Key/Object equivalence?
Bryan Ford
baford@schirf.cs.utah.edu
Fri, 16 Dec 94 11:55:31 MST
>> A question to the KeyKOS people: How is key and/or object
>> equivalence handled in KeyKOS? Does KeyKOS provide a
>> way to compare two keys to see if they're identical?
>
>The generally available DISCRIM function will compare two
>keys for equality. It is mostly used by people doing debugging.
>
>> Is there a way to compare a key against a whole bunch of
>> other keys quickly, e.g. by taking some kind of hash function
>> of the bits that make up the key in the kernel?
>
>The KID (Key Indexed Directory) provides this kind of functionality.
>The only user is the FACTORY (which everyone uses). The factory
>uses it to remember the "holes" (places where the factory requestor's
>data can possibly leak to the factory builder).
Scanning through one of the KeyKOS papers again, I noticed
the "Keybits" object, which presumably is used to implement KIDs.
Are keys to this object generally available to most everything
in a KeyKOS system, or are they privileged? In other words,
is having read-only access to the actual bits comprising a key
considered a security threat in some situations?
Thanks!
Bryan