19 Aug
2006
19 Aug
'06
3:48 p.m.
Don wrote:
Josh Dersch wrote:
Or if you, for example, create a CPU that executes IL natively. See
LispMs from the late 70s/early 80s for a different example of this.
There's no reason a modern equivalent couldn't be made.
In addition, the applications on Singularity (or Java/.NET today) are
not *interpreted*. They're jitted, which is far more performant.
On typical PC hardware, yes, for an OS like this there needs to be an
abstraction layer that lies between the "dangerous" physical hardware
and the safe IL domain; this abstraction layer can be made very small
and as such can be rigorously debugged. This abstraction layer
_completely_ prevents access to the underlying hardware, or other
application's process spaces.
As far as "booting the machine to a "non-Java" state... if you (as an
evil haX0r) have physical access to the hardware and can boot the
machine to a different OS, then yes, all bets are off... I'm not quite
sure what the point of that argument is.
Josh
You may be interested in the Singularity project
(a research project
at Microsoft, no less). It (gasp!) abstracts away pointers; the IL
used for the entire OS (a subset of the CLR), the OS interface, et.
al. is designed such that processes can be "proven" to be safe -- and
all process protection is done _without_ the use of any CPU hardware.
http://research.microsoft.com/os/singularity/
This can only be possible if applications are *interpreted*
AND the user is denied *any* means of accessing the underlying
hardware (either by accidental or *intentional* means).
It's like claiming "run Java/Inferno/etc. on your machine and you'll
never have to worry about security issues" (unless, of course,
someone boots the machine to a "non-Java" state!)