One solution is to create a new node t, copy the keys from the top node of S into t, and form a RO segmode key T to t. Upon return t is deleted. There is a faster way.
An unimplemented idea (documented here) is a kernel modification which provides a new order on a node key to “renew (or sever) the node”. This order returns a new node key to a conceptually new node with the same content as the old node. Internally the kernel performs the same operation as it would when a space bank reports the recycling of a node frame; all keys designating that node disappear. The kernel merely omits clearing the node frame and returns a key to the “new” node. Space banks with dominion over the node need not be consulted for the CDA is unchanged and the node frame is still allocated.
2017 addition. Very recently I realized that some view this operation as the natural form of revocation and think of our form as indirection. Both ways of coming about this are equally valid. The difference explains some confusion.
Segment keepers would mostly support a renew order whereupon they would renew the their top segment node and return a segment key to the renewed node.
In effect all keys to the node vanish everywhere and a new node supplants the old node and object Y looses its access if X renews the segment after Y returns and before it puts new secrets in S. The data in the renewed segment is intact.
The cost is already optimized as when the kernel ‘deletes’ a node. The top level memory mapping table would be redone; lower level page tables remain for they were produced by nodes in the segment node tree that were not renewed. This works for most segment keepers because those lower segmode keys are not duplicated. VCSK is a special case.
A renew order on a page key is as easy.