On Fri, 2005-10-07 at 13:05 +0200, Simon Nieuviarts wrote: > > I think anything protected by sparsity is fundamentally flawed and > > unacceptable, especially for something as critical as the kernel. > > > > Of course I'm not the one whose acceptance it needs, though. ;-) > > Hi, > > I don't know the typical probability of a logical gate to erroneously > flipping > a bit.
It depends on the wattage of the hair dryer you point at it. A paper was published two years ago investigating hairdryer-induced heat for the Java security model. The outcome is quite bad, and it appears to apply to runtime-based security in general. The bad part isn't the hair dryer. The bad part is that a single bit error is enough to compromise the entire runtime-based security model. Random particle hits generate single bit errors in your computer several times a year. > But I consider that if the the probability of such an hardware error > is higher than the probability of a false sparsity match, then relying on > this sparsity may be a right choice. Hopefully, my previous note will lead you to reconsider this. > Anyway, not relying on sparsity at all (if possible) is still a better > design. > I'm not yet familiar enough with capabilities to know if it is possible. It is better, and it is possible, and there are several working systems that show how to do it. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
