Re: Translucent storage: design, pros, and cons

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Translucent storage: design, pros, and cons

From:	Jonathan S. Shapiro
Subject:	Re: Translucent storage: design, pros, and cons
Date:	Fri, 12 Jan 2007 10:59:55 -0500

On Fri, 2007-01-12 at 15:41 +0100, Tom Bachmann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Jonathan S. Shapiro schrieb:
> > Translucent storage does not undermine confinement at all, so your
> > supposition is mistaken.
> 
> But there is no constructor needed to confine a program.

Why do you believe this?

> As I understand it, the constructor serves as a trusted "mediator", that
> allows to check the confinedness without constructing the process (in
> non-translucent designs), that is, to run a program that is untrusted
> without risking leakage, and without inspecting it.

In EROS/Coyotos, this is true. Actually, it is a certifier, not a
mediator (the constructor does not remain in the loop after creation).

However: you ignored the other thing I said. Simply having a common
place to encapsulate these algorithms is a sufficient reason to have a
constructor.
-- 
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Translucent storage: design, pros, and cons, (continued)

Prev by Date: Re: Translucency counterexample
Next by Date: Re: Translucency counterexample
Previous by thread: Re: Translucent storage: design, pros, and cons
Next by thread: Re: Translucent storage: design, pros, and cons
Index(es):
- Date
- Thread