[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security models (was: A niche for the Hurd - next step: reality chec
From: |
Arne Babenhauserheide |
Subject: |
Re: Security models (was: A niche for the Hurd - next step: reality check) |
Date: |
Thu, 4 Dec 2008 19:28:23 +0100 |
User-agent: |
KMail/1.10.3 (Linux/2.6.25-gentoo-r7; KDE/4.1.3; x86_64; ; ) |
Hi Olaf,
Firstoff: Thank you!
This is information I hoped for!
Am Mittwoch 03 Dezember 2008 13:57:12 schrieb olafBuddenhagen@gmx.net:
> When a process needs the service of another process which deals with
> resources it has no access to itself -- say a powerbox -- it doesn't
> launch that process itself. Instead, it invokes the service from a
> process launched by another party. This way it has no access to the
> resources of that other process -- but the user who launched that other
> process does have control over it.
To a question we had offlist (the discussion continued, and I asked Neal for
an update, but he didn't yet get to explain his model in general): Can that
service request more memory when it runs out of memory (which it can give new
processes), and can it offer proper resource management, so users can't harm
each others performance?
> > Of course, the extension might not be implemented or the process might
> > not have permission to use it but then the process might refuse to run
> > in that case.
>
> In our model, a process has no means to refuse running. We have complete
> control over it, and we can make it believe whatever we want it to
> believe.
That's exactly the kind of system I want to run. Thank you for clearing it up!
[snip]
> Indeed, this is the real threat: We can't fool the server. If remote
> attestation becomes commonplace, Disney will be able to deny access by
> our non-treacherous system alltogether.
>
> That's why we need to fight the TPM stuff teeth an claw.
I couldn't have stated it better.
Thank you!
Arne
--
-- My stuff: http://draketo.de - stories, songs, poems, programs and stuff :)
-- Infinite Hands: http://infinite-hands.draketo.de - singing a part of the
history of free software.
-- Ein Würfel System: http://1w6.org - einfach saubere (Rollenspiel-) Regeln.
-- PGP/GnuPG: http://draketo.de/inhalt/ich/pubkey.txt
signature.asc
Description: This is a digitally signed message part.