Is CodeZero really necessary or is it possible to use viengoos in embedded systems perhaps scaling back some services?
On Wed, Nov 4, 2009 at 1:01 AM,
<address@hidden> wrote:
Hi,
On Tue, Jul 28, 2009 at 08:37:36AM +0200, Bas Wijnen wrote:
> For me, supporting encapsulation is extremely important. It means
> that a user can start a program in a safe way. Even if the program is
> malicious, and somewhere on the system is an other malicious program
> which would like to work together with it, it is impossible because
> they cannot talk.
This is nice in theory, but doesn't really work in practice, because of
covert channels. All you can really do is make it more tricky, and limit
the rate at which the malicious components can communicate; but not
prevent it entirely. This makes me question whether it's even worthwhile
to try building a system around this...
Note that I do believe in limiting what potentially malicious programs
can do in the first place. I'm just sceptical about trying to prevent
cooperation between potentially malicious programs.
-antrik-