[cap-talk] Reflections on capability levels and confinement trust
Marcus Brinkmann
marcus.brinkmann at ruhr-uni-bochum.de
Tue Dec 12 05:49:01 CST 2006
At Mon, 11 Dec 2006 23:27:37 -0800,
Jed Donnelley <capability at webstart.com> wrote:
> One could argue that nothing essential is added at the OS level as
> there have been a number of systems implemented that use network
> level capabilities at the OS level (e.g. the Monash systems, Amoeba,
> NLTSS to name a few). I think this understates the case for OS level
> capabilities. For example, I don't think any of those systems that
> adopt network level capabilities at the OS level support confinement
> (in Jonathan's sense - explicit confinement not including covert channels).
You seem to focus entirely on policy. But I don't think that's the
crucial aspect of OS capabilities. I think the crucial aspect is
performance. I am sure it is different at HP and other big companies,
but for many people in the world security policies are not even a
choice, let alone a goal. The main question is "what's cheap and gets
the job done?" and the answer to that determines everything else.
There are still question marks on both issues for capability systems.
I have heard from a professor in cryptography who told a bank that N
bits weren't safe anymore, that the bank's reply was: How about N+1?
Thanks,
Marcus
More information about the cap-talk
mailing list