((( [logo]Racket )))Need Help?
AboutDownloadDocumentationPLaneTCommunityLearning

[plt-scheme] Stack inspection security

From: John Clements (clements at brinckerhoff.org)
Date: Tue Oct 14 13:51:02 EDT 2003		 
On Tuesday, October 14, 2003, at 02:34  AM, David Van Horn wrote:

>   For list-related administrative tasks:
>   http://list.cs.brown.edu/mailman/listinfo/plt-scheme
>
> I've been thinking about a security model for MzScheme that would 
> allow mobile
> or partially trusted modules to be run under a given security policy 
> enforced
> using a stack inspection mechanism.  Here are some thoughts and 
> questions on
> such a model.  I'd appreciate any feedback.

First off, I'm guessing you're not familiar with my paper on this topic:

A Tail-Recursive Semantics for Stack Inspections
http://www.ccs.neu.edu/scheme/pubs/esop2003-cf.pdf

(postscript also available)

... which shows, among other things, how to implement stack inspection 
using
continuation marks.

With that said, let me encourage you to look at mechanisms other than 
stack inspection.
My conversations with others (including Christian Skalka) about 
security makes
me wonder whether stack inspection is really the best mechanism for 
security,
especially in mzscheme.  I for one would be more inclined to try to set 
up a
capability-based system for security.


john clements
Posted on the users mailing list.