[cap-talk] Polaris: Virus Safe Computing for Windows XP -needs,
Karp, Alan H
alan.karp at hp.com
Tue Dec 7 10:55:22 EST 2004
Jed Donelley wrote:
> I accept the above and generally believe and support the
> notions below, but I think it important to point out that the
> paper that started the discussion is definitely *not* clear
> on these points. As such it fails to forward many of the
> goals mentioned below. I believe a brief statement could
> remedy this problem,
I agree, and I'll add something to that effect.
> An adequate
> restricted execution environment is possible with something as
> simple as a trap to process mechanism for anything that would
> otherwise be privileged or trap.
If anyone knows of such a trap for Windows please let me know. The best
I can figure out is to replace dlls, but that can be bypassed.
> While one might argue that Polaris could implement some aspects
> of POLA without an underlying capability mechanism, it does at least
> require *some* mechanism that provides a working restricted execution
> environment. Apparently XP doesn't provide an adequate mechanism.
> That should be pointed out and hopefully in such a way as to
> forward some of the above goals - rather than detract from them as
> it seems to me the current form of the paper does.
I agree, and I'll add something to the paper.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20041207/c9be8c29/KarpAlanH.vcf
More information about the cap-talk