Re: To Jonathan [readonly?]

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: To Jonathan [readonly?]

From:	Pierre THIERRY
Subject:	Re: To Jonathan [readonly?]
Date:	Tue, 9 Jan 2007 04:24:19 +0100
User-agent:	Mutt/1.5.13 (2006-08-11)

Scribit Anton Tagunov dies 09/01/2007 hora 05:38:
> Can we design capabilities in such a way that reading a memory region
> holding them would give no benefit to the reader?

Not per se.

> Can they somehow be "tied" to the process holding them?
> 
> For instance the process would have an int key known only to kernel
> and the capability would include a XOR of main part of it with this
> key?

You can achieve this reliably with the help of a reference monitor, if I
understand correctly your goal.

There is a very short and clear description of it's principle in some
documentation about KeyKOS:

http://www.cis.upenn.edu/~KeyKOS/Security.html

> P.S. Sorry for spawning 2 threads of discussion.  I think both of my
> "To Jonathan" threads are promising avenues for thinking.

You sould probably try to use more specific subjects for your emails.

Quickly,
Pierre
-- 
address@hidden
OpenPGP 0xD9D50D8A

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

To Jonathan [readonly?], Anton Tagunov, 2007/01/08
- Re: To Jonathan [readonly?], Pierre THIERRY <=

Prev by Date: Re: A wiki? [A design guideline]
Next by Date: Re: To Jonathan [backdoor]
Previous by thread: To Jonathan [readonly?]
Next by thread: Back door design
Index(es):
- Date
- Thread