[cap-talk] Communicating conspirators, MLS, and the Boebert attack
Karp, Alan H
alan.karp at hp.com
Fri Jul 21 11:11:39 EDT 2006
Jed wrote:
>
> It's kind of difficult for me to imagine a capability system
> without some such facility. Do I understand you to be
> arguing, Alan, that it's such a facility that gives rise to
> the applicability of the Boebert attack? Do you imagine
> some sort of more pure capability system in which there
> is no means (perhaps other than direct messages??) for
> storing capabilities? I don't think even that makes any
> difference for Boebert, but I'd be interested to learn of
> such systems.
>
The simplest example is virtual memory. The page table is equivalent to
the c-list, mapping virtual addresses to physical memory. Processes
create new entries by malloc(). Processes remove entries by free().
Processes share entries with shmalloc(). Processes have no means to
access the page table directly to move entries around. I believe that
hardware c-lists work the same way, but after misunderstanding what DVH
meant by "directories", I'm no longer sure.
_________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 423 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20060721/6cda47f5/attachment.vcf
More information about the cap-talk
mailing list