[prev in list] [next in list] [prev in thread] [next in thread]
List: e-lang
Subject: [e-lang] The Birth of the Oz-E Project - Announcement
From: fsp () info ! ucl ! ac ! be
Date: 2004-06-10 10:00:17
Message-ID: 1086861617.40c8313129b65 () renoir ! info ! ucl ! ac ! be
[Download RAW message or body]
[cross posted to oz-e, e-lang, users@mozart-oz.org and announce@mozart-oz.org]
Mark, thanks for the announcement.
The decision to start with a separate Oz-E project, apart but still very much
connected to Mozart-Oz, was taken during Mark Miller's visit to Belgium, in
connection to Fred's "confirmation" proof. We hope this "temporary separation
of concerns" will enable the Oz-E designers and developers to give complete
priority on security and protection issues from day one, while still
maintaining the Mozart-Oz look and feel of the language as much as possible.
People interested in following-up, supporting, contributing and realizing this
joint-effort Oz-E project "To design and implement an Oz-like secure
multiparadigm language", are invited to do so. Mark Miller already described
the initial approach and strategy in his mail, included below.
We've set up a wiki site for the project, to contain the results from
discussions on design and implementation issues. It currently has a single
introduction page, containing a proposal for the mission statement.
Have a look at it here:
http://renoir.info.ucl.ac.be/twiki/bin/view/OZZY/WebHome
The site will be updated soon, to contain a more complete plan. Suggestions
are very welcome in this area too!
To join or follow the Oz-E project discussions, please subscribe on the Oz-E
mailing list at this address:
http://mailman.info.ucl.ac.be/mailman/listinfo/oz-e
(Like the e-lang mailing list, and unlike the settings of users@mozart-oz.org,
the "reply-address" is set to the entire list, not to the original poster
only.)
Fred & Boriss.
-----------------------
On Jun 8, 2004, at 4:15 PM, Mark S. Miller wrote:
[cross posted to e-lang and users@mozart-oz.org]
The biggest news from my Belgium trip is the birth of the Oz-E project, led
by Fred Spiessens. (As part of the MILOS project
http://renoir.info.ucl.ac.be/twiki/bin/view/INGI/MILOSProject .) Before I
explain the Oz-E itself, I'll explain the name. It turns out we were already
converging on a naming convention for applying E ideas to other languages,
but didn't quite know it yet:
Joe-E
The application of E ideas to the Java language, in order to create a
capability secure distributed language which is as compatible with Java
as is reasonably practical. ("Java" is a Sun trademark, but "cup of Joe"
is slang for coffee.) See the second half of
http://www.eros-os.org/pipermail/e-lang/2004-April/009797.html
E-on-Java
The current E implementation, in the Java language
Squeak-E
The application of E ideas to the Squeak language, to create a
capability secure distributed Squeak-like language. See
http://swiki.squeakfoundation.org/squeak-e
E-on-Squeak
Dean's work in progress to port Kernel-E onto the Squeak virtual machine.
(Along these same lines, if the attempt to apply E ideas to make a secure
Python is revived, it could be called Pyth-E (pronounced "pithy"), or Mont-E.)
The Oz-E project will attempt to apply E ideas to the Oz language to create
a secure distributed language that maintains the flavour of Oz, and is as
close to Oz as reasonably practical given the other goals. If the Oz-E
experiment is successful, we hope to see it become accepted as Oz 4. (The
current Oz is "Oz 3".)
When I arrived, Peter van Roy, one of the main Oz architects, leader of the
Belgium-based Oz group, and co-author of the big Oz book
http://www.info.ucl.ac.be/people/PVR/book.html , asked me how he should
autograph the copy he gave me. His autograph pledges
We will break upward compatibility in the relentless search for security!
Peter van Roy
http://renoir.info.ucl.ac.be/twiki/bin/view/INGI/ThePledge
Without such a pledge, such efforts are likely to be a waste of time.
Attempts at securing other languages should keep this in mind.
As I understand it, Oz-E will proceed in three parts:
* Local Oz-E will make an Oz-like local,ephemeral (as opposed to
distributed,persistent) capability secure language. We have a good plan for
how this can proceed initially on top of the current Oz platform -- by
adding a new verifier/loader in front of the current one which accepts only
Kernel-Oz-E, or "KOz-E" (pronounced "cozy"), and by only allowing imports of
Oz-E compatible libraries. This should have a similar structure to the Joe-E
architecture.
* Distributed Oz-E. The Oz world has an existing protocol system they use for
distributed computation (called DSS, I think). The security goals of DSS
would seem to be compatible with the needs of distributed Oz-E, but this is
still mostly unexamined.
* Capability secure GUI toolkit. As we found taming the Java libraries, we
expect that one of the hardest parts of functionality in the existing Oz
libraries to make secure will be the GUI toolkit. Currently, Oz uses QTk,
about which I know nothing. But from what I hear, there's nothing about QTk
that would lead me to suspect taming this would be easier than taming Swing
http://www.combex.com/papers/darpa-review/security-review.html#taming-holes .
Most exciting would be the creation of a new GUI toolkit, designed from the
ground up with capability principles in mind.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
-------------------
Fred Spiessens
UCL Louvain-la-Neuve Belgium
http://www.info.ucl.ac.be/people/fsp/fred.html
------------- you'r invited to: -------------------------
the Second International Mozart/Oz Conference
(MOZ 2004)
Charleroi, Belgium, Oct. 7-8, 2004
http://www.cetic.be/moz2004
-------------------------------------------------------------
_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic