[cap-talk] membrane challenge - an Attack!

John C. McCabe-Dansted tmpusr67 at dansted.org
Thu Nov 18 03:22:38 EST 2004

On Thu, 18 Nov 2004 21:51, David Chizmadia (JHU) wrote:
>     Somewhere along the line, the sense of the membrane
> pattern has been inverted into being a way to confine a
> user of services. Given the assumption of a decentralized
> protection system, this seems like a completely wrong use
> of the membrane pattern (as I understand it). Involuntary
> use of the membrane will lead to attempts to bypass the
> membrane, which Jed has shown to be feasible.

When they were talking about confining Bob, I first assumed that they were 
talking about confining a process called Bob. IMHO, the inversion of 
membranes has become important due to the large amount of code running on 
modern systems which cannot be trusted. Unlike users, applets can and should 
be confined.

It does seem that in this case we cannot force Bob into a confined membrane, 
so we must instead put the membrane around Alice's services.

John C. McCabe-Dansted
Masters Student
Auckland University

More information about the cap-talk mailing list