[cap-talk] Confinement Confusion
David Hopwood
david.nospam.hopwood at blueyonder.co.uk
Tue Jul 18 10:29:10 EDT 2006
David Wagner wrote:
> Mark Miller writes:
>
>>I agree, but for the phrase "the *-property could also be viewed as an
>>approach to achieving bit-confinement". If X is a necessary step for achieving
>>Y, but not sufficient for achieving Y, then it seems strange and confusing to
>>me to say that Y is an approach for achieving X.
>
> It sounds like you are saying that the *-property is not sufficient
> to ensure bit-confinement. Can you explain that? As far as I know,
> if the *-property is faithfully followed at every level of the system,
> and applied to every system resource, then I suspect it is sufficient
> for bit-confinement (in the sense that High processes are confined and
> cannot leak bits to Low processes). Is that not the case?
If you only have a single High label (or any total ordering of labels)
then you don't have the ability to confine multiple processes independently.
I would consider that to be essential for useful applications of any form
of confinement.
--
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the cap-talk
mailing list