funsec mailing list archives
Re: MS Singularity - singularly impossible?
From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 13 May 2007 10:26:25 +0200
* Dude VanWinkle:
4: ) The closed API invariant: The API between a process and the system must maintain the fixed code, state isolation, and explicit communication invariants.
My question is the usage of the word "cannot" in the 4 above invariants.
You mean how the invariant is enforced? A sufficiently advanced type system could do this. But as far as I can tell, the invariants only apply to the Singularity API, not to APIs created by applications. This means that one manual (or assisted) proof is sufficient to show that an invariant holds. On the other hand, writing secure *applications* for the system is not made easier. For all we know, on top of the kernel, there could be personalities that export a traditional Linux or Windows API.
How would this be possible? would everything be considered .text?
Singularity uses a trusted compiler, much like the Burroughs MCP system. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- MS Singularity - singularly impossible? Dude VanWinkle (May 12)
- Re: MS Singularity - singularly impossible? Florian Weimer (May 13)
- Re: MS Singularity - singularly impossible? Valdis . Kletnieks (May 13)
- Re: MS Singularity - singularly impossible? Florian Weimer (May 13)