[an error occurred while processing this directive]
School of Computer Science & Engineering
University of New South Wales
Advanced Operating Systems
COMP9242 2002/S2
Next: Cool Stuff: Soft Timers[AD99]
Up: 14-hot
Previous: 14-hot
Subsections
Features:
- segregated capabilities,
- single-level store,
- persistence (via checkpointing),
- fast,
- mandatory access control,
- formal proof of confinement[SW00].
EROS is a re-design of KeyKOS[BFF$^+$92].
Clists form page table
- Limit propagation and support revocation of rights by:
- ``weak capabilities'':
- reading/writing any cap via a weak cap makes it R/O and
weak
- can obtain transitive read-only access
- indirection:
- Reference monitor (similar to L4 chief mediates
cap transfer
- inserts forwarding objects to capabilities
- implements security policy
- on change of policy can revoke caps by revoking forwarding object
Note: No data on cost of indirection for MAC.
Gernot Heiser
2002-11-07
[an error occurred while processing this directive]
