[cap-talk] Language-based safety - notes and meat)
jed at nersc.gov
Mon Nov 15 21:59:53 EST 2004
At 06:21 PM 11/15/2004, Jonathan S. Shapiro wrote:
>Hmm. The part about "breaking the model" seems elusive.
>The difficulty I see is that we have to clearly articulate what the
>model actually is. For example, are we talking about breaking the local
>E implementation or are we talking about breaking the distributed trust
Well, the part that's clear to me is the focus on the language issues.
That is, as was stated earlier, breaking out of the language imposed
restrictions on rights. E.g. reading in data and executing it as native
code on the base machine within the process that E is interpreting
would definitely qualify as "breaking E", though whether model or
implementation is unclear to me.
>Depending on the objective of interest, I can see that either might be
For me it's the local implementation that's of interest. I know the issues
with the distributed model. I believe they've been well known for
years. Of course one might argue that the issues with E are not that
different from those with Java and have had comparable work on them. Is
that true? Is there an equivalent "contest" for breaking Java?
>...if we want to allow attacks on the OS platform,
>So should we try to nail down what we mean by model here?
Yes. I see that as the part of this exercise that has the most meaning.
More information about the cap-talk