Jason Coombs [mailto:jasonc (at) science (dot) org [email concealed]] writes:
<snip>
> ... the core problem with computer
> security is that our CPUs make no effort to restrict the execution of
> machine code to that very small subset of all possible machine code
> which constitutes the code that the owner of the CPU desires
> it to run.
<snip>
> If anyone really cared about solving this core security problem with
> computing today, it would be solved in just a few months.
Just one of the myriad of security issues that we're grappling with
are the various rights of the owner of the CPU, the *operator* of the
CPU, and the owner of the *data*, each of whom may have a more or less
legitimate say in what code actually gets executed. Far too many folks
have already "solved" this problem incorrectly for me to believe that
the "just a few months" solution you envisage will actually be correct.
<snip>
> ... the core problem with computer
> security is that our CPUs make no effort to restrict the execution of
> machine code to that very small subset of all possible machine code
> which constitutes the code that the owner of the CPU desires
> it to run.
<snip>
> If anyone really cared about solving this core security problem with
> computing today, it would be solved in just a few months.
Just one of the myriad of security issues that we're grappling with
are the various rights of the owner of the CPU, the *operator* of the
CPU, and the owner of the *data*, each of whom may have a more or less
legitimate say in what code actually gets executed. Far too many folks
have already "solved" this problem incorrectly for me to believe that
the "just a few months" solution you envisage will actually be correct.
David Gillett
[ reply ]