This brief platform design challenge where one application is protected from another sounds like an oversimplification of platform requirements.
Here we explore that question.
We call that goal APG (Application Protection Goal) here.
Does APG subsume other typically expressed platform design goals?
(The AP claim is the capabilities are required to support the AP goal.)
To support our reasoning we adjust some conventional notions about the design of software and the administration of computer systems.
We hope to identify these adjustments and to make them seem desirable and natural.
Firstly we propose that an application to process bank transactions using cryptography should be chartered to keep the crypto keys secret.
Such is not normally considered a feasible part of the charter and is omitted.
The reason is that other programs on the platform
The AP claim depends on some modifications to the concept of
- Platform Integrity
- A platform must protect its own integrity in order to continue protecting its guest programs and thus platform integrity is necessary for AP.
Communication protocol design is another application of capability discipline notions.
There is no platform in view here that is shared between the cooperating and competing programs—each program brings its own.