bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DRM musings, capabilities and stuff


From: Piotras
Subject: Re: DRM musings, capabilities and stuff
Date: Sat, 13 Dec 2008 21:52:37 +0000

> One simple thing is when the administrator gives you memory that
> nobody else can access unless you give them capability for some part
> of the memory. The problem is that if you request a service from a
> system server you should provide the memory the service requires, and
> it is not apparent if it is good idea that you can read that memory at
> any time. And if you cannot you got DRM.

My understanding of this problem is that if we want to improve security
of the system, it would be necessary to implement memory that would
be allocated from user memory pool (memory accounted against this user)
that this user nor the system administrator can access. The unwanted
consequence is that it prevents debugging when the process to be
debugged doesn't cooperate and also it could be miss-used to implement
effective DRM.

But maybe we can modify the system so that the user could access this
memory if such request would be _approved_ by the system administrator.
This could enable debugging and also prevent effective DRM when user
and administrator act together.

I don't have any practical experience with secure systems, so perhaps
there are some problems with this idea. The problem I can think of
is that such feature could be removed from the system at later stage
(leading to re enabling effective DRM). Could the system license
prevent such modifications?


I think that providing foundation for improved security could attract
some developers to Hurd. Especially as we witness major operating
systems struggling with security problems.

To achieve this we could promote "defend in depth" principle. We could
use modular design with strict enforcement of interactions between
modules. Using capability microkernel may be the best foundation for
such design.


Regards,

Piotr




reply via email to

[Prev in Thread] Current Thread [Next in Thread]