Re: How about a Safe Virtual Machine?

Karl Auerbach (karl@cavebear.com)
Mon, 3 Oct 94 11:19:47 PDT


> Agreed. And I would like to go further -- in some contexts there are
> requirements that after a program has touched a certain class of file
> it is henceforth not allowed to write into another class of file.
> I.e. the program isn't going to be allowed to reclassify sensitive
> data from one level to another.
>
> This is a fairly dynamic kind of safe environment, where the access
> rights depend on the sequence of previous actions.
>
> (This kind of thing may reflect my work with governmental and military
> based security policies and may be too much for commercial use.
> However, I would submit for discussion, that there may be need for
> this kind of flexibility.)

Answering my own question -- I just remembered the stink when people
found out that Prodigy was snapshotting part of their computer's
memory and sending it back to the Sears/IBM servers.

Thus for example, I can conceive of a "safe" execution restriction
that says that once a script has read something from one of my local
files, it can no longer emit network traffic.

--karl--