Re: Java virtual machine as target language for C/C++

>dodd@csl.sri.com (Chris Dodd) writes:
>>[Java security comes from scanning the code before execution.]


Bill Mangione-Smith <billms@nixon.icsl.ucla.edu> wrote:
>[A compliant VM could use type flags on the stack.]


Java bytecodes are an example of what I call "mobile code". There are
four mechanisms for ensuring protection against both accidents and
malicious actions in mobile code:


  - Limited Languages


      The mobile code is expressed in a limited language which cannot
      express unsafe constructs [Deutsch & Grant 71, Gaines 72, Keppel 93,
      Thekkath & Levy 93].


  - Outside The Domain


      Execute the code outside of the (any) domain in which you care about
      protection [Stamos & Gifford 91, Keppel 93, Wahbe et al. 93].


  - Virtualization


      Virtualize the operation so that whenever the operation is executed,
      the necessary protection checks are also executed [Deutsch & Grant 71,
      Falcone 87, Stamos & Gifford 90, Keppel 93, Wahbe et al. 93].


  - Program Verification


      Before program execution, the program is checked by a trustsed agent
      that can ensure (prove) that there are no execution paths that can
      violate security [Deutsch & Grant 71, Deutsch 73, Stamos & Gifford 90,
      Keppel 93, Wahbe et al. 93].


Note that the above may be viewed as variations on the theme of "an
object which cannot be named also cannot be corrupted".


In each of these it is necessary to specify very carefully what is the
"domain" that you care about.


To blow my own horn, my dissertation (on Runtime Code Generation) has
a few pages on mobile code. My dissertation *still* isn't quite done,
but if you send me your e-mail address I'll let you know when it's
done.


;-D on ( Mobile citations ) Pardo




%A Peter Deutsch
%A C. A. Grant
%T A Flexible Measurement Tool for Software Systems
%J International Federation for Information Processing Congress 71
(IFIP),
booklet TA-3
%C Ljubljana
%D August 1971
%P 7-12
%I North-Holland Publishing Co.


%A Peter Deutsch
%T The Interactive Program Verifier
%R Ph.D. thesis
%I Xerox Palo Alto Research Center
%D 1973


%A R. Stockton Gaines
%T An Operating System Based on the Concept of a Supervisory Computer
%J Communications of the ACM (CACM)
%D March 1972
%V 15
%N 3
%P 150-156


%A J. R. Falcone
%T A Programmable Interface Language for Heterogenous
Distributed Systems
%J ACM Transactions on Compuer Systems
%V 5
%N 4
%D November 1987
%P 330-351


%A David Keppel
%T Managing Abstraction-Induced Complexity
%R 93-06-02
%D June 1993
%I University of Waschington Department of Compueter Science and
Engineering
%W Available via anonymous ftp from `ftp.cs.washington.edu'
(128.95.1.4) in `tr/1993/06/UW-CSE-93-06-02.PS.Z'


%A James W. Stamos
%A David K. Gifford
%T Remote Evaluation
%J ACM Transactions on Programming Languages and Systems
%V 12
%N 4
%D October 1990
%P 537-565


%A Chandramohan A. Thekkath
%A Henry M. Levy
%T Limits to Low Latency Communication on High-Speed Networks
%J ACM Transactions on Computer Systems
%D May 1993
%V 11
%N 2


%A Robert Wahbe
%A Steven Lucco
%A Thomas E. Anderson
%A Susan L. Graham
%T Efficient Software-Based Fault Isolation
%J Proceedings of the Symposium on Operating System Principles
%D 1993
%W http://www.cs.cmu.edu/afs/cs.cmu.edu/project/sfi/www/top.html
--

Return to the comp.compilers page.
Search the comp.compilers archives again.