On Mon, 28 Dec 1998, Norman Hardy wrote:
> See <http://www.mediacity.com/~norm/CapTheory/Covert.html> on my covert
> channel notes for tonight.
We can approach the problem from the other end, too. The "intractable" confinement problem is obviously and easily solved by running the confined program and the covert observer on separate machines without any network connectivity between them.
An obvious refinement of this idea is to provide completely logically separated virtual machines on the same machine -- partitioning computing, disk bandwidth, and memory in inflexible, fixed ways. (Perhaps 10 of every 100 ms of CPU time goes to the confined program, whether it needs it or not.) This is essentially what you describe with your small-bank trick, but you describe more efficient (and potentially more fallible) variations.
A more difficult problem, perhaps, is maintaining this same isolation in a distributed environment. Traditional computer networking protocols don't support timeslicing very well. :)
-- <firstname.lastname@example.org> Kragen Sitaker <http://www.pobox.com/~kragen/> [around 1998-12-23], it is amazing to watch fear and loathing and greed at play with the more speculative Internet stocks. To call this a tulip craze would be a vast understatement. -- Adam Rifkin, <email@example.com>