On 22:36 Mon 27 Apr, Norman Feske wrote: > > This leads to the following question: can the server refuse to close a > > session? > > yes, a server may ignore the session-close request. Servers that are > used by clients of different security levels (e.g., the nitpicker GUI > server that serves both untrusted clients and security-critical clients > at the same time) must be designed and implemented with special care. > Besides the correct response to session-close requests, another > consideration is the adherence to the security policy as configured by > the parent. The mere fact that a server is a child of its parent does > not imply that the parent won't need to trust it in some respects. > > In cases where is not viable to trust the server (e.g., because the > server is based on ported software that is too complex for thorough > evaluation), certain security properties such as the effectiveness of > closing sessions could be enforced by a small (and thereby trustworthy) > intermediate server that sits in-between the real server and the client. > This intermediate server would then effectively wrap the server's > session interface.
Thanks for the detailed clarification! --prashanth ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main