On 30 May 2014 at 2:27 pm,
Anil Madhavapeddy [mailto:anil@recoil.org] wrote:
> On 15 May 2014, at 15:56, Thomas Sanders <thomas.sanders@citrix.com> wrote:
> >
> > I care about security. I was the tech lead for the work of getting a
> > slightly customised version of XenServer 6.0.2 through Common Criteria
> > certification. I'd love a chance to apply a capability-based approach
> > where it makes sense. We could probably use OCaml's type system to get
> > more assurances of correctness than we do at present. I look forward to
> > dom0 services being split out into individual service VMs or stub-
> > domains.
>
> It's really interesting to hear this. There is an information-flow variant
> of OCaml called FlowCaml that could be resurrected fairly easily if
> a suitable use case came up (like CC cert).
> This lets the programmer understand how information is travelling across
> various modules in a complex codebase.
Thank you: FlowCaml does look interesting.
Another security-related OCaml variant is Emily[1][2], "a subset of
OCaml that uses a design rule verifier to enforce object-capability
principles. It demonstrates how memory-safe languages can be
transformed into breach-resistant object-capability systems with
little loss of either expressivity or performance."
Emily and FlowCaml could even be combined.
> Dave and Thomas have also been
> pulling out the core logic of Xenstore into a separate Git-like database
> called Irmin
Just to clarify for others: that would be Thomas Gazagnaire, not me.
Thomas Sanders
[1] http://wiki.erights.org/wiki/Emily
[2] http://www.skyhunter.com/marcs/emilyWalnut.html
_______________________________________________
Xen-api mailing list
Xen-api@lists.xen.org
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api
Anil Madhavapeddy [mailto:anil@recoil.org] wrote:
> On 15 May 2014, at 15:56, Thomas Sanders <thomas.sanders@citrix.com> wrote:
> >
> > I care about security. I was the tech lead for the work of getting a
> > slightly customised version of XenServer 6.0.2 through Common Criteria
> > certification. I'd love a chance to apply a capability-based approach
> > where it makes sense. We could probably use OCaml's type system to get
> > more assurances of correctness than we do at present. I look forward to
> > dom0 services being split out into individual service VMs or stub-
> > domains.
>
> It's really interesting to hear this. There is an information-flow variant
> of OCaml called FlowCaml that could be resurrected fairly easily if
> a suitable use case came up (like CC cert).
> This lets the programmer understand how information is travelling across
> various modules in a complex codebase.
Thank you: FlowCaml does look interesting.
Another security-related OCaml variant is Emily[1][2], "a subset of
OCaml that uses a design rule verifier to enforce object-capability
principles. It demonstrates how memory-safe languages can be
transformed into breach-resistant object-capability systems with
little loss of either expressivity or performance."
Emily and FlowCaml could even be combined.
> Dave and Thomas have also been
> pulling out the core logic of Xenstore into a separate Git-like database
> called Irmin
Just to clarify for others: that would be Thomas Gazagnaire, not me.
Thomas Sanders
[1] http://wiki.erights.org/wiki/Emily
[2] http://www.skyhunter.com/marcs/emilyWalnut.html
_______________________________________________
Xen-api mailing list
Xen-api@lists.xen.org
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api