[6001] in www-talk@info.cern.ch
Re: How about a Safe Virtual Machine?
daemon@ATHENA.MIT.EDU (Karl Auerbach)
Mon Oct 3 16:15:17 1994
Date: Mon, 3 Oct 1994 20:41:48 +0100
Errors-To: listmaster@www0.cern.ch
Errors-To: listmaster@www0.cern.ch
Reply-To: karl@cavebear.com
From: Karl Auerbach <karl@cavebear.com>
To: Multiple recipients of list <www-talk@www0.cern.ch>
> Agreed. And I would like to go further -- in some contexts there are
> requirements that after a program has touched a certain class of file
> it is henceforth not allowed to write into another class of file.
> I.e. the program isn't going to be allowed to reclassify sensitive
> data from one level to another.
>
> This is a fairly dynamic kind of safe environment, where the access
> rights depend on the sequence of previous actions.
>
> (This kind of thing may reflect my work with governmental and military
> based security policies and may be too much for commercial use.
> However, I would submit for discussion, that there may be need for
> this kind of flexibility.)
Answering my own question -- I just remembered the stink when people
found out that Prodigy was snapshotting part of their computer's
memory and sending it back to the Sears/IBM servers.
Thus for example, I can conceive of a "safe" execution restriction
that says that once a script has read something from one of my local
files, it can no longer emit network traffic.
--karl--
