[coyotos-dev] Binary naming
Jonathan S. Shapiro
shap at eros-os.com
Fri Apr 11 11:52:01 CDT 2008
On Fri, 2008-04-11 at 12:48 -0400, Jonathan S. Shapiro wrote:
> This is a mental model issue. As administrator, your job is to allocate
> resource pools to users. You have visibility into the consumption of
> those pools, the ability to limit that consumption, and the ability to
> change the limit.
I should have added something in order to emphasize this point:
You have visibility into resource consumption in aggregate. You do NOT
have visibility into resource use.
There is a very strong separation between authority to allocate and
authority to examine in KeyKOS/EROS/Coyotos. The fact that you control a
resource pool allows you to revoke the resources that have been
allocated from that pool, but it does not give you the authority to
examine the current content of those resources.
It's both a separation of concerns issue and a security issue.
shap
More information about the coyotos-dev
mailing list