Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!gatech!hao!ames!sdcsvax!darrell
From: jack@cwi.nl (Jack Jansen)
Newsgroups: comp.os.research
Subject: Re: Security in OS design
Message-ID: <3222@sdcsvax.UCSD.EDU>
Date: Sun, 24-May-87 21:12:25 EDT
Article-I.D.: sdcsvax.3222
Posted: Sun May 24 21:12:25 1987
Date-Received: Tue, 26-May-87 03:22:09 EDT
Sender: darrell@sdcsvax.UCSD.EDU
Organization: AMOEBA project, CWI, Amsterdam
Lines: 25
Approved: mod-os@sdcsvax.uucp

In the Amoeba distributed OS, we make sure that communication is secure. This
means that nobody will be able to receive messages that are meant for someone
else. According to the official papers, this is done using a device called
'F-box' that sits between your machine and the network. Addressing is done
with 48 bit numbers, called ports. If you want to be talked to, you invent a
port. You then ask your F-box to apply a one way function to this (think of
DES, for instance). You give this encrypted port to all your friends.

Now, to receive a message, you give your original port to the F box.  This
port is immedeately encrypted, and the F box starts listening to this
encrypted port.  Now, messages transmitted to you, using your encrypted port,
will arrive at your machine.

There is much more to it, of course, but this is it in a nutshell.  Look for
articles by Andy Tanenbaum and/or Sape Mullender, or ask me and I'll dig out
the references.

--
	Jack Jansen, jack@cwi.nl (or jack@mcvax.uucp)
	The shell is my oyster.

PS: Needless to say, of course, in real implementations there are no such
things as F-boxes, their function is provided by the kernel.  However, if you
wanted to, you could hook up untrusted hosts by providing them (assuming
you'll find someone willing to build them:-)