Hails questions
Does Hails suffer from the external timing channel? If so, explain the attack. If not, explain why this is not a concern. Consider the scenario where an attacker is able to execute code server-side (e.g., as part of a VC).
Hails relies on COWL to enforce IFC in the browser. Suppose that was not the case. Can you think of a way of addressing leaks due to untrusted HTML using a server-side only solution? (Hint: you may want to look at the resin assignment for inspiration.) Bonus: What about untrusted JavaScript?
Why did Hails eventually move from policies as pure functions (
Document -> Label
) to side-effecting ones (Document -> LIO Label
)? What is a negative trade-offs due to this?