> Tim Newsham wrote:
> > Jonathon Tidswell wrote:
> > > Some details on problems of risk management (security):
> > >
> > > The problem of availability is sometimes divided into protection against
> > > denial-of-service (DOS :-) attacks and reliability issues.
> > > I'll leave reliability aside until VSTa goes commercial :-), but DOS
> > > attacks are
> > > normally aimed at limited resources - network, memory, disk, CPU, etc.
> >
> > the schedulers tree nature can be used to protect cpu resources. Each
> > process and its decedents get only their fare share of the cpu.
> This looks like an nice solution.
My question is, does the current VSTa system allow high-level servers to take
lots of CPU running the requests of low level clients? If it does, then it
certainly does not "fairly" share the CPU. QNX has a system for adjusting
the priority of a server to match the priority of the client whose request
it's serving. Is something like this worth looking into?
> > The network and disk resources need to be protected by their servers
> > not the kernel.
> All resources need to be protected by their respective servers, a microkernel
> design does not want to include excess material in the kernel, but
> shifting the responsibility does not solve the problem it simply
> increases the number of
> places it needs to be addressed, and correspondingly the number of places
> it can be poorly addressed.
However, to the degree that servers are easier to maintain than kernels, it
may be easier to implement the security code at the user level and it may be
easier to fix security problems without interfering with other parts of the
system as much. Of course it also may not, it may depend largly on the type
of security problems which are introduced.
Received on Wed Dec 14 00:13:45 1994
This archive was generated by hypermail 2.1.8 : Thu Sep 22 2005 - 15:12:11 PDT