[cap-talk] Video of Marc Stiegler's talk at Google : "The Lazy Programmer's Guide to Secure Computing"
David Wagner
daw at cs.berkeley.edu
Sat Apr 3 18:35:00 PDT 2010
Toby Murray wrote:
>Your/MarkM/Alan's definition must be interpreted relative to some
>substrate over which the communication is occurring. If we consider
>the substrate to be the underlying object-capability system, then the
>communication is in this example is overt because it uses only message
>sending. However, if we consider the substrate to be the DataDiode
>object, then the communication becomes covert (under your definition)
>because it uses (probably) undocumented features of DataDiode's
>implementation.
Good point. It had never occurred to me to analyze whether
a channel is overt or covert with respect to higher-level abstractions,
but I find your analysis persuasive. (I've snipped other parts that I
also agree with, because I think the paragraph above summarizes the
point in an especially concise and insightful way.) Thanks.
More information about the cap-talk
mailing list