|
|
Safe-Tcl Security Model, The
|
Author(s):
|
|
Jacob Y. Levy, John K. Ousterhout and Brent B. Welch
|
|
Report Number:
|
Date Published:
|
Available Formats:
|
|
TR-97-60
|
March 1997
|
Portable Document Format (PDF)
Postscript (PS)
Request Hard Copy
|
| Abstract |
|
Safe-Tcl is a mechanism for controlling the execution of programs written in the Tcl scripting language. It allows untrusted scripts (applets) to be executed while preventing damage to the environment or leakage of private information. Safe-Tcl uses a p added cell approach:
each applet is isolated in a "safe interpreter" where it cannot interact directly with the rest of the application. The execution environment of the safe interpreter is controlled by trusted scripts running in a "master interpreter." Safe-Tcl provides an "alias" mechanism
that allows applets to request services from the master interpreter in a controlled fashion. Safe-Tcl allows a variety of security policies to be implemented even within a single application, and it supports both policies that authenticate incoming scripts and those that do not.
|
|
|
