Mark Miller wrote:
Holding only Cassie's code constant, is there some way we could rewrite Max's code so that he could obtain this information?
In actual Scheme, or in any language with a non-local exit such as call/cc or throw/try/catch, there is a way. Max's calculators could throw and Max could catch. If we decide that continuations and 'throw' are not deep-frozen, then calc-factory can't refer to these freely and still be accepted. But this doesn't solve the problem. For example, when presented with an even number, Bond could divide by 0, indirectly causing a throw, thus revealing to Max that the number he was given was even.
Fortunately, Cassie can easily prevent this attack by surrounding the calls to Q and Bond with a try/catch, in order to keep the exit from propagating. Unfortunately, real programmers will often forget to do so, as I just did, so this issue remains a real hazard.
https://sourceforge.net/tracker/index.php?func=detail&aid=1211106&group_id=75274&atid=551529 http://www.combex.com/papers/darpa-review/security-review.html#UniversalScope -- Text by me above is hereby placed in the public domain Cheers, --MarkM _______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
