Capbility Concepts

[Jonathan S. Shapiro]

> I am unclear about the meaning of "The password can apply to the entire
> capability.". I presume that by "password capability system" you mean one
> where all the bits are visible to the program, be they UIDs or "secret
pass
> phrase".

I meant that the object identity need not be kept in the clear. The password
(or secret key) can protect both the object identity and the permissions
bits.

> Trying to reconstruct the Monash magic years later it occurred to me that
a
> program confined by the XOR trick would be likely to have the same
> capability C in the form C and also C xor S. This would reveal likely
> candidates for S, the confining secret.
> Is the Monash magic online somewhere that you know of?

Only the Pose paper. However, note that the value C xor S is never present
in application memory in that design. Therefore, I believe this is not a
problem.

shap