[cap-talk] solve CSRF by making references unforgeable, not unshareable

Karp, Alan H alan.karp at hp.com
Thu Mar 26 11:37:07 EDT 2009


> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org [mailto:cap-talk-
> bounces at mail.eros-os.org] On Behalf Of lists at notatla.org.uk
> Sent: Thursday, March 26, 2009 2:38 AM
> To: cap-talk at mail.eros-os.org
> Subject: Re: [cap-talk] solve CSRF by making references unforgeable,
> not unshareable
> 
> "Karp, Alan H" wrote,
> 
> > One of Jed Donnelley's systems (DCCS?) encrypted sparse
> > capabilities with a key not available to the process holding
> > them in order to prevent leakage when people read dumps.
> 
> If something's not sparse what stops someone changing it?

They are sparse capabilities.
> 
> I thought that was the idea beind encrypting the tokens
> in this example.
>     http://nob.cs.ucdavis.edu/bishop/secprog/robust.html

The string "encr" doesn't show up on that page.

> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp




More information about the cap-talk mailing list