René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"object capability demonstration using secure VATs","articleBody":"There's a great body of work on object capability languages as a way of managing the risk of running untrusted code modules by only exposing limited fine-grained capabilities to the untrusted code.\n\nhttp://www.erights.org/\n\nBut, while the subject is untrusted code, the environment itself in which the code runs, called a \"Vat\",  must be considered trusted. \n\n![Image](https://github.com/user-attachments/assets/aa9514f1-556e-4f6c-bd25-4c9b00cf85a0)\n\nThis is problematic when using cross-vat distributed code, because one malicious vat can steal the \"Swiss number\" references (random unguessable strings, effectively symmetric keys). \n\nThis makes it hard to reconcile object capability languages with smart contracts. In smart contracts we go out of our way to run consensus protocols so that a trusted environment can be built on untrusted nodes, but we can't assume privacy and so we can't use Swiss number references.\n\nSo now, by instantiating the vat with Dstack, we might be able to close this gap and draw some more insights or better composition / better hardening as a result.\n\nAs a starting point, we might simply run existing ocap sandbox in Dstack, possibly adding a new shim for referencing objects in different Dstack instances as different vats\nhttps://github.com/endojs/endo\n\nA more thoughtful example probably needs to illustrate some pattern of passing serialized/hardened code, containing Swiss numbers or even private keys, between such sandboxes. Needs more thought though\n\nchatgpt discussion:\nhttps://chatgpt.com/share/67ff0b25-b580-8009-a13b-d5ca70cb5fb7\n\n","author":{"url":"https://github.com/amiller","@type":"Person","name":"amiller"},"datePublished":"2025-04-16T02:32:47.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":2},"url":"https://github.com/29/dstack-examples/issues/29"}