bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security models


From: Arne Babenhauserheide
Subject: Re: Security models
Date: Fri, 12 Dec 2008 19:30:53 +0100
User-agent: KMail/1.10.3 (Linux/2.6.25-gentoo-r7; KDE/4.1.3; x86_64; ; )

Am Samstag 06 Dezember 2008 22:17:12 schrieb olafBuddenhagen@gmx.net:
> So you have offlist discussions, have you? I feel left out ;-)

The discussion stumbled offline since Michal accidently only answered to me 
and I wasn't sure if he just wanted to avoid spamming the list with DRM 
discussions... 

> > Can that service request more memory when it runs out of memory (which
> > it can give new processes), and can it offer proper resource
> > management, so users can't harm each others performance?
>
> Not sure what you mean exactly...

What I mean is: What happens if the request the user sends to the system 
process needs more memory than what's expected? 

Does the system process just say "this is the maximum buffer length, don't 
send me more", or is tehre some way it can increase the memory it has access 
to? 

(by the way: having a user process which manages a non-restricted buffer 
should give almost the same advantages as giving memory directly to the 
server, but without the drawbacks. And it should be painless, since you'll 
most likely access the system process through a library anyway, and the 
library can handle the buffering)

> As the service in this case has information that the client is not
> supposed to see directly, it can't use client-provided resources.
> Instead, it has to get its own resources from its own parent. (Thats a
> major difference from the Coyotos model.)

What does the service do if it runs out of memory? 

> Users should never be able to harm each other's performace in this
> model. All processes created by a user are descendands of the user
> session; the total resources available to the user will be subdivided
> among them, in a hierarchical manner.

How do the system processes fit into the picture? When I as user send a 
request to a system service then the service needs memory to process my 
request. How can we ensure that I don't take all the services memory with my 
requests? Will tehre be scheduling in the sstem services to ensure that i 
can't hog it? 

> > > Indeed, this is the real threat: We can't fool the server. If remote
> > > attestation becomes commonplace, Disney will be able to deny access
> > > by our non-treacherous system alltogether.
> > >
> > > That's why we need to fight the TPM stuff teeth an claw.
> >
> > I couldn't have stated it better.
>
> Really? That's surprising -- usually you are expressing the things I
> mean to say much better than I could do myself :-)

I tend to write too long sentences, and your text just hit the nail directly. 

It depends on people understanding "remote-attestation", but in this list that 
should be a given (it wasn't targeted to a general user), and it's an example 
which just fits extremely well. 

It got me instantly :) 

Best wishes, 
Arne
-- 
-- My stuff: http://draketo.de - stories, songs, poems, programs and stuff :)
-- Infinite Hands: http://infinite-hands.draketo.de - singing a part of the 
history of free software.
-- Ein W├╝rfel System: http://1w6.org - einfach saubere (Rollenspiel-) Regeln.

-- PGP/GnuPG: http://draketo.de/inhalt/ich/pubkey.txt

Attachment: signature.asc
Description: This is a digitally signed message part.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]