[ge-talk] Security services provided by OS
Adrian Sanabria
adrian.sanabria at gmail.com
Tue Jan 9 21:30:26 EST 2007
Sure, but wouldn't you be incurring extra overhead for each virtualization
instance? What would the total impact then be on a running system? 10%? 20%?
--Adrian
On 1/9/07, Danny Robson <danny at blubinc.com> wrote:
>
> Zenja Solaja wrote:
> > Protection #2 (prevent application from destroying files) actually has a
> > very simple solution which no OS really uses, which is quite puzzling.
> > Simply restrict the application from only modifying files in its current
> > directory or lower, but never higher.
>
> A slightly more hardcore approach which I kind of like is that of
> Solaris Zones, essentially a similar though much more lightweight
> approach to virtualisation.
>
> What protection #2 seems to lead to, at least in my mind, is basically
> giving each application a rather small, spartan system on which to run.
> Why not extend this to virtualising the hardware, or pretty much any
> resource which we have access to? Each application can have it's own
> private data store in it's own space and mount any public stores for
> globally visible data.
>
> If we get virtualisation correct then you've limited the potential scope
> for breaches quite a lot, IMHO.
>
> - Danny
>
>
>
> _______________________________________________
> glasselevator-talk mailing list
> glasselevator-talk at bug-br.org.br
> http://www.bug-br.org.br/mailman/listinfo/glasselevator-talk
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.bug-br.org.br/pipermail/glasselevator-talk/attachments/20070109/a9b7642e/attachment.html
More information about the glasselevator-talk
mailing list