[E-Lang] Java 2 "Security" (was: Re: Welcome ChrisSkalkaand ScottSmith of Johns Hopkins)

Mark S. Miller markm@caplet.com
Sat, 20 Jan 2001 23:38:18 -0800


At 11:03 PM Saturday 1/20/01, Jonathan S. Shapiro wrote:
>I like the analogy, but it happens not to be true. Substrate-level
>errors can be divided into two categories. [...]
>Many of your other errors (quantum uncertainty, and more commonly
>something called charge leakage) actually *are* dealt with above the
>physical level. Because of this, real chip design is now split into
>*three* levels:
>
>        1. The logic level, which works as you say
>        2. The standard cell library
>        3. The device physics/chemistry

Thanks for this clarification.  The distinction I mean is between #1 and all 
the levels below it.

Another even more problematic case is error correcting memory.  At one level 
of abstraction we have unreliable memory bits, and we use "logic" to build a 
smaller number of reliable memory bits out of it.  To my mind the ECC logic 
is best described as part of the substrate whose purpose is to achieve the 
logic level, even though, to all appearances, it looks like logic.  Notice 
that the existence of the larger number of unreliable chips is hidden as 
soon as possible, with the smaller number of reliable bits presented to the 
rest of the system as the digital reality.

As we apply the analogy to security, we will find even more problematic 
mixed cases.  But as a wise man once said (anyone know who?), the existence 
of dusk and dawn does not render meaningless the concepts day and night.


        Cheers,
        --MarkM