Re: How about a Safe Virtual Machine?

Jim Davis (davis@DRI.cornell.edu)
Mon, 3 Oct 1994 16:50:53 -0400


Safety, by the way, should not require reading the source code.

Two reasons for this.

1) I want to protect the privacy of my agents. They may embody
private or proprietary material. For example, my negotiating
position. Imagine walking into the bargaining room where the
other side has been allowed to xray your briefcase.

2) Security should not be require that you understand the code to be
executed ("Even though it does contain a call to rm ** it's in
a branch that can never be reached...") because you can be wrong.

Does safe-tcl (or any alternative) have either of these properties? I
suspect not, for the first, and yes for the second.