Capability integrity and application's identity
norman.feske at ...1...
Wed Jan 20 15:11:52 CET 2016
welcome to the mailing list!
> is there any mechanism to ensure the integrity of a capability?
The integrity of capabilities is protected if the underlying kernel
supports this. This is the case for base-hw, base-nova, base-foc, and
base-sel4 (a few corner cases notwithstanding). On base-linux and the
traditional L4 kernels, capabilities remain unprotected. Here a
capability is represented by a plain number, which can naturally be forged.
On kernels with capability support, each capability is represented by a
distinct kernel object. Even though the user land can create those
objects, it has no means to manipulate those kernel objects directly. A
kernel object can be manipulated only via the kernel interface (e.g., by
telling the kernel to delegate a capability to another protection
domain). The kernel ensures that all its operations preserve the
integrity of the capabilities.
> i read in the book about the identity but it is still not clear to me.
> could i use this identity to authenticate the connection between tow
> application in my platform or even in remote one instead of the port or
> IP address.
No. As Genode capabilities are protected by the underlying kernel (at
best), the protection is limited to the bounds of the machine the kernel
is running on.
Dr.-Ing. Norman Feske
http://www.genode-labs.com · http://genode.org
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
More information about the users