/24
- Re: Part 2: System Structure, Pierre THIERRY, 2006/05/24
- Re: Part 2: System Structure, Tom Bachmann, 2006/05/24
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/25
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/25
- Re: Part 2: System Structure, Michal Suchanek, 2006/05/25
- Re: Part 2: System Structure,
Bas Wijnen <=
- Re: Part 2: System Structure, Pierre THIERRY, 2006/05/25
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/25
- Re: Part 2: System Structure, Marcus Brinkmann, 2006/05/24
- Re: Part 2: System Structure, Michal Suchanek, 2006/05/24
- Re: Part 2: System Structure, Marcus Brinkmann, 2006/05/24
- Re: Part 2: System Structure, Michal Suchanek, 2006/05/24
- Re: Part 2: System Structure, Marcus Brinkmann, 2006/05/24
- Re: Part 2: System Structure, Michal Suchanek, 2006/05/25
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/25
- Re: Part 2: System Structure, Pierre THIERRY, 2006/05/24