Netlet isolation
The node must ensure that netlets can fail independently, are accounted
for, and do not corrupt others. Therefore, the node must implement
complete isolation of netlets running on it. This entails:
- Netlets cannot share threads. This ensures that all threads
belonging to a netlet can be removed without damaging others.
- Netlets cannot share netlet-writable memory. This ensures that
allocated memory can always be attributed (and charged) to a single
netlet.
- Netlets cannot share netlet-writable namespaces. This ensures
that netlets cannot masquerade each others' classes.
- Node threads, memory, namespaces cannot be written to by netlets.
This protects the node from malicious netlets.
See Section
for detail on protection mechanisms.
Ulf Leonhardt
2001-08-16