[cap-talk] POLA focus seen as counter productive

[James A. Donald]

There is an urgent need (needs where people will pay
money for solutions that actually work) client side for
an environment in which highly untrusted code - code
within emails and web pages - may run.

With Ajax, people are increasingly using the web for
tasks that were formerly done on the desktop.
Sandboxing is a severe problem.  Existing sandboxes are
both too restrictive for useful pages, and too liberal
for hostile pages.

For example, web script should have no capability to
launch a popup or popunder, but they should have the
capability to display a widget (powerbox) that will
launch a popup if the user so chooses.

Web page executable (non script) code such as Active X
should run inside VMs, each VM communicating by streams
with trusted code.

There is also an urgent need, server side, for a safe
environment in which to run code that comes under severe
attack, such as PHP interpreters - a system that like
chroot jails only more so, a VM that surrounds that jail
with an adequately simulated and controlled environment,
that enables the prisoner to do what is needed, and no
more, that unlike chroot denies low level access to
system devices, controls access to networking and
process control, and limits I/O, bandwidth, disk space
and CPU time.