[e-lang] security policies for debugging (was: Object reflection)

Mark S. Miller markm at caplet.com
Mon Jan 12 17:31:02 CET 2004 

At 12:40 AM 1/12/2004  Monday, Fred Spiessens wrote:
>Anybody from the E-language community that could tell us how the E-debugger 
>will work in this respect?

Use refraction rather than reflection. See
http://www.eros-os.org/pipermail/e-lang/2003-February/008464.html
and
http://www.eros-os.org/pipermail/e-lang/2003-February/008465.html

Although the above story of refraction support in an E-like language is 
still speculative, two of the mechanisms on which it's based -- the KeyKOS 
Brand and FCP's meta-"interpretive" debugging -- were both used in practice 
and provided real debuggability within all the constraints of full 
capability security. Both can be understood according to the logic of 
refraction explained above. (I believe EROS debuggability follows the logic 
of KeyKOS debuggability.)

Note: I put "interpretive" above in quotes because it used program 
transformation to efficiently simulate the effect of running a program under 
a debugging meta-interpreter.

The KeyKOS technique allows stronger confinement claims for debuggable 
objects than does the FCP technique. The FCP technique nests naturally, 
whereas the KeyKOS technique does not. I believe that it should be 
straightforward to combine these strengths. For example, Alan Karp has 
suggested that sealer/unsealer pairs could come in a hierarchy, with a 
parent unsealer able to unseal a box sealed by a child's sealer. Brands 
could be put into a similar hierarchy, providing debugging rights over 
nested arenas.

E does not yet have any mechanism to support refraction. I think we'll 
indeed end up with hierarchical Brands, but I'm inclined to proceed by first 
writing a naive meta-interpreter, extending it for debugging the interpreted 
computation, and then designing the Brand mechanism by reasoning by 
(almost) equivalence.


----------------------------------------
Text by me above is hereby placed in the public domain

        Cheers,
        --MarkM

-
Please send submissions to users at mozart-oz.org
and administriva mail to users-request at mozart-oz.org.
The Mozart Oz web site is at http://www.mozart-oz.org/.
Please send bug reports to bugs at mozart-oz.org.

More information about the mozart-users mailing list