Date: Mon, 15 Sep 1997 14:23:54 -0700
Message-Id: <199709152123.OAA22477@games.eng.sun.com>
From: Li Gong <gong@games.eng.sun.com>
To: Dan Lambright <dlambright@opengroup.org>
Subject: Re: will protection domains prevent resource denial attacks
In-Reply-To: Dan Lambright's mail of Mon, 15 September, 1997
Dan Lambright writes:
> In other words, could the protection domains planed preclude an
> applet from stealing the CPU or memory from other applets? If not,
> how is/will resource denial be addressed?
Currently once an applet starts running, there is no control over
memory consumption and CPU time (except thru things like thread
priority level). In other word, there is not yet a comprehensive
solution to "denial of service" attacks.
We are looking at these issues, but they seem hard to solve without
slowing everything else down. When clever solutions present
themselves, we will definitely grab them.
By the way, it is not out of the question to customize special
internal code for this sort of usage control, and perhaps in a
compatible fashion so that the same application code run the same way
on the normal platform as well as on the tuned platform. But the
latter platform will not happen until there is a business case of some
sort so we can devote resources to it.
Cheers.
Li