On 26 Oct 2019, at 08:00, Michael Neises <firstname.lastname@example.org> wrote:
> I know that seL4 provides confidentiality, which is described as a property that "means that data cannot be read without permission." Given this wording, I wonder if it is not possible to revoke those permissions in certain cases. In particular, I would like
for one camkes component to be able to perform runtime measurements, such as heap analysis, on another component. Or even better, I would like for a component to be able to perform runtime measurements on a program running within the camkes linux vm. Is such
a feat possible?
seL4ís confidentiality (and other security) enforcement means that the kernel guarantees that you can only access objects to which you have been given explicit permission (in the form of a capability). How those permissions are allocated is a matter of policy,
the kernel doesnít care, it only enforces.
In particular, it is totally possible in seL4 to give one component access to another componentís address space, thatís for the user-level policy framework to decide.
Whether the present CAmkES framework supports this is a different question, which Iíll leave to someone whoís more up to date with CAmkES details.
Devel mailing list