Re: How about a Safe Virtual Machine?

Karl Auerbach (
Mon, 3 Oct 94 09:06:08 PDT

> I think that an extensible "safe" environment is the right platform on
> which to build differentially more powerful environments for trusted
> colleagues. I think that a binary trusted/untrusted distinction is not
> rich enough -- you need to be able to support shared files, for example,
> without sharing ALL your files.... -- Nathaniel

Agreed. And I would like to go further -- in some contexts there are
requirements that after a program has touched a certain class of file
it is henceforth not allowed to write into another class of file.
I.e. the program isn't going to be allowed to reclassify sensitive
data from one level to another.

This is a fairly dynamic kind of safe environment, where the access
rights depend on the sequence of previous actions.

(This kind of thing may reflect my work with governmental and military
based security policies and may be too much for commercial use.
However, I would submit for discussion, that there may be need for
this kind of flexibility.)