[cap-talk] Language-based safety - MMP - reading
Jed at Webstart
donnelley1 at webstart.com
Thu Nov 18 01:37:07 EST 2004
At 01:37 PM 11/17/2004, Wes Felter wrote:
>On Nov 15, 2004, at 7:40 PM, Jed Donnelley wrote:
>
>>Of course it's an interesting question to ask whether there might be some
>>instruction set architecture where Bob could still execute arbitrary code
>>and still be able to execute in the same hardware domain as Alice. It
>>would seem that whatever mechanism is used for Java or E should suffice
>>in hardware (I'm guessing here) if that were practical, so I guess the
>>theoretical answer is "yes", but there may be some distance between the
>>theoretical and the practical.
>
>Consider Mondriaan memory protection: http://www.cs.utexas.edu/users/witchel/
I'm started down that investigative path, but haven't found anything yet to
suggest that MMP would make the ability to execute arbitrary code possible
within a process that includes separate protection domains in separate
modules. I read much of:
http://www.cag.lcs.mit.edu/scale/papers/mmp-asplos2002.pdf
along those lines, though I skipped much of the detail with regard to
implementing MMP that didn't seem relevant.
The MMP line of though seems to be related to Single-address space
operating systems (SASOSes),
so I think I will pursue them together as time allows.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list