[cap-talk] C vs. Safety
David-Sarah Hopwood
david.hopwood at industrial-designers.co.uk
Sun Aug 10 21:09:05 CDT 2008
Baldur Johannsson wrote:
> so is an KeyKos domain (the 2nd vm in your example)
> running an staticly type checked program more safe and secure than an
> domain that is just running an program that hasnt been subjected to
> static type checking?
> If yes then why?
Yes. It is able to enforce stronger safety properties (that may not
be enforceable assuming only the security of the underlying KeyKOS
system), and can enforce them at a finer granularity than would be
practical by splitting the program into multiple KeyKOS (or similar)
domains.
--
David-Sarah Hopwood
More information about the cap-talk
mailing list