Juice [Re: UVM and Microsoft]
Dwight Hughes
dhughes@intellinet.com
Tue, 20 May 1997 21:52:56 -0500
| From: John Wood <tenshon@msn.com>
|
[ snip ]
|
| The security aspect of this was something I didn't recognize - that if
the
| base instructions are secure, then it's implicit that all the other
derived
| instructions would be secure - and so less checking needs to be
performed, and
| so you gain an implicit performance increase.
That does seem to be what they are claiming - on the surface a reasonable
claim. But to accomplish this it seems that one would have to have a
language incapable of talking directly to the hardware, along with a
backend incapable of generating code that can do such a thing (or at
*least* the later). Their claim that the intermediate code is basically
unhackable, due to its structure and complexity, as security factor by
itself is not convincing to me. Only if there is no possible way for
the backend to emit "dangerous" code for any possible input would I
consider this approach secure.
-- Dwight