restricted execution

[Torbjorn Tornkvist]

Lawrie Brown, <Lawrie.Brown@REDACTED>, has done lots of work
in this area. Check with him what the status is of his work.

Cheers , Tobbe

erlang@REDACTED wrote:

>This is my week for stupid questions ... on the plus side I'm finding 
>erlang so compelling that I might actually gain some proficiency by dint of
>outright practice.
>
>This evening's topic for debate before the symposium:
>
>In my researches online (so many that by now my head spins) I see lots of
>references to safe, or safer, erlang, and various models of restricted
>execution.
>
>Well, that's nice.  If I really, really wanted to run something relatively
>customised, I could always implement a virtual machine (not a possibility 
>I have completely eliminated, but one I'd prefer to avoid).  I'd rather not,
>and this is pretty much my bottom line, have to deal with non-standard
>forms of the language.
>
>What I do want to be able to do:  run a user-provided process with some
>assurance that the only external data access it has is precisely that which
>I can provide it.
>
>I realise that quite likely the basic form of Erlang doesn't make provision
>for this, but looking at the facilities for cookies and so on, it strikes
>me that something ought to be possible.
>
>Is there a particularly common or usual answer to this?  I've worked in 
>telecom situations, and I know that quite a lot of kit works with shared
>secrets, which is pretty much what the cookies implement.  Anyone have
>any suggestions?
>
>My ideal situation: spawn a process, give it in its arguments a few 
>processes it can communicate with, and leave it with no other sources of
>information, nor external contact facilities.
>
>  
>