Re: MS Singularity - singularly impossible?

[Florian Weimer <fw () deneb enyo de>]

* Dude VanWinkle:

> 4: ) The closed API invariant: The API between a
> process and the system must maintain the fixed
> code, state isolation, and explicit communication
> invariants.

> My question is the usage of the word "cannot" in the 4 above
> invariants.

You mean how the invariant is enforced?  A sufficiently advanced type
system could do this.  But as far as I can tell, the invariants only
apply to the Singularity API, not to APIs created by applications.
This means that one manual (or assisted) proof is sufficient to show
that an invariant holds.

On the other hand, writing secure *applications* for the system is not
made easier.  For all we know, on top of the kernel, there could be
personalities that export a traditional Linux or Windows API.

> How would this be possible? would everything be considered .text?

Singularity uses a trusted compiler, much like the Burroughs MCP
system.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.