[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: Jonathan S. Shapiro
Subject: Re: POSIX
Date: Wed, 26 Oct 2005 14:46:50 -0400

On Wed, 2005-10-26 at 17:49 +0200, Ronald Aigner wrote:
> Jonathan S. Shapiro wrote on 10/26/2005 05:28 PM this:
> > I have always failed to achieve the third part. If the actual number of
> > necessary configurations can be kept very small, I can see that a
> > statically preconfigured "safe subset" is possible. What I do not see is
> > how to efficiently build a similar thing dynamically, in a way that is
> > specific to the particular application that I am trying to run at the
> > moment. By the time my protection agent is done visiting all of the
> > necessary files, I have taken far longer than I can afford.
> Maybe I am missing something, but a concept which comes to my mind that
> could solve the third part, is a concept published in [1].
> [1] http://os.inf.tu-dresden.de/papers_ps/icdcs97.ps.gz Haertig,
> Reuther: "Encapsulating Mobile Objects" (ICDCS, 1997)

In my opinion, no. First, you should know that this is a great example
of a paper that failed to cite a great deal of relevant prior work. The
structure that it proposes for control is not new, and not particularly

The problem is not "how do we introduce the necessary control points".
The problem is: "how do we sufficiently automate the decision making to
make the necessary control automatable?" This is exactly the problem
that tripwire is trying to solve in a much simpler case, and generally
failing to automate well enough.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]