[cap-talk] C-like Capability language

Toby Murray toby.murray at comlab.ox.ac.uk
Thu Jul 31 18:13:10 CDT 2008


On Thu, 2008-07-31 at 16:00 -0700, Mike Samuel wrote:
> 
> 
> 2008/7/31 William Pearson <wil.pearson at gmail.com>
> I want to do capability based security in a VM
 
> As such I am trying to design a C-like language, fairly low level but
> abstracting a few things away. Basically the syntax would be C
> (structs and all), with added syntax to deal with capabilities and
> domains. So not an object capability model, but it still might be
> interesting.
>         
> There would be also be an assembler code that could be inlined for
> very low level stuff. The VM would enforce all the capabilities. The
> language constructs would just be to make it explicit.

If you allow C-like arbitrary pointer arithmetic and inline assembly
etc. how do you guarantee that hte C-like code can't violate the
guarantees made by the VM, unless the VM runs in a separate process
itself?

This is a good reason to favour Mike's argument:
Mike Samuel wrote:

> Maybe start with a safe language like Cyclone instead.
> From http://cyclone.thelanguage.org/





More information about the cap-talk mailing list