[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MirageOS-devel] Type enforced security

To: mirageos-devel@xxxxxxxxxxxxxxxxxxxx
From: Garrett Smith <g@xxxxxx>
Date: Wed, 16 Sep 2015 05:12:04 -0500
Delivery-date: Wed, 16 Sep 2015 10:12:37 +0000
List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

Is there an example in the Mirage codebase where the OCaml type system
is used explicitly to enforce a security policy or behavior? This is a
bit of a weird question, sorry, I'll explain.

I'm putting together a presentation on unikernels and I'm looking over
the various vulnerability patches in OpenSSL and thinking a) yeah, the
underlying  C code make it pretty tough to spot edge cases and bugs
but b) the patches themselves aren't obviously correct (to me).

I'm wondering if the OCaml type systems is (or could be) used to
enforce a various security baselines to help maintainers guard against
errant patches, features, etc. Is there a specific example I can point
to that highlights the advantages of using the OCaml type system
vis-a-vis C's along this line?

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

Follow-Ups:
- Re: [MirageOS-devel] Type enforced security
  - From: Hannes Mehnert
- Re: [MirageOS-devel] Type enforced security
  - From: Richard Mortier

Prev by Date: [MirageOS-devel] Setting up multiple records in Jitsu
Next by Date: Re: [MirageOS-devel] Type enforced security
Previous by thread: [MirageOS-devel] Setting up multiple records in Jitsu
Next by thread: Re: [MirageOS-devel] Type enforced security
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.