[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] Type enforced security

To: Garrett Smith <g@xxxxxx>
From: Richard Mortier <richard.mortier@xxxxxxxxxxxx>
Date: Wed, 16 Sep 2015 11:16:45 +0100
Cc: mirageos-devel <mirageos-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 16 Sep 2015 10:16:52 +0000
List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

On 16 September 2015 at 11:12, Garrett Smith <g@xxxxxx> wrote:
> I'm wondering if the OCaml type systems is (or could be) used to
> enforce a various security baselines to help maintainers guard against
> errant patches, features, etc. Is there a specific example I can point
> to that highlights the advantages of using the OCaml type system
> vis-a-vis C's along this line?

One possibility that springs to mind immediately, and has been
previously discussed but unfortunately not implemented, would be to
use phantom types to tag incoming network data with its endiannes, so
that correct byteswapping could be enforced through the stack. (Though
that would be more a property of the stack rather than a specific
guard against bad patches etc. so not sure it's what you're asking
for...)

-- 
Richard Mortier
richard.mortier@xxxxxxxxxxxx

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

References:
- [MirageOS-devel] Type enforced security
  - From: Garrett Smith

Prev by Date: [MirageOS-devel] Type enforced security
Next by Date: Re: [MirageOS-devel] Type enforced security
Previous by thread: [MirageOS-devel] Type enforced security
Next by thread: Re: [MirageOS-devel] Type enforced security
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.