Re: Translucent storage: design, pros, and cons

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Translucent storage: design, pros, and cons

From:	Tom Bachmann
Subject:	Re: Translucent storage: design, pros, and cons
Date:	Fri, 12 Jan 2007 15:41:48 +0100
User-agent:	Thunderbird 1.5.0.9 (X11/20061231)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jonathan S. Shapiro schrieb:
> Translucent storage does not undermine confinement at all, so your
> supposition is mistaken.

But there is no constructor needed to confine a program. So confinement
is not a property of the constructor at all, now.
As I understand it, the constructor serves as a trusted "mediator", that
allows to check the confinedness without constructing the process (in
non-translucent designs), that is, to run a program that is untrusted
without risking leakage, and without inspecting it.
- --
- -ness-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFp54svD/ijq9JWhsRAj0OAJ9QLMwqHHXFcRzB3SJbI9Gi1IIQIACfW9BV
ypqR61mBz+hHZViC0hpa1gE=
=s/vz
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Translucent storage: design, pros, and cons, (continued)

Prev by Date: Re: Translucent storage: design, pros, and cons
Next by Date: Re: Translucency counterexample
Previous by thread: Re: Translucent storage: design, pros, and cons
Next by thread: Re: Translucent storage: design, pros, and cons
Index(es):
- Date
- Thread