[cap-talk] A dabblers take on security
William Pearson
wil.pearson at gmail.com
Thu Feb 7 06:45:37 EST 2008
On 06/02/2008, Jonathan S. Shapiro <shap at eros-os.com> wrote:
> William:
>
> It seems to me that there are two very early decisions that you need to
> make:
>
> 1. Are you planning a language-style capability system or an
> OS/hardware style capability system? The two involve very
> different sorts of design decisions.
OS/Hardware. I am actually looking more at the hardware. And I am
thinking at the moment of not having a separate address spaces per
process, although still having memory protection. Which probably
explains some of the difference in intuitions with regards to length
of capability.
> 2. Do you plan to admit an explicit object destroy operation?
> This has implications for capability invalidation.
There will be an object destroy operation. I see the problem. I'll do
some more reading and see what other people have come up with.
<snipped some interesting things with three letter acronyms I don't
understand at the moment, but might get a better idea about after
reading some more of eros's documentation>
Will Pearson
More information about the cap-talk
mailing list