Re: How about a Safe Virtual Machine?

Karl Auerbach (karl@cavebear.com)
Mon, 3 Oct 94 11:19:47 PDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bob Denny: "RE: Collaborative Flaming"
Previous message: Karl Auerbach: "Re: Forms support in clients"
In reply to: Karl Auerbach: "Re: How about a Safe Virtual Machine?"
Next in thread: Jim Davis: "Re: How about a Safe Virtual Machine?"

> Agreed. And I would like to go further -- in some contexts there are
> requirements that after a program has touched a certain class of file
> it is henceforth not allowed to write into another class of file.
> I.e. the program isn't going to be allowed to reclassify sensitive
> data from one level to another.
>
> This is a fairly dynamic kind of safe environment, where the access
> rights depend on the sequence of previous actions.
>
> (This kind of thing may reflect my work with governmental and military
> based security policies and may be too much for commercial use.
> However, I would submit for discussion, that there may be need for
> this kind of flexibility.)

Answering my own question -- I just remembered the stink when people
found out that Prodigy was snapshotting part of their computer's
memory and sending it back to the Sears/IBM servers.

Thus for example, I can conceive of a "safe" execution restriction
that says that once a script has read something from one of my local
files, it can no longer emit network traffic.

--karl--

Next message: Bob Denny: "RE: Collaborative Flaming"
Previous message: Karl Auerbach: "Re: Forms support in clients"
In reply to: Karl Auerbach: "Re: How about a Safe Virtual Machine?"
Next in thread: Jim Davis: "Re: How about a Safe Virtual Machine?"