By: ⚛ (0xe2.0x9a.0x9b.delete@this.gmail.com), June 30, 2022 12:08 am
Room: Moderated Discussions
Kester L (nobody.delete@this.nothing.com) on June 29, 2022 1:49 pm wrote:
> https://queue.acm.org/detail.cfm?id=3534854
>
>
>
> Your thoughts on this article? I was under the impression that a lot of the 80s attempts
> at capability machines (or really, anything that wasn't trying to be a glorified PDP-11)
> floundered because of performance and cost issues (i.e. the Intel i432).
It is possible to achieve program safety of any complexity purely in software, without any special hardware support for the safety guaranties, in the design of a secure operating system. Thus, from a theoretical viewpoint, it is completely unnecessary to implement any kind of security feature directly in hardware (hardware support for capabilities ... or even hardware support for virtual memory protection).
The article's claim that "linear address space as a concept is unsafe at any speed" is false, because theory guarantees that there always exists a particular minimum "speed" (i.e: minimum cost, minimum slowdown) upwards of which the concept of a linear address space can be used to implement a safety guarantee of any particular complexity, via mechanisms implemented purely in software. Obviously, the minimum "speed" (i.e: cost, slowdown) depends on the complexity/definition of the safety features.
-atom
> https://queue.acm.org/detail.cfm?id=3534854
>
>
> The linear address space as a concept is unsafe at any speed, and it badly needs mandatory CHERI
> seat belts. But even better would be to get rid of linear address spaces entirely and go back to
> the future, as successfully implemented in the Rational R1000 computer 30-plus years ago.
>
>
> Your thoughts on this article? I was under the impression that a lot of the 80s attempts
> at capability machines (or really, anything that wasn't trying to be a glorified PDP-11)
> floundered because of performance and cost issues (i.e. the Intel i432).
It is possible to achieve program safety of any complexity purely in software, without any special hardware support for the safety guaranties, in the design of a secure operating system. Thus, from a theoretical viewpoint, it is completely unnecessary to implement any kind of security feature directly in hardware (hardware support for capabilities ... or even hardware support for virtual memory protection).
The article's claim that "linear address space as a concept is unsafe at any speed" is false, because theory guarantees that there always exists a particular minimum "speed" (i.e: minimum cost, minimum slowdown) upwards of which the concept of a linear address space can be used to implement a safety guarantee of any particular complexity, via mechanisms implemented purely in software. Obviously, the minimum "speed" (i.e: cost, slowdown) depends on the complexity/definition of the safety features.
-atom
