Re: How about a Safe Virtual Machine?

Steven D. Majewski (sdm7g@virginia.edu)
Tue, 4 Oct 1994 02:43:51 -0400 (EDT)


On Tue, 4 Oct 1994, Jim Davis wrote:

>
> 1) I want to protect the privacy of my agents. They may embody
> private or proprietary material. For example, my negotiating
> position. Imagine walking into the bargaining room where the
> other side has been allowed to xray your briefcase.
>
> 2) Security should not be require that you understand the code to be
> executed ("Even though it does contain a call to rm ** it's in
> a branch that can never be reached...") because you can be wrong.
>
> Does safe-tcl (or any alternative) have either of these properties? I
> suspect not, for the first, and yes for the second.
>

Obliq does provide the first, but it does because it doesn't ship
functions around - it's more of a RPC system. It would thus involve
moving a lot more data around, which is why I didn't think it was
a solution for Web distributed programming.

In fact, I don't see how you can possibly have #1, if you are
shipping functions around, although you can make it more difficult
by not shipping SOURCE code around. ( If it's encoded, you have to
give them the key! )

( BTW: Python's import statement will handle either python source
code or complied byte code, but there *IS* an existing python
byte-code decompiler in the standard library. )

You would have to keep proprietary parts of your agent on *your*
machine, and have it communicate over a socket to the "public"
part. This requirement clearly conflicts with some other desires
to make exactly that impossible, that have been mentioned in this
thread. Which leads me to again believe that this is a great and
fun area for research, but not quite ready for prime-time standardization.

-- Steve Majewski (804-982-0831) <sdm7g@Virginia.EDU> --
-- UVA Department of Molecular Physiology and Biological Physics --
-- Box 449 Health Science Center Charlottesville,VA 22908 --
[ "Cheese is more macho?" ]