[cap-talk] solve CSRF by making references unforgeable, not unshareable
Karp, Alan H
alan.karp at hp.com
Wed Mar 25 20:31:34 EDT 2009
David-Sarah Hopwood wrote:
> There is not much reason to make a capability representation both
> opaque and sparse: it would be redundant. However, there is nothing
> to prevent it.
One of Jed Donnelley's systems (DCCS?) encrypted sparse capabilities with a key not available to the process holding them in order to prevent leakage when people read dumps.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk