[cap-talk] kernel object knowledge
Charles Landau
clandau at macslab.com
Wed May 30 13:03:01 EDT 2007
At 1:56 PM -0400 5/29/07, Jonathan S. Shapiro wrote:
>On Tue, 2007-05-29 at 00:04 -0700, Jed Donnelley wrote:
>> Do some
>> objects (e.g. those for active entities like processes) need
>> to be implemented by (known about, supported by) the 'kernel'
>> (globally trusted code)?
>
>Yes, though not necessarily because of membranes. In a non-cryptographic
>capability system, in the absence of hardware protection, any object
>that
directly
>stores capabilities must be implemented by the kernel to ensure the
>type partition that assures safety. Typically these objects will
>include Processes, Endpoints (or equivalent) and whatever mechanism
>supports address spaces.
In KeyKOS, Processes store capabilities only in Nodes (for example,
the key registers node). The kernel must implement Nodes, but need
not implement Processes (at least, not for that reason).
More information about the cap-talk
mailing list