[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java insecurity - long - argumentative - you are warned.

To: [email protected]
Subject: Re: Java insecurity - long - argumentative - you are warned.
From: [email protected]
Date: Fri, 10 Nov 1995 21:38:43 -0800
Comments: This message is NOT from the person listed in the Fromline. It is from an automated software remailing service operating atthat address.THE PORTAL SYSTEM DOES NOT CONDONE OR APPROVE OF THE CONTENTS OF THISPOSTING. Please report problem mail to <[email protected]>.
Sender: [email protected]

On Tue, 7 Nov 1995, Dietrich J. Kappe wrote:

> >>> While all this checking appears excruciatingly detailed, by the time
> >>> the byte code verifier has done its work, the Java interpreter can
> >>> proceed knowing that the code will run securely. Knowing these
> >>> properties makes the Java interpreter much faster, because it doesn't
> >>> have to check anything.
> >
> >Yikes!!  I'll leave this for someone else to address.  This sounds to me
> >like a variation on virus scanning.  I think that there are far more
> >reputable virus experts than I who can comment and expand on *flaws* with
> >that approach.
> 
> This "checking," as any comp-sci undergrad will tell you, amounts to solving
> the halting problem for the java interpreter. While this is possible for a
> finite state automata like the java interpreter (made more difficult by the
> fact that it can use the "net" for additional state), it is not even
> remotely feasable.

OK, so by saying that it is not "even remotely feasable", you're saying 
that any comp-sci undergraduate will say that it can't be done?  

That is what "not even remotely feasable" means, doesn't it??  I mean, 
even if Marketing wants this problem solved, that won't be enough?

> If you can write a checker that works in a reasonable amount of time, I'll
> write a turing machine simulator that'll do something nasty if the input
> machine halts. Then we'll split the fame and fortune for solving the 5 state
> Busy Beaver problem. Deal?

I'm sorry, I only work for T-shirt and mug contests. <grin>  That fifteen 
minutes of fame thingy, just isn't my cup of tea.



> Dietrich Kappe | Red Planet    http://www.redweb.com
> Red Planet, LLC| "Chess Space" | "MS Access Products" |  PGP Public Key
> 1-800-RED 0 WEB|    /chess     |       /cobre         | /goedel/key.txt
> Web Publishing | Key fingerprint: 8C2983E66AB723F9 A014A0417D268B84


Alice de 'nonymous ...

                                  ...just another one of those...


P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.

Prev by Date: Re: POTP Security
Next by Date: technical and social structures in the pseudonymous economy
Prev by thread: Re: Java insecurity - long - argumentative - you are warned.
Next by thread: Crypto Law Survey - updated and online
Index(es):
- Date
- Thread