How do we protect blocks?
By using a totally unpriviledged server which is more like a security
monitor? exporting a low level interface with minimal abstractions?
All it would do is manage capabilities to blocks. Nothing more. Then
processes can do a pct to this server and carry out the request. This
server would own all the io ports to the ide controller. But would this
work for other kinds of hard disk?
I could also think of programming the kernel. I would prefer this
because it is more exo-ish than the first suggestion. This would require
the kernel to compile handlers or device drivers given by a process
requesting secure binding to the block device. This would allow the
requesting process to access the block device controller the way it sees
fit. The problem is security.
I think one way we can do this, is for the kernel to examine the handler
code and if it passes criteria, the io perm map of the requesting
process could then be updated to allow access to block device controller
and the handler code and relevant data mapped read-only in the process
address space.This would all be a part of capability processing.
This seems more complex because we have to use a compiler or interpreter
and we have to design an interface for the driver code. I do not know
how we can port existing drivers to this framework.
How does the buffer cache mechanism on the MIT exokernel work?
|
