[cap-talk] [e-lang] Any languages addressing denial of resource attacks?

[Sandro Magi]

I didn't get any responses from e-lang, so I thought perhaps cap-talk
might be able to provide some pointers. I'm looking for languages or
virtual machines along the lines of J-Kernel [1], KaffeOS [2], and any
other language-level systems which solve resource denial attacks.

I'm particularly interested in any systems in active use, but I'd
definitely like to read about any research efforts.

Finally, assuming such a capability secure language that has sufficient
resource control to prohibit local DoS, are there any remaining
language-level attack vectors (ignoring the obvious "correctness of
implementation")?

Sandro

[1] http://www.cs.cornell.edu/jkernel/
[2] http://www.cs.utah.edu/flux/papers/kaffeos-osdi00-base.html


Sandro Magi wrote:
> E currently doesn't tackle denial of resource attacks against the memory
> system, and partial support for denial of resource against the CPU by
> spawning vats. Are there any other languages addressing these two denial
> of resource attacks?
> 
> Consider a principled language with capabilities and processes with
> explicitly configurable heap quotas. The process abstraction extends the
> vat with memory accountability, and so can prevent DoS against memory.
> 
> Assuming capability-secure libraries and an audited VM, is the above
> system still vulnerable to any other attacks? I'm trying to get a feel
> for what sorts of vulnerabilities remain once capabilities and DoS
> resistance/immunity are present.
> 
> Sandro
> _______________________________________________
> e-lang mailing list
> e-lang at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang