[x] Code can be shared without compromising security
This is made possible with...
* compile-time memory protection
* automatic memory management
* compile-time data access restrictions (mark struct members as read-only)
* divide programs into small, mutually-distrusting components
* add features by adding components, not by changing existing components
The last two points are things the programmer has to do, but keep in mind that programming languages today don't even give you the opportunity to design this way. The last paradigm that did was C / Unix, and that was back when it was reasonable to send program state over a pipe.
Java tried to do this in the 90s, but a quick web search for "Java security" will turn up the historical record. In my opinion, VMs are inherently insecure, so I think the flaw in Java's approach was the decision to make Java run on a VM. VMs are inherently monolithic, and thus violate the "network of mutually-distrusting components" point above.
This is made possible with...
* compile-time memory protection
* automatic memory management
* compile-time data access restrictions (mark struct members as read-only)
* divide programs into small, mutually-distrusting components
* add features by adding components, not by changing existing components
The last two points are things the programmer has to do, but keep in mind that programming languages today don't even give you the opportunity to design this way. The last paradigm that did was C / Unix, and that was back when it was reasonable to send program state over a pipe.
Java tried to do this in the 90s, but a quick web search for "Java security" will turn up the historical record. In my opinion, VMs are inherently insecure, so I think the flaw in Java's approach was the decision to make Java run on a VM. VMs are inherently monolithic, and thus violate the "network of mutually-distrusting components" point above.
For more semi-coherent rambling on this topic, see my latest blog post... http://dbpokorny.blogspot.com/2013/11/prisoner-of-paradigm.h...