[e-lang] Security and Vulnerability Assessment of an E Program
Jimmy Wylie Jr.
jwylie at uno.edu
Wed Sep 17 13:51:46 CDT 2008
But what about the Auditing framework? Wouldn't this also help in this
model verification? You could just skip over anything that implements
Confined or Functional similar to the idea in the paper on functional purity
in Joe-E.
What advantages does the model verification have over some sort of static
authority analysis along with auditors? I would think it would be the
ability to create new patterns and test them with mathematical vigor before
actually implementing them in the language. And, How is this related to a
mechanism like Java's Bytecode Verifier? or would E not need a mechanism
like that, since an Emaker is simply E source code imported with no
Authority, and would be interpreted by a trusted interpreter on your
machine?
Speaking of which, what is the state of the Auditing framework right now? I
tried to use the DeepFrozen Auditor, but kept getting an audit failed
exception. It turns out the method was only stubbed, so it defaulted to
false.
Thanks again for the information. I particularly liked your membrane
explanation, I had read the code for it in E in a Walnut but the
explanation isn't complete yet. Your explanation definitely clarified my
understanding of the pattern.
Thanks,
Jimmy
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/e-lang/attachments/20080917/990c5892/attachment.html
More information about the e-lang
mailing list