20 Aug
2006
20 Aug
'06
12:54 a.m.
But the intent was to avoid the "performance
penalties"
of using hardware mechanisms. So, (in existing hardware)
you trade the use of those facilities for the overhead of
an interpreter (regardless of what you want to call it)
Again, it's not an
interpreter, and I'm not just making up a fancy name
for one. Jitting compiles the code at runtime, and in many cases can
optimze the code better than a standard compiler can. In the case of
Singularity, performance is not a primary goal -- it's a research
project. But Java and .NET have pretty decent performance when compared
to "native" C/C++ code. But I don't really want to start a flamewar
about this... it's one of those endlessly debatable topics :).
I was not intending to suggest that Singularity would avoid any
performance penalty -- I was originally responding to a poster who
claimed that abstracting pointers away, etc. in the name of security was
not possible -- I posited Singularity as an example of an OS that has
done this very thing.
Because most machines nowadays are in the hands of
people who
aren't savvy enough to understand these issues. I.e. you can't
have physical security since there is nothing preventing a
user (*owner*) from circumventing this key step knowingly or
unknowingly.
E.g., any sort of removable media that can be passed control
of the processor outside (i.e., before) the scope of your VM
leaves the system vulnerable. Hence the reason many PC's
are configured without (or with *disabled*) floppy and/or CD-ROM
drives in business environments.
Getting a robust system into a consumer's hands is considerably
harder than one sitting in a machine room :>
Well, I agree that this is an
attack vector. But I believe it's picking
nits; the primary source of "infection" on your average user's PC are
either 1) exploiting the code in the OS (buffer overrun, etc.) or 2)
Lame security in the OSes involved (running as root/admin as default,
etc.) It'd be quite a bit more difficult for malware/viruses/trojans to
get onto a user's PC and propagate themselves if it required physical
means to do so (i.e. an e-mail that says "Hey! Please burn this software
to a CD, put the CD in your drive and reboot from it! It'll be cool!...
trust me.") There's only so much you can do, in the end -- users will
always find ways to screw up their computers. Doesn't mean it's not
worth researching new strategies for security elsewhere.
Josh