I have a server process SB that issues badged endpoints to users.  Clients can invoke the endpoints to access memory and possibly other resources.  Essentially, it is a version of Robigalia’s space bank.  Other programs pass endpoints issued by SB to provide servers the resources needed to do their tasks, and the servers invoke the endpoints to obtain memory that they know cannot be revoked or modified by other programs.

SB is part of the TCB, and is trusted by all of its clients.  Clients, however, do not trust each other, and may pass forged endpoints to servers to cause servers to misbehave.  Therefore, servers need to be able to ask SB if a given capability was actually issued by SB.

SB can make that check by checking that the endpoint is a badged version of its master endpoint, which it never gives anyone else access to.  What is the correct API function for doing this?

Sincerely,

Demi M. Obenour