[cap-talk] Security and Full Abstraction (was: Cap OS question)
Sandro Magi
naasking at higherlogics.com
Sat Sep 5 06:47:28 PDT 2009
David Wagner wrote:
> Read the Joe-E spec, particularly the appendix, for more examples.
> At first, when I started to learn about these issues, I think my initial
> reaction was to think, how bad can this be? Surely this is manageable.
> But as the list started to grow, I eventually gave up any hope that
> programmers could be expected to keep track of all the hazards introduced
> by allowing malicious JVML bytecode. I don't even know how we'd get
> confidence that we have the complete list of such hazards, let alone
> train programmers to watch out for them.
Indeed I will. Still, from the examples in Kennedy's paper on the CLR, I
don't see why the arguably illegal instruction sequences couldn't be
outlawed based on a static analysis, or rewritten into a correct form
(for the bool-byte conflation).
Sandro
More information about the cap-talk
mailing list