[cap-talk] Cap OS question
Mark Miller
erights at gmail.com
Fri Sep 4 14:32:32 PDT 2009
On Fri, Sep 4, 2009 at 11:48 AM, Sandro Magi<naasking at higherlogics.com> wrote:
> Since you asked about C#, here's an old set of slides discussing
> capability security in C#:
>
> http://higherlogics.com/Capabilities%20presentation.pdf
>
> It was posted on this list quite awhile ago as well, and there were some
> good suggestions made then too. Since then, Joe-E has progressed
> significantly, and Mono.Cecil has become quite mature, so you could get
> a good start on a bytecode verification approach as used in Joe-E,
> without resorting to the heavier AppDomain technique suggested in the
> slides.
Joe-E verifies sources, not bytecodes. The first several attempts at
Joe-E were bytecode based. But as Adrian found more and more important
properties that were only verifed by Java compilers and not JVM
bytecode verifiers, we finally retreated to source code verification.
The appendix of the Joe-E enumerates these issues.
>From looking at your slides again, I wonder if AppDomain is actually
more like J-Kernel[1] than Joe-E. Do you have a sense of how AppDomain
compares to J-Kernel?
[1] http://www.cs.cornell.edu/slk/papers.html
Also a summary in section 24.5 of my thesis.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list