Monday, February 2, 2009

a new toy


test(function () {
var o = {x: {y: function () {}}};
var m = makeMembrane(o);
m.setPolicy(o.x.y, {caller: logCall});
return wasLogged();

==> true

Problem: securely share an arbitrary object with different parties with varying levels of trust

Phase 1 of the solution: a functional, bidirectional advice system

  • lazily & deeply copy an object and proxy calls from the view to the model

  • subtlety: prevent references from the model to leak to the view and vice-versa; consumers of the view have a different notion of equality than those of the model

  • allow users of the model to set advice for actions performed by consumers of a view

  • subtlety: advice applies only to the view. membrane owners may separately and securely control the associated view.

  • subtlety: advice acts exactly at the divide between the model and view, but must still be protected

For those familiar with them, this is similar to a popular idea with object capabilities -- except adding advice is the first step towards usability and verification.

Phase 2: to be described in a much later post -- how to realistically get usability and verification out of this.

Phase 3: profit

No comments: