[cap-talk] BitFrost : OLPC Security Architecture
Ian G
iang at systemics.com
Fri Feb 9 16:25:42 CST 2007
Toby Murray wrote:
> There are hints of CapDesk, Plash, Polaris and Capability-based OSes
> running through the following sections (the only parts of the doc I've
> read so far) which are pretty tantalising:
I asked that very question ... here is Ivan's reply:
-------- Original Message --------
Subject: Re: One Laptop per Child security
Date: Thu, 08 Feb 2007 21:56:19 -0800
From: Ivan Krstić <krstic at solarsail.hcs.harvard.edu>
Hi Ian,
Ian G wrote:
> Be patient ... there will be a lot to absorb. I skimmed
the document
> and was dissatisfied myself due to its very odd
formatting and lack of
> "what it really means" details....
How do I make it better? I'm really open to concrete
suggestions. It's an important document for us, and I'd like
it to be clear and for it to read well.
> One question: is Bitfront intentionally designed around
capabilities
> concepts? Or are the similarities accidental?
One of my slides at the RSA talk was "know your history",
and listed the Rice University Computer, the B5000, the BLI,
the Dennis and Van Horn supervisor, the PDP-1, the Chicago
Magic Number Machine, the CAL-TSS, System 250, CAP, Hydra,
StarOS, System/38 and iAPX 432. That should tell you about
where I found some of my inspiration :)
So no, the similarities are anything but accidental, but I
shy away from the terminology simply because large amounts
of the functionality sit on a blurry margin between
capabilities and permissions. The 'file open' dialog
certainly returns a capability on a particular file, but
it's more complicated with many of the other protections.
Cheers,
More information about the cap-talk
mailing list