[erlang-questions] security concerns

John Kemp john@REDACTED
Fri Apr 4 16:26:30 CEST 2014

On 04/04/2014 09:44 AM, Miles Fidelman wrote:
> John Kemp wrote:
>> On 04/04/2014 08:10 AM, Arif Ishaq wrote:
>>> I just saw a post by Carlos-Trigoso on the security, or rather lack
>>> thereof in Erlang
>>> (http://carlos-trigoso.com/2014/03/04/security-taken-lightly/) .
>>> It seems like a fair evaluation.
>> I would suggest that it is _not_ a fair evaluation.
>> As Loïc mentioned, name any language or OS environment that does
>> something like what the author suggests for Erlang?
> Well.... Fabric comes to mind:
> http://web.mit.edu/fabric_v0.2.0/fabric.pdf, so does E (erights.org). As
> does a LOT of work in the areas of secure distributed operating systems,
> distributed agent systems, and such.

Ah, yes, if you are talking about object capability languages, then 
we're into a different ballgame. In commonly-used languages, only 
ECMAScript, as implemented in browsers (not node) is also close: 
http://wiki.ecmascript.org/doku.php?id=ses:ses. And then we have the 
other secure Javascript variants, Caja, FBJS and Adsafe.

None of these address how network nodes talk to each other at all. 
iGoogle (using Caja) did address how malicious code could be prevented 
from messing with valid code even when Javascripts came from different 
vendors and was combined within the same iGoogle page.

iframe sandboxing and several other techniques are used in web pages to 
allow message passing between DOM nodes within the web browser, which is 
a somewhat similar (but not identical) problem.

> I guess you could also look at various web service platforms.
> On the other hand, Erlang stands alone as a mature, proven,
> in-production distributed run-time environment for highly concurrent
> systems - so it's not clear that comparisons to other languages or
> operating system environments apply.
>> But more than that, why would protocols for connecting nodes inside of
>> a network be the same as protocols used between data-centres,
>> particularly when connections between data centres will possibly go
>> across networks not owned by the owner of the data centres?
> Am I wrong, but I wasn't under the impression that Erlang's distributed
> processing functions are only for connecting nodes inside a data center.

Just to take one example. The Amazon Dynamo paper describes a gossip 
protocol between nodes on a ring. Would you want to implement that same 
gossip protocol across two data centres separated by high-latency 
networks? I wouldn't.

Erlang nodes pass messages to each other in patterns defined by 
application developers. In some cases, those patterns will be 
appropriate between DCs, but in others, they probably won't.

Speaking personally, I would still not (except in rare cases) expect a 
protocol used for connecting nodes inside a local network to be 
appropriate for connecting nodes across WANs, regardless of whether it 
is possible to do so.

- johnk

> Miles Fidelman

More information about the erlang-questions mailing list