Confinement

Butler Lampson defined the confinement problem many years ago and showed that systems then were far from solving it. We are farther away now in conventional systems. With confinement I can use your code but not see it while you can not see my data that your code is processing, even when we both have access to the system where the code is running. Keykos has the factory which solves the problem except for covert channels. The solution is uniform for capabilities but covert channels may require ad-hoc measures. For many purposes the covert channels are not important. The language KOKA has similar protections available built into their type system. The E language has auditors that can test for these properties.

I suspect that we have all heard of some application that relied on a large data base. The application was retired and some machine operator deleted the data base thinking that it was no longer needed. In fact other applications had come along to use that data and those were lost. Garbage collection from the language world is the answer to this except when it comes to the problem of reporting to the accounting department how that petabyte of storage is to be expensed. Keykos had plans but no tested solutions.