Craig,
I would say that generally it is the responsibility of the developer (or company) to ensure that what is in the image and what can be created by the image is secure enough for the purpose that it is created. Obviously no company can protect itself from a government (especially ours) but a lot can be done to protect the system from well defined threats scenarios. Adding cryptography to the system communications, and protecting the image so that it performs only as the developer intends without change, plus using standard test to verify implementations of critical algorithms does make things better.
I would think that the best possible way to make a secure image is to build from the bottom up, with something like spoon, to add only the code that is necessary. To perform extensive automated code coverage tests. To harden the image and the VM to check code before it is executed against a release certificate. To add proper intrusion detection to disable the software if tampering is detected and to encrypt everything stored to disk including the image and the VM. That along with securing the communications should make the system good enough. (Using the proper algorithms like suite B and having observed NIST common criteria or having NIST certification of the software also helps).
What really gets me is that I've been programming in Smalltalk for 10 years now. I've written programs for a 2 billion dollar company. I know that Sprint uses Smalltalk for switching, and there are some very large insurance companies that use Smalltalk. It just can not be possible that Smalltalk is only appropriate for corporate intranet applications and can not be secured for the internet. Either I'm missing something or this is something that this group can add to the value of the language.
Ron Teitelbaum
From: Craig Latta Sent: Tuesday, August 01, 2006 12:17 AM
Hi Ron--
I would think that placing a certificate on the image file would be good enough "IF" we could prevent changes to the object structure and code in memory.
Doesn't that go out the window the first time you allocate and/ordo a GC?
-C
-- Craig Latta http://netjam.org/resume
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography