Re: How about a Safe Virtual Machine?
Karl Auerbach (email@example.com)
Mon, 3 Oct 94 11:19:47 PDT
> Agreed. And I would like to go further -- in some contexts there are
> requirements that after a program has touched a certain class of file
> it is henceforth not allowed to write into another class of file.
> I.e. the program isn't going to be allowed to reclassify sensitive
> data from one level to another.
> This is a fairly dynamic kind of safe environment, where the access
> rights depend on the sequence of previous actions.
> (This kind of thing may reflect my work with governmental and military
> based security policies and may be too much for commercial use.
> However, I would submit for discussion, that there may be need for
> this kind of flexibility.)
Answering my own question -- I just remembered the stink when people
found out that Prodigy was snapshotting part of their computer's
memory and sending it back to the Sears/IBM servers.
Thus for example, I can conceive of a "safe" execution restriction
that says that once a script has read something from one of my local
files, it can no longer emit network traffic.