[cap-talk] Reducing Ambient user authority in a Type Safe /Memory Safe OS.
Bill Frantz
frantz at pwpconsult.com
Sun Jan 17 10:54:43 PST 2010
marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) on Sunday, January 17, 2010 wrote:
>There is a lot
>of value in the Unix ideal that "everything is a file" (even if that ideal is
>not fully realized).
I agree. In KeyKOS, we took the view that, "Everything is an object". We
also defined some standard operations that objects should implement
<http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/Gnosis/180.html>, unless
there was some compelling reason why they should behave differently.
Space accounting in KeyKOS was through the Space Bank
<http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/Gnosis/62.html>. This
interface isn't ideal because you need to plan when designing objects in
order to later be able to find out how much space each component of an
object is using.
An even worse problem is learning what will be destroyed when a space bank
is zapped. A garbage collection system offers a solution to some of these
problems, but it comes with its own "mirror" problem, "What's hanging on to
all the space".
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"After all, if the conventional wisdom was working, the
408-356-8506 | rate of systems being compromised would be going down,
www.periwinkle.com | wouldn't it?" -- Marcus Ranum
More information about the cap-talk
mailing list