[cap-talk] Confinement Confusion (was: Communicating conspirators)
Mark S. Miller
markm at cs.jhu.edu
Tue Jul 18 10:11:24 EDT 2006
David Wagner wrote:
> Mark Miller writes:
>> I agree, but for the phrase "the *-property could also be viewed as an
>> approach to achieving bit-confinement". If X is a necessary step for achieving
>> Y, but not sufficient for achieving Y, then it seems strange and confusing to
>> me to say that Y is an approach for achieving X.
>
> It sounds like you are saying that the *-property is not sufficient
> to ensure bit-confinement. Can you explain that? As far as I know,
> if the *-property is faithfully followed at every level of the system,
> and applied to every system resource, then I suspect it is sufficient
> for bit-confinement (in the sense that High processes are confined and
> cannot leak bits to Low processes). Is that not the case?
I agree that the *-properties imply bit confinement. Similarly, If X is a
necessary step for achieving Y, then Y will imply X. If X not sufficient for
achieving Y, and X is meaningful by itself, then I still find it strange to
say that Y is an approach for achieving X. That seems backwards to me.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list