And if the platform you are building upon supports reflectively evaluating code, it could be as easy as something like this (in OO pseudocode):
define load_message(message)
...
eval(message.code)
Of course it can't be that easy. What if the code in the message does something like:
new stdlib.io.File("/").delete()
The standard way to avoid the vulnerability is to put the code in a so-called sandbox. It sounds very secure, but in practice this usually amounts to gathering up a list of "dangerous" call sites and inserting in each some code to check if the caller has permission to proceed. So the implementation of delete would include code along the lines of:
define delete()
if VM.callStackContainsEvilCode?()
raise YouShallNotPassException()
...
This is fraught with problems. It requires runtime support for inspecting the call stack and a system for declaring that certain code has some level of authorization while some other code has a lower level. Not to mention the busywork of going trough the code and peppering that little snippet over every suspect call site. If you miss one — say, for instance, a method that gets the addresses of all contacts on your email application — and you have a security bug on your hands.
A better way ?
Perhaps there is a better way. Take another look at the offending line: new stdlib.io.File("/").delete(). It is only able to call the dangerous delete() method because it has a reference to a file object pointing to the root of the filesystem. And it only has that reference because it could reach for the File class on a global namespace. What if there was no global namespace?It might seem weird, but it's not that hard to imagine a programming system lacking a global namespace. Many object-oriented languages, following Smalltalk's lead, have a notion of a metaclass, an object that represents a class. Many of them (also following Smalltak) also get by without a "new" operator. Objects are created by calling a method — usually named new() — on the metaclass object.
We are very close now. The last step, unfortunately not taken by most common languages, is to avoid anchoring the metaclass object onto a global namespace. The result is that code can only create objects of the classes it holds a reference to. And it only has a reference if it is given one via a method or constructor parameter.
Proceeding recursively, we end up with a stratified program. There is an entry point that receives a reference to the entire standard library, and each call site decides how much authority to grant each callee. On our example, when we evaluate external code we can grant very little authority, meaning we can pass the evaluated code just a handful of references. Care must be taken so that none of them will direct or indirectly provide a way to create a File. In a way, object design becomes security policy.
And we get very fine-grained control over such policy. We could, for instance, grant loaded code authority to write on a designated directory just by passing it a reference to the Directory object for that directory. Our choices get even more interesting when we realize we can pass references to proxies instead of real objects in order to attenuate authority. Continuing with our example, hoping it doesn't get too contrived, we could build a proxy for the Directory that checks if callers exceed a given quota of disk space.
Research
I have mentioned above that most common languages don't fit this post's description. But there are languages that do, a prime example is E. In fact, there is a whole area of research for dealing with security in this manner, it's called "object capability security".I'm not really a security guy, I got interested in the area due to the implications for language and system design. If you got interested, for any reason, please check out Mark Miller's work. He is the creator of the E language and the javascript-based Caja project. His thesis is very readable.
630 comments:
«Oldest ‹Older 601 – 630 of 630I am here for the first time. I found this table and found it really useful and it helped me a lot. I hope to present something again and help others as you have helped me.
Business Analytics Course in Nagpur
I wanted to thank you for this great read!! I definitely enjoying every little bit of it waiting for next one.
Data Analytics Course in Chennai
Research Paper Help
Research Paper Writing Service
Write My Paper For Me
Legitimate Essay Writing Services
Dissertation Statistics Help
CDR Report Writers
CDR Engineers Australia
CDR Writing Services
This is truly an practical and pleasant information for all and happy to see this awesome post by the way thanks for sharing this post.
Data Scientist Course in Noida
Very great post which I really enjoy reading this and it is not everyday that I have the possibility to see something like this. Thank You.
Best Online Data Science Courses
So luck to come across your excellent blog, glad i found it. Keep posting new articles. Good luck.
Data Science Course Details
I finally found a great article here. Quality postings are essential to get visitors to visit the website, that's what this website offers.
Data Science Course in Indore
A splendid job! Thank you for blog. you write very nice articles, I visit your website for regular updates.
AWS DevOps training in Hyderabad
A splendid job! Thank you for blog. you write very nice articles, I visit your website for regular updates.
servicenow training and placement in hyderabad
I want to leave a little comment to support and wish you the best of luck.we wish you the best of luck in all your blogging enedevors
data science training in trivandrum
Thanks for posting the best information and the blog is very good.data science course in rajkot
Thanks for posting the best information and the blog is very good.data analytics course in udaipur
Thanks for posting the best information and the blog is very good.data science training in rajkot
It's like you've got the point right, but forgot to include your readers. Maybe you should think about it from different angles.
Data Analytics Course in Kolkata
I want to leave a little comment to support and wish you the best of luck.we wish you the best of luck in all your blogging enedevors
data scientist course in faridabad
I just got to this amazing site not long ago was actually captured with the piece of resources you have got here and big thumbs up for making such wonderful blog page!
Data Scientist Course
Very good message. I came across your blog and wanted to tell you that I really enjoyed reading your articles.
Business Analytics Course in Nashik
It's always nice to be able to not only be informed, but also entertained! I'm sure you enjoyed writing this article.
Data Scientist Course in Ahmedabad
Very informative message! There is so much information here that can help any business start a successful social media campaign!
data science training in london
We provide the best GIS homework help services in the market with best rates
It's like you've got the point right, but forgot to include your readers. Maybe you should think about it from different angles.
Business Analytics Course
Enjoying the great outdoors through camping, fishing, hiking, biking can be more memorable if you are not worried about going back home as soon as the sun starts setting. To last longer in the outdoors, a well-furnished recreational vehicle(RV) will come in handy where you will feel at home after the whole day’s experience with nature. Read more about Best Electric Tankless Water Heater for RV
I want to leave a little comment to support and wish you the best of luck.we wish you the best of luck in all your blogging enedevors
data analytics course in varanasi
I want to leave a little comment to support and wish you the best of luck.we wish you the best of luck in all your blogging enedevors
data analytics course in thiruvananthapuram
Our Strategic Management Analysis Help provides you with various ways to get rid of that workload you’ve been carrying for a long time. Providing us with your Strategic Management Assignment allows you to focus on your studies. A vital part of management studies in strategic management involves analysing the organisation internally and investigating the competitive environment to develop strategies for achieving defined goals and running the organisation smoothly. Read more about Strategic Management Analysis Help
Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work!data scientist course in ghaziabad
I want to leave a little comment to support and wish you the best of luck.we wish you the best of luck in all your blogging enedevors
data scientist course in trivandrum
I think this is a really good article. You make this information interesting and engaging. Thanks for sharing.
Data Science Course in India
Thank you quite much for discussing this type of helpful informative article. Will certainly stored and reevaluate your Website.
Data Analytics Course in Bangalore
It's always nice to be able to not only be informed, but also entertained! I'm sure you enjoyed writing this article.
Data Scientist Course in Ahmedabad
Post a Comment