[cap-talk] Polaris: Virus Safe Computing for Windows XP -needs, paper

[Karp, Alan H]

Jed Donelley wrote:
> 
> I accept the above and generally believe and support the
> notions below, but I think it important to point out that the
> paper that started the discussion is definitely *not* clear
> on these points.  As such it fails to forward many of the
> goals mentioned below.  I believe a brief statement could
> remedy this problem,
 
I agree, and I'll add something to that effect.
>                                                         An adequate
> restricted execution environment is possible with something as
> simple as a trap to process mechanism for anything that would
> otherwise be privileged or trap.  
 
If anyone knows of such a trap for Windows please let me know.  The best
I can figure out is to replace dlls, but that can be bypassed.
> 
> While one might argue that Polaris could implement some aspects
> of POLA without an underlying capability mechanism, it does at least
> require *some* mechanism that provides a working restricted execution
> environment.  Apparently XP doesn't provide an adequate mechanism.
> That should be pointed out and hopefully in such a way as to
> forward some of the above goals - rather than detract from them as
> it seems to me the current form of the paper does.
> 
I agree, and I'll add something to the paper.
 
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20041207/c9be8c29/KarpAlanH.vcf