[5998] in www-talk@info.cern.ch
Re: How about a Safe Virtual Machine?
daemon@ATHENA.MIT.EDU (Karl Auerbach)
Mon Oct 3 13:21:32 1994
Date: Mon, 3 Oct 1994 18:18:13 +0100
Errors-To: listmaster@www0.cern.ch
Errors-To: listmaster@www0.cern.ch
Reply-To: karl@cavebear.com
From: Karl Auerbach <karl@cavebear.com>
To: Multiple recipients of list <www-talk@www0.cern.ch>
> I think that an extensible "safe" environment is the right platform on
> which to build differentially more powerful environments for trusted
> colleagues. I think that a binary trusted/untrusted distinction is not
> rich enough -- you need to be able to support shared files, for example,
> without sharing ALL your files.... -- Nathaniel
Agreed. And I would like to go further -- in some contexts there are
requirements that after a program has touched a certain class of file
it is henceforth not allowed to write into another class of file.
I.e. the program isn't going to be allowed to reclassify sensitive
data from one level to another.
This is a fairly dynamic kind of safe environment, where the access
rights depend on the sequence of previous actions.
(This kind of thing may reflect my work with governmental and military
based security policies and may be too much for commercial use.
However, I would submit for discussion, that there may be need for
this kind of flexibility.)
--karl--
