
Secure Modular Runtimes - ispivey
https://guybedford.com/secure-modular-runtimes.html
======
throwaway_pdp09
This is an excellent, in-depth and thoughtful article. I'd say the only thing
it omits, and I do think is crucial, is not using X where X is unnecessary.
You can close a lot of security holes just by doing that. Still a great read.

------
Kednicma
Spectre seems serious. Even the E family of languages (E, Monte, Joule,
Grace), which have similar lineage to ECMAScript but have always been focused
on isolation, don't have ready answers for how to mitigate Spectre and related
attacks.

I think that hardware-effect attacks are going to be the primary thorn in our
side for the next few decades, even if we all agree to switch to object-
capability systems immediately.

~~~
nwah1
Definitely agree that we should switch to object-capability systems.

Also, both hardware and software could be hardened through formal
verification. Usually the focus is software, but given the recently exposed
flaws, hardware verification seems sorely needed.

Standardizing on ECC memory and encrypted memory would help. Looks like
encrypted memory is happening on all new x86 business-focused processors, but
ECC is still far too uncommon which means RowHammer is still an issue.

And greatly simplified instruction sets would help, but that is probably the
least likely to happen.

~~~
throwaway_pdp09
> could be hardened through formal verification

Yeah... but that only works by you verifying your assumptions. If your
assumptions are wrong, you remain screwed. I'm all for it but it's not
perfection.

