#284 Need a practical & POLA auditing protocol

Need_for_security
open
auditors (6)
8
2006-12-05
2005-08-16
No

The current experimental E-on-Java auditing protocol
relied on unshadowable names in a way that made it
impractical. (Thanks to Kevin Reid for pointing this
out.) Also, the 0.8.36 guard revolution removes guards
from FinalPattern & SlotPattern, thereby making
getSynEnv() useless for auditing.

OTOH, the current experimental E-on-CL auditing
protocol violates POLA. It's also hard to imagine how
adequately memoize it, in order to avoid needless
per-instance overheads.

Alan Karp has suggested a way out which I will try to
explain.

Discussion

    • assigned_to: nobody --> caplet
     
    • priority: 9 --> 8