From: kilgallen@eisner.decus.org (Larry Kilgallen)
Subject: Re: Memory allocation
Date: 2000/03/06
Date: 2000-03-06T00:00:00+00:00 [thread overview]
Message-ID: <2000Mar6.072113.1@eisner> (raw)
In-Reply-To: 38c30e0f@eeyore.callnetuk.com
In article <38c30e0f@eeyore.callnetuk.com>, "Nick Roberts" <nickroberts@callnetuk.com> writes:
> Some may find it interesting to note that a (truly) secure operating system
> cannot generally provide this specific functionality (how much free memory
> is left), in order to avoid a thing called a 'covert channel'.
Only if the memory pool being measured is shared between security
compartments. In virtual memory operating systems it is fairly
common to allow individual processes to have access to excessive
amounts of "memory" that isn't really there. Obviously timing
channels are possible through the behaviour of the paging system
if it was not designed to isolate compartments from each other
in this regard.
> What it can, and should, provide, however, is a way for a program to say
> 'reserve x amount of memory exclusively for me'. This needs to be
> accompanied by a way to say 'now unreserve it'. Can anybody tell me of an
> actual OS that does just this, please?
VMS lets you lock pages into memory with system service $LCKPAG
and release them with $ULKPAG. That persists despite swapping
activity, which I suppose is what you mean by "exclusively for
me". A lighter-weight call to $LKWSET will ensure that a page
is in physical memory whenever your process is swapped in.
Larry Kilgallen
prev parent reply other threads:[~2000-03-06 0:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-03-01 0:00 Memory allocation Andreas
2000-03-01 0:00 ` ada_95
2000-03-02 0:00 ` ada_95
2000-03-02 0:00 ` Oliver Kellogg
2000-03-05 0:00 ` Nick Roberts
2000-03-06 0:00 ` Larry Kilgallen [this message]
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox