[e-lang] Invited talk: Tradeoffs in Retrofitting Security: An Experience Report
Marc Stiegler
marcs at skyhunter.com
Tue Aug 21 14:18:19 EDT 2007
> > Backwater fits an even lighter-weight category than this. Backwater
> > needs no static verification to eliminate usage of non-obj features.
>
> There are also other (simple) things that has to be done in order to
> be sure that a given (untrusted) code has minimal authority.
>
> I have just completed an amendment to the Pict tutorial related to
> security issues.
> http://altair.dcs.elf.stuba.sk:60001/mediawiki/upload/2/21/Tutorial.pdf
> If you are interested, look at
> Chapter 7: Security Concerned Programming :)
Thank you, Mategj. I have looked at this section, and it looks like
Backwater does indeed belong in the same category with Emily, because
a verifier is needed: any use of ccode (which is the Pict equivalent
of Ocaml's external, which is banned in the Emily verifier) must be
detected and the code must be rejected for having escaped confinement.
--marcs
More information about the e-lang
mailing list