Scribit Anton Tagunov dies 09/01/2007 hora 05:38: > Can we design capabilities in such a way that reading a memory region > holding them would give no benefit to the reader?
Not per se. > Can they somehow be "tied" to the process holding them? > > For instance the process would have an int key known only to kernel > and the capability would include a XOR of main part of it with this > key? You can achieve this reliably with the help of a reference monitor, if I understand correctly your goal. There is a very short and clear description of it's principle in some documentation about KeyKOS: http://www.cis.upenn.edu/~KeyKOS/Security.html > P.S. Sorry for spawning 2 threads of discussion. I think both of my > "To Jonathan" threads are promising avenues for thinking. You sould probably try to use more specific subjects for your emails. Quickly, Pierre -- [EMAIL PROTECTED] OpenPGP 0xD9D50D8A
signature.asc
Description: Digital signature
_______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
