At 10:26 PM -0500 12/29/98, Kragen Sitaker wrote:
>On Mon, 28 Dec 1998, Norman Hardy wrote:
>> See <http://www.mediacity.com/~norm/CapTheory/Covert.html> on my covert
>> channel notes for tonight.
>We can approach the problem from the other end, too. The "intractable"
>confinement problem is obviously and easily solved by running the
>confined program and the covert observer on separate machines without
>any network connectivity between them.
>An obvious refinement of this idea is to provide completely logically
>separated virtual machines on the same machine -- partitioning
>computing, disk bandwidth, and memory in inflexible, fixed ways.
>(Perhaps 10 of every 100 ms of CPU time goes to the confined program,
>whether it needs it or not.) This is essentially what you describe
>with your small-bank trick, but you describe more efficient (and
>potentially more fallible) variations.
[+]The above gedankin experiment is typical of how I generate many ideas. Problems (such as confinement) are often dismissed is infeasible when they are routinely solved in similar environments!
>A more difficult problem, perhaps, is maintaining this same isolation
>in a distributed environment. Traditional computer networking
>protocols don't support timeslicing very well. :)
[+]Yes. SONET <http://www.mediacity.com/~norm/SONET.html> is a minimal communications multiplexing protocol. It is the ultimate reserved capacity scheme. A typical failure mode is to deliver data to the wrong party however. Bad for security.
<http://www.mediacity.com/~norm/CapTheory/DiscreetProxy.html> addresses a limited form of distributed confinement.
Norman Hardy <http://www.mediacity.com/~norm>