nextupprevious

Implementation

Implemented a prototype on the OpenBSD operating system.

A sub-user id is associated with all incoming objects (so the application must do this?). This id is saved in the inode of the file holding the object.

Figure 4 shows such objects "logging in" to the system in a similar manner as users log in to a system.

Sub-user ids are assigned either by the application or by a proxy in front of the application.

SubOS does sandboxing in the kernel: