[cap-talk] David Wagner's Google techtalk is now up!

Mathieu Suen mathieusuen at yahoo.fr
Wed Dec 12 18:15:50 EST 2007


On Dec 12, 2007, at 11:27 PM, Ben Laurie wrote:

> On Dec 12, 2007 2:04 PM, Mathieu Suen <mathieusuen at yahoo.fr> wrote:
>>
>> On Dec 12, 2007, at 10:35 PM, Ben Laurie wrote:
>>
>>> On Dec 12, 2007 12:39 PM, Mathieu Suen <mathieusuen at yahoo.fr> wrote:
>>>> Thanks a lot for your answer.
>>>> In fact I mess up with strong typing and static typing.
>>>> I have an other question in mind:
>>>>
>>>> Can we use Java Interface as Capability?
>>>>
>>>> Than for method instead of declaring a class for a return type we
>>>> simply return an interface.
>>>> And it is the same for all other things. We only declare variable
>>>> with
>>>> an Interace.
>>>>
>>>> I am also interest why you say that there are some reason to prefer
>>>> static typing?
>>>
>>> One obvious reason to prefer static typing is that violations are
>>> detected at compile time.
>>
>>
>> What kind of violation?
>>
>> For me it seem that most kind of violation that static type detect at
>> compile time is also detect when you test you software with
>> dynamically type language.
>
> Only if I manage to actually run the offending piece of code. Do you
> have 100% test coverage?

Yes you are correct
I don't really want to go an a Static vs. Dynamic type system debat.  
Lot of people have done it before.
http://cdsmith.twu.net/types.html

But can you tell me which security bugs that a static type language  
can prevent that dynamicaly type system can't?

>
>
>>
>>
>>>
>>>
>>>>
>>>> Thanks
>>>>
>>>>
>>>> On Dec 12, 2007, at 6:22 PM, David Wagner wrote:
>>>>
>>>>> Mth writes:
>>>>>> I am a bit new to security model so sorry if my question seems
>>>>>> stupid.
>>>>>> In his talk David Wagner say that strongly type system like Java
>>>>>> ensure some security.
>>>>>> But why?
>>>>>> In what dynamically type system is weaker?
>>>>>
>>>>> The important thing for security is that Java is strongly typed.
>>>>> Whether it is statically typed or dynamically typed is less
>>>>> important
>>>>> for the security objectives under discussion here.
>>>>> (Strong typechecking can be implemented statically or  
>>>>> dynamically.)
>>>>> In Java, the strong typechecking is what provides encapsulation
>>>>> (clients can't peek at or tamper with the private data of other
>>>>> objects) and unforgeability of capabilities (strong typechecking
>>>>> means
>>>>> that you can't forge a reference out of whole cloth, and since in
>>>>> our system a capability is just a reference, that's what we need).
>>>>>
>>>>> There are some second-order reasons why one might prefer static
>>>>> typing or dynamic typing but to my mind they are secondary  
>>>>> compared
>>>>> to the above considerations.  The object capability paradigm is
>>>>> compatible with both statically checked and dynamically checked
>>>>> languages.  Joe-E is an example of the former; E is an example of
>>>>> the latter.
>>>>> _______________________________________________
>>>>> cap-talk mailing list
>>>>> cap-talk at mail.eros-os.org
>>>>> http://www.eros-os.org/mailman/listinfo/cap-talk
>>>>>
>>>>
>>>>      Mth
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ___________________________________________________________________________
>>>> Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et
>>>> son interface révolutionnaire.
>>>> http://fr.mail.yahoo.com
>>>>
>>>> _______________________________________________
>>>> cap-talk mailing list
>>>> cap-talk at mail.eros-os.org
>>>> http://www.eros-os.org/mailman/listinfo/cap-talk
>>>>
>>>>
>>>
>>> _______________________________________________
>>> cap-talk mailing list
>>> cap-talk at mail.eros-os.org
>>> http://www.eros-os.org/mailman/listinfo/cap-talk
>>>
>>
>>       Mth
>>
>>
>>
>>
>>
>>
>>
>>
>> ___________________________________________________________________________
>> Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et  
>> son interface révolutionnaire.
>> http://fr.mail.yahoo.com
>>
>> _______________________________________________
>> cap-talk mailing list
>> cap-talk at mail.eros-os.org
>> http://www.eros-os.org/mailman/listinfo/cap-talk
>>
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>

	Mth




	

	
		
___________________________________________________________________________ 
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
http://fr.mail.yahoo.com



More information about the cap-talk mailing list