Rights Amplification

Marcus Brinkmann marcus.brinkmann at ruhr-uni-bochum.de
Thu Jun 16 01:48:21 CEST 2005

At Wed, 15 Jun 2005 17:48:29 +0200,
Alexander Warg <alexander.warg at os.inf.tu-dresden.de> wrote:
> I think, if we have a way for cheap temporary mappings of capabilities
> the compare is more flexible, however if we havn't we should consider
> doing the compare during IPC by giving a local capability to compare to
> in the receive and getting the compare result in the message.

It's not quite the same because then you would have to know in advance
which capability the user will likely provide.  In Espen's model, the
two capabilities only need to have the same owner to make the
translation happen.

This limits the usefulness of the optimization to do the cmp during IPC.

I am not sure what type of optimizations would be possible within the
L4.sec model.  It seems to be a difficult problem.  Because L4.sec has
multiple possible receivers, it doesn't have a single owner to
validate a translation efficiently (that's why you don't really want a
lookup, but "just" a comparison).  But from the point of view of a
user, Espen's ID objects, at least in isolation, seem to be all-around
easier to use and likely more efficient (in fact, close to optimum,


More information about the l4-hackers mailing list