[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Translucent storage: design, pros, and cons

From: Jonathan S. Shapiro
Subject: Re: Translucent storage: design, pros, and cons
Date: Fri, 12 Jan 2007 10:59:55 -0500

On Fri, 2007-01-12 at 15:41 +0100, Tom Bachmann wrote:
> Hash: SHA1
> Jonathan S. Shapiro schrieb:
> > Translucent storage does not undermine confinement at all, so your
> > supposition is mistaken.
> But there is no constructor needed to confine a program.

Why do you believe this?

> As I understand it, the constructor serves as a trusted "mediator", that
> allows to check the confinedness without constructing the process (in
> non-translucent designs), that is, to run a program that is untrusted
> without risking leakage, and without inspecting it.

In EROS/Coyotos, this is true. Actually, it is a certifier, not a
mediator (the constructor does not remain in the loop after creation).

However: you ignored the other thing I said. Simply having a common
place to encapsulate these algorithms is a sufficient reason to have a
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100

reply via email to

[Prev in Thread] Current Thread [Next in Thread]