[e-lang] [Caja] SIF (Servlet Information Flow)
David-Sarah Hopwood
david.hopwood at industrial-designers.co.uk
Thu Apr 10 16:24:39 EDT 2008
[cc:d and replies set to e-lang list, since this is a general
language-based security question, not specific to Caja.]
Jed wrote:
> Are others familiar with this work from Cornell, e.g.:
>
> http://www.cs.cornell.edu/jif/sif/
> http://www.usenix.org/events/sec07/tech/full_papers/chong/chong.pdf
>
> Could anybody compare and contrast the Caja work
> with this "SIF" work? I don't see anything there about
> "capabilities" (authority tokens) or any means of distributing
> authority between "contained" running programs. The focus/thrust
> otherwise looks to me similar to that for the Caja work.
It's based on an information flow type system, so not really applicable
to an untyped language like ES3 or Caja without a lot of effort. But
information flow typing seems like an interesting thing to consider
adding to Joe-E or Emily, or to E's auditing system.
You would probably want to generalize it to authority flow typing.
I don't think this requires any fundamental changes: in an object
capability system, the type system rules to enforce
"access to this information should be restricted to <...>"
are the same as
"access to this authority should be restricted to <...>",
and similarly, the rules for
"<...> needs to rely on the integrity of this information"
are the same as
"<...> needs to rely on the integrity of this object abstraction".
I think.
--
David-Sarah Hopwood
More information about the e-lang
mailing list