[EROS-Arch] from email@example.com
Mark S. Miller
Fri, 17 Nov 2000 11:55:25 -0800
At 11:03 AM 11/17/00, Kragen Sitaker wrote:
>This is a fourth reason for verifying confinement: ... making sure that working software stays
>working, a system that can provide effective confinement can limit what
>software under test can possibly depend on.
I think you want the dual of confinement, Norm's "Durability"
http://www.cap-lore.com/CapTheory/KK/durability.html . A system that can
enforce confinement http://www.erights.org/elib/capability/factory.html can
usually be made to enforce durability as well.