Puzzle: Adding domain-based security to Squeak.

Michael van der Gulik squeakml at gulik.co.nz
Thu Aug 10 10:33:20 UTC 2006


Major modifications to the VM? Good grief.

I was thinking that you could re-write new or basicNew or equivalent 
entry point to increment a domain's memory counter. If that memory 
counter goes over a limit, then new or basicNew would wait on a 
Semaphore until the limit has gone under again. Or it could throw an 
Exception or something.

Then I believe >>finalize is the method called when the GC happens. This 
would do the opposite.

I'll be putting my code where my mouth is soon and see if this would work.

Oh, and the references all look useful. I really need to get looking at 
Islands properly; I believe it solves a few other problems I'm working 
around.

Michael.

Andreas Raab wrote:
> None of the cited references will solve the original problem(s). They 
> are related but they won't solve it. Managing memory limits alone would 
> require *major* modifications of the VM.
> 
> Cheers,
>   - Andreas
> 
> Frank Shearar wrote:
> 
>> "Michael van der Gulik" <squeakml at gulik.co.nz> wrote:
>>
>>> Hi Howard.
>>>
>>> I forgot to mention that the reason I'm doing this is to allow untrusted
>>> foreign code to run in the same image as trusted code. Untrusted code
>>> must be carefully managed - it must not be able to consume large amounts
>>> of memory, CPU or disk space to which it is not entitled. Untrusted code
>>> / objects must not prevent trusted code from operating well.
>>
>>
>> Have you looked at the (Tweak) Islands [1] work? Lex Spoon also did work
>> with the same name [2], IIRC. And there's the Squeak-E [3] stuff too.
>>
>> [1] http://tweak.impara.de/TECHNOLOGY/Whitepapers/Islands/
>> [2] http://minnow.cc.gatech.edu/squeak/2074
>> [3] http://www.erights.org/history/squeak-e.html
>>
>> frank
>>
>>
>>
> 
> 
> 




More information about the Squeak-dev mailing list