From: Tyler Close <>
Replying To: Mark Miller <>
Date: Sun, 8 Dec 2002 12:07:57 -0400
Subject: Re: [e-lang] "Capability Myths Demolished" (was: Software security workshop)

On Saturday 07 December 2002 15:27, Mark Miller wrote:
> (Despite the fact that there wasn't anything wrong that I know of with
> Lampson's own capability OS design, CAL-TSS, Norm's sense is that Lampson
> proceeded to make the same mistakes as everyone else, by taking his model
> more seriously than his system. I am much more ignorant of the history than
> Norm, but from what I know, I concur.)

My only source of information on CAL-TSS is the summary in Levy's
capability book.  Based on this summary I have some doubts about
parts of its design. That CAL-TSS did not have protected
procedures is a definite warning signal about the theory that went
into it. If anyone could provide me with additional sources of
information on this system, I would appreciate it. I would also
like access to the papers referenced from Lampson's "Protection".
References 7 and 13 would be especially useful. markm shap

Where and when did Norm's sense come from? Has Norm already
written something about this?  Does Norm have additional
information on this topic that may be useful? markm

What else do you know about the history that makes you concur? markm 

Is there anything in "Protection", or elsewhere, to suggest that
Lampson intentionally made an inaccurate model?  Given the purpose
of his model, I can see no reason for the inaccuracies. markm

e-lang mailing list