Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> To make a memory safe language capability secure, you simply remove all sources of ambient authority.

Isn't this more or less what Sun tried to do with Java applets, which in practice turned out not to be so simple while providing a rich API?



> Isn't this more or less what Sun tried to do with Java applets, which in practice turned out not to be so simple while providing a rich API?

I'm not familiar with the Java applet model specifically, but Java's general security model is based on stack inspection, which is nothing like capabilities.


http://www.cs.cornell.edu/home/chichao/sip99.ps

http://www4.cs.fau.de/Projects/JX/

Note: JX takes a different route but shows POLA can be done simply and performant.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: