[cap-talk] A better reference for the "capabilities propagate too easily" argument
Jed Donnelley
capability at webstart.com
Wed Aug 1 03:04:50 EDT 2007
At 09:12 AM 7/31/2007, Mark Miller wrote:
>On 7/30/07, Jed Donnelley <capability at webstart.com> wrote:
>...
> > After that time (say 1987) I know of no designs initiated
> > using capability access control until the attempt to
> > revive some of the KeyKOS concepts in EROS. When did
> > that work start? Late 1990s? Perhaps others can help
> > me out with references to capability based design work
> > that did start during this time period (1986 - 1996?)?
>
>Eden (85) / Emerald (87)
>W7 (95).
>J-Kernel (99)
>
>Ancestors of E: Vulcan, Agorics papers (86-88), Trusty Scheme at
>Autodesk (90?). Joule (90-96?), Webmart (93?), Original-E (95-98).
>
>I'm much less familiar with OS-based work,
Does that suggest that none of the above is OS work? Certainly
the 1995 date on the W7 work falls right near the middle of
what I was claiming as a low. Looking at the discussion of
W7 in your thesis it appears W7 is strictly language level
work. Even the work on Secure Network Objects seems to
be couched in a language context, though it certainly seems
to me to qualify as a network capability mechanism. It's
almost as if by hiding under the language umbrella capability
work could still be done.
>but what was happening at Monash U during this interval?
This:
Anderson M. (PhD 1987) - A Password Capability System
Cathro D. (MSc 1988) - An I/O Subsystem for a Multiprocessor
Chew C.E. (PhD 1992) - An InterBus Connection for a Capability Based
Multiprocessor
Pose R.D. (PhD 1992) - A Capability-Based Tightly-Coupled Multiprocessor
Castro M. (PhD 1996) - The Walnut Kernel: A Password-Capability Based
Operating System
Kopp C. (MSc 1997) - An I/O and Stream Inter-Process Communications
Library for a Password Capability System (PDF)
Harris R.J. (Hons) - Compiler Integration on the Walnut System
Smith S.E. (Hons 2003) - An Improved Object Store for the Walnut
Kernel (Website)
from: http://www.csse.monash.edu.au/~carlo/WALNUT/
suggests that the Monash OS work carried on through the
1990s. That this work was done in Australia is somewhat
suggestive of being independent of the US computer security
establishment. Still, I do find the above somewhat surprising
and I accept that it seems an exception to my suggestion.
>What about Grasshopper
Looks very interesting. I wasn't aware of Grasshopper before. Also not
in the US, but still seems to be an unabashedly capability system.
I'd be interested to see any efforts by the designers to justify the
use of capability access control for Grasshopper. Anybody know of any?
>and Chorus?
I remember Chorus as essentially a French competitor to Mach. It
started in period before the capability slam in the US and
seemed to stumble on much like with Mach but less successfully
I would say (?)
>How does the history of SPKI / SDSI relate?
I don't see how, but I'd be interested to hear the thoughts
of others on that.
>When did Client Utility start?
Alan says mid 1990s, e.g.:
http://www.hpl.hp.com/techreports/2002/HPL-2002-78.html
I need to spend some time with the Client
Utility papers as there may be some relationship to the
WebCVOS thoughts that I've been having recently.
Maybe Alan can describe the justification for the Client
Utility work in the face of damning criticisms of capabilities
at the time?
--Jed http://www.webstart.com/jed-signature.html
More information about the cap-talk
mailing list