[cap-talk] Secure Restart or Trusted Recovery?

Valerio Bellizzomi devbox at selnet.org
Fri Jan 5 16:00:21 CST 2007 

On 04/01/2007, at 18.33, Jed Donnelley wrote:

>At 05:35 PM 1/4/2007, Valerio Bellizzomi wrote:
>>On 04/01/2007, at 19.52, Jonathan S. Shapiro wrote:
>>
>> >On Fri, 2007-01-05 at 01:11 +0100, Valerio Bellizzomi wrote:
>> >> On 04/01/2007, at 9.34, Jonathan S. Shapiro wrote:
>> >>
>> >> >On Thu, 2007-01-04 at 10:54 +0100, Neal H. Walfield wrote:
>> >> >> Is what you describe as secure restart essentially trusted
>recovery?
>> >> >> Is there any reason for the term rotation?
>> >> >
>> >> >I believe the two terms mean the same thing. Some of the KeyKOS
>> >> >terminology came out of the IBM world, which never shared a lexicon
>>with
>> >> >the rest of the world. Not sure if this is an example or not.
>> >>
>> >> Are we talking about "whole system+application restart" or only
>"kernel
>> >> restart" ?
>> >
>> >Definitely whole system. Whether applications are recovered or
restarted
>> >depends on the system, of course...
>>
>>Of course :)
>>In my understanding "recovery" comes after kernel restart, but this may
>>not be the case after a disk crash.
>>I think the term "recovery" is too much general, there are a variety of
>>ways for doing a recovery. The term "restart" is more appropriate in
this
>>case.
>
>I'm hesitant to get involved in this Restart/Recovery thread given my
heavy
>involvement in some other threads, but I'll mention some terminology
>we used for our NLTSS system (from memory ;-):
>
>1.  Cold start - build only an initial set of systems processes as if
>after a base system build to the disk.  Fairly safe, but of course even
>the code for the kernel and the base system processes could have
>been corrupted on disk.
>
>2.  Warm start - recover all processes that have no components
>in memory.  Process state is checked for minimal consistency
>(e.g. memory mapping, etc. when pulled in from disk - this happens
>in any case).  Processes that had contents in memory are faulted.
>Processes whose state was entirely on the disk can begin to run.
>
>This "recovery" might be considered to do it's best to check
>and recover from process state on disk.

I know the two terms above differently:

Cold start: when the machine has power turned off, load OS after machine
power on,
and
Warm start: when the machine has power turned on, load OS after machine
reset.


val

More information about the cap-talk mailing list