[cap-talk] Another "core" principle - Brinkmann
Jonathan S. Shapiro
shap at eros-os.com
Thu Dec 28 10:56:44 CST 2006
On Thu, 2006-12-28 at 02:32 +0100, Valerio Bellizzomi wrote:
> On 28/12/2006, at 1.32, Valerio Bellizzomi wrote:
>
> >On 27/12/2006, at 1.47, Jonathan S. Shapiro wrote:
> >
> >>On Sat, 2006-12-23 at 14:38 +0100, Marcus Brinkmann wrote:
> >>> * My personal model of capabilities is stricter than yours. For
> >>> example, I only allow capability delegation through authorized
> >>> channels, which exists in form of capabilities of course. So,
> >>> whenever a capability is communicated from A to B, I need a
> >>> capability that is used for that. Even if you think about
> >>> capability transfer in form of copying binary blobs of data...
> >>
> >>But of course, binary blobs of data are only transmitted over authorized
> >>channels as well.
> >>
> >>Let me re-introduce some terms, because some readers may not have them:
> >>
> >> read == read of data
> >> write == write of data
> >> take == read of capability
> >> grant == write of capability
> >
> >
> >How can we think about diminish-take ?
>
> If this is not clear, I am reposting to expand:
>
> 1. What is the general correspondence of diminish-take in the terms above
> ?
>
> 2. Is diminish-take an operation that weakens a write access to a read
> access in the taken capability ?
In the classic model, the access right "take" authorizes the operation
TAKE. TAKE (in caps) is an operation in the operational semantics. The
behavior of TAKE is to copy a capability.
Similarly, the (added) access right "diminish-take" authorizes the
operation DIMINISH-TAKE, whose
You can see the semantics be looking at:
http://www.eros-os.org/papers/oakland2000.ps
check the "fetch" operation in the lower table of page 7, but note that
the upper table gives preconditions for each operation.
The weaken() operation is defined at the bottom of page 3 in that paper.
In hindsight, it would have been clearer to handle "fetch" and "wkfetch"
as distinct operations in that paper, but we were trying to stay very
close to the actual KeyKOS implementation.
shap
--
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100
More information about the cap-talk
mailing list