Confirmed users, Bureaucrats and Sysops emeriti
419
edits
Security:Bibliography: Difference between revisions
Jump to navigation
Jump to search
→People
No edit summary |
(→People) |
||
| Line 1: | Line 1: | ||
=== | === Foreword === | ||
Browser security in my experience turns out to be mostly security in programming language design and implementation. The number of critical security bugs that we've faced over the years that were in the crypto module, or in HTTP code, were very few compared to the total bug count. | Browser security in my experience turns out to be mostly security in programming language design and implementation. The number of critical security bugs that we've faced over the years that were in the crypto module, or in HTTP code, were very few compared to the total bug count. | ||
| Line 6: | Line 6: | ||
Rather than attempting a bibliographic summary or history of the state of security research, I am starting with a list of people whose work I know best. | Rather than attempting a bibliographic summary or history of the state of security research, I am starting with a list of people whose work I know best. | ||
=== People === | |||
[[http://www.ics.uci.edu/~franz/ Michael Franz]], who is at UC Irvine, spoke at [[http://www.research.ibm.com/vee04/talks.html an IBM virtual machine conference]] two years ago where I spoke on Firefox and Mozilla's VM needs. He was kind enough to stop by Mozilla in early March of this year and speak on his work. See http://www.ics.uci.edu/%7Efranz/Site/research.html for links to his work. Michael's focus on virtual machines and compilers points the way toward real browser as well as OS security, transcending the current mode among browser implementors of hacking and patching memory-unsafe C++ code. The most-trusted computing base must not be megalines of code -- it should be the compiler, VM, and security module, at tens or at most hundreds of KSLOCs. | [[http://www.ics.uci.edu/~franz/ Michael Franz]], who is at UC Irvine, spoke at [[http://www.research.ibm.com/vee04/talks.html an IBM virtual machine conference]] two years ago where I spoke on Firefox and Mozilla's VM needs. He was kind enough to stop by Mozilla in early March of this year and speak on his work. See http://www.ics.uci.edu/%7Efranz/Site/research.html for links to his work. Michael's focus on virtual machines and compilers points the way toward real browser as well as OS security, transcending the current mode among browser implementors of hacking and patching memory-unsafe C++ code. The most-trusted computing base must not be megalines of code -- it should be the compiler, VM, and security module, at tens or at most hundreds of KSLOCs. | ||