On Wed Dec 31, 2003 at 19:31:01 -0500, Jonathan S. Shapiro wrote:
You aren't measuring the right times because you fail to consider application-level costs that are imposed by deficiencies in the kernel layer interface. The end to end time is the important time, and this must include mandated application-level costs.
Mungi, a password capability based system is able to provide its PDX mechanism at a very reasonable overhead, (I think around 70 extra cycles -- this is on IA64) on top of raw IPC costs. (Oh and those extra cycles are marshalling costs, not security check costs.)
I believe it is definately possible to design a secure system[*] using the current L4 primitives, with neglible overhead.
Cheers,
Benno
[*] I guess this depend of course on the definition of secure. At least in this case it means that a service can't be DoS-ed and must have a valid capability to access the service. I'm not sure we currently protect against covert channels.