On 22:36 Mon 27 Apr, Norman Feske wrote:

> > This leads to the following question: can the server refuse to close a
> > session?
>
> yes, a server may ignore the session-close request. Servers that are
> used by clients of different security levels (e.g., the nitpicker GUI
> server that serves both untrusted clients and security-critical clients
> at the same time) must be designed and implemented with special care.
> Besides the correct response to session-close requests, another
> consideration is the adherence to the security policy as configured by
> the parent. The mere fact that a server is a child of its parent does
> not imply that the parent won't need to trust it in some respects.
>
> In cases where is not viable to trust the server (e.g., because the
> server is based on ported software that is too complex for thorough
> evaluation), certain security properties such as the effectiveness of
> closing sessions could be enforced by a small (and thereby trustworthy)
> intermediate server that sits in-between the real server and the client.
> This intermediate server would then effectively wrap the server's
> session interface.

Thanks for the detailed clarification!

--prashanth

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
genode-main mailing list
genode-main@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/genode-main

Reply via email to