[cap-talk] Confinement CC problem ??

Rob rmeijer at xs4all.nl
Tue Aug 8 04:16:44 EDT 2006 

>>>In my proposed design the capabilities are being locked down
>>>to a clearance level instead, allowing processes with capabilities on
>>>multiple clearance levels to somewhat move between the levels during
>>>their lifetime. The later results in a more natural way of programming
>>> and
>>>thus in shorter development times imho. An added bonus is as I stated
>>> that
>>>I believe it would allow the definition of a confinement subset of the
>>> CC
>>>problem.
>>
>> Sorry Rob, but try as I might I don't see it.  I guess this is one of
>> those
>> cases where I think we would really have to stand up at a white board
>> and scratch out a more detailed design before I'd get it.  Perhaps
>> others
>> can chime in here if any are following and might be able to contribute.
>
> I have made an attempt to get things into something of a big
> picture/detailed picture short document,
>
> http://www.xs4all.nl/~rmeijer/tsproxy/
>
> I've made the graphics link to the source graphviz dot files, I think
> these
> could effectively be used as an e-mail compatible white board.
> Maybe others could also look at this page to see if my aparently limited
> communication skills could maybe be reworded by someone to make a bit
> more clear what I am trying to bring across.
>
> Rob

The discussien seems to have died out. However it would I think be very
important if we could resolve the issue. If as I think we can indeed
define a confinement subset of the CC problem in a way as described
abouve, this could potentialy be a big step forward in getting cap design
accepted as alternative in governmental military and law enforcement
organisations. If on the other hand I am fundamentaly misguided in my
assumptions, I could stop wasting any more time in attempting to do so.

Please look at the abouve URL and try to understand what I am trying to
do and if the definition of a confinement subset of the CC problem would
indeed be possible in a way like this. This should be seperate from the
point if I actually succeed in this with my proposed tainting-*-proxy
patern. (Maybe its more of a membrane than a proxy).

Rob

Rob

More information about the cap-talk mailing list