[cap-talk] Security and Full Abstraction (was: Cap OS question)
Bill Frantz
frantz at pwpconsult.com
Wed Sep 9 18:04:04 PDT 2009
daw at cs.berkeley.edu (David Wagner) on Saturday, September 5, 2009 wrote:
>A better goal would be to try to come up with a static analysis to
>check that the JVML bytecodes could have been produced from some valid
>Java source code. In other words, check the full abstraction property.
>I don't really know how to do that in a simple and clean way. (Complex
>methods scare me, because how do you know you got them right?) The only
>approach I've been able to come up with that seems plausible it might
>work is to decompile JVML to Java source, then verify the Java source,
>then compile the source down to JVML, then execute the result. That's
>a bit hack-ish and might have some issues.
Some of the Java obfuscators change the byte codes to build structures that
can not be de-compiled back into Java (to protect the intellectual property
of the companies which use them, of course). The idea that a Java(1) ->
byte-code(1) -> Java(2) -> byte-code(2) process would result in
byte-code(2) having the same meaning as the first byte-code(1) seems risky.
And I certainly don't want to support obfuscated byte codes in any way.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"We used to quip that "password" is the most common
408-356-8506 | password. Now it's 'password1.' Who said users haven't
www.periwinkle.com | learned anything about security?" -- Bruce Schneier
More information about the cap-talk
mailing list