[bitc-dev] deeply immutable functions and Haskell's ST
Mark Miller
markm at cs.jhu.edu
Fri Aug 26 22:24:38 EDT 2005
Mark Miller wrote:
> Holding only Cassie's code constant, is there
> some way we could rewrite Max's code so that he could obtain this
> information?
In actual Scheme, or in any language with a non-local exit such as call/cc or
throw/try/catch, there is a way. Max's calculators could throw and Max could
catch. If we decide that continuations and 'throw' are not deep-frozen, then
calc-factory can't refer to these freely and still be accepted. But this
doesn't solve the problem. For example, when presented with an even number,
Bond could divide by 0, indirectly causing a throw, thus revealing to Max that
the number he was given was even.
Fortunately, Cassie can easily prevent this attack by surrounding the calls to
Q and Bond with a try/catch, in order to keep the exit from propagating.
Unfortunately, real programmers will often forget to do so, as I just did, so
this issue remains a real hazard.
https://sourceforge.net/tracker/index.php?func=detail&aid=1211106&group_id=75274&atid=551529
http://www.combex.com/papers/darpa-review/security-review.html#UniversalScope
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the bitc-dev
mailing list