Managed Code and Runtime Environments - Another layer of added security?

[neumann at csl.sri.com (Peter G. Neumann)]

Der Mouse is barking up the right rathole.

*** BEGIN SOAPBOX ***

Having cut my security eye-teeth in Multics from 1965 to 1969, I am
continually drawn back into discussions of what Multics did right that
has been systematically (!) ignored by almost all subsequent operating
systems.  For the younger folks among the SC-L audience, let me mention
a few of the architectural strengths.  There were no buffer overflows in
the stack, because anything out of the stack frame was not executable.
The ring-structured domain architecture and file system access controls
permitted straightforward sandboxing.  Dynamic linking and revocation
were fundamental.  Segmentation and paging enabled layers of virtual
machines and protected virtual memory.  The I/O system had virtual
stream names, virtual I/O, and common device-driver software where
appropriate, coupled with separate hardware for the input-output
controller (GIOC).  The programming language was the stark EPL subset of
PL/I and the corresponding McIlroy-Morris EPL compiler, which seems to
have avoided some of the characteristic programming errors that are
still common today.  No software was written until there was an approved
specification, with well defined interfaces and exception conditions
that were explicitly characterized in EPL.  And so on into a visionary
sense of a future that has been largely lost for may perceived reasons,
some of which are bogus, some of which are just seriously short-sighted.

*** END SOAPBOX ***

I'm sure this message may generate all sorts of Ifs and Ands and Buts.
But the Butt we are kicking is our own.

Cheers!  PGN