Extending ERLANG for Safe Mobile Code Execution

This paper discusses extensions to the functional language Erlang which provide a secure execution environment for remotely sourced code. This is in contrast to much existing work which has focused on securing procedural languages. Using a language such as Erlang provides a high degree of inherent run-time safety, which means e ort can be focused on providing a suitable degree of system safety. We found that the main changes needed were the use of unforgeable (capability) references with access rights to control the use of system resources; the provision of a hierarchy of execution nodes to provide custom views of the resources available and to impose utilisation limits; and support for remote module loading. We then discuss prototype implementations of these changes, used to evaluate their utility and impact on visibility for the users of the language, and mention work in progress using this foundation to specify safety policies by ltering messages to server processes.