Documentation

From Erights

(Difference between revisions)
Jump to: navigation, search
m (lililil)
(Books and Theses)
 
(46 intermediate revisions not shown)
Line 1: Line 1:
-
[http://free-personal-horoscope.kamahi.in/ free personal horoscope] [http://usbehcisys.holily.in/ usbehci.sys] [http://1x-0007.ibelgique.com/resources/nitrate-ions.html ion nitrate] [http://danakrogman.ifrance.com/wiki/psilocybin-fact.html psilocybin fact] [http://lucienneespinoz.ifrance.com/comments/pressure-transmitter.html pressure transmitter definition] [http://danakrogman.ifrance.com/wiki/mofunzone.html mofunzone] [http://marlineoreilly.ifrance.com/small/coolnavi.html coolnavi] [http://imp-r0.isuisse.com/topic/lettering.html lettering] [http://dillon-sky.ibelgique.com/tower-of-babel.html coloring pages about the tower of babel] [http://morningmoon.we.bs/web/overall-fitness.html overall fitness] [http://lucienneespinoz.ifrance.com/comments/kissing-party.html kissing party girls] [http://morningmoon.we.bs/web/namecheapcom-discount.html namecheap.com discount coupon] [http://carmagaleano.ifrance.com/topic/adult-free-streaming.html adult free streaming cams] [http://live-beeez.ibelgique.com/240sx.html nissan 240sx part] [http://aero-lite.ibelgique.com/self-promotion.html designer promotion self] [http://marlineoreilly.ifrance.com/small/sync4j-outlook.html sync4j outlook] [http://matts-tar.ibelgique.com/lib/free-flash.html download flash free macromedia] [http://refinancing-refinancing.holily.in/ refinancing refinancing mortgagemavericksonline.com] [http://marlynbarrios.iespana.es/resources/altell.html altell free ring tone] [http://latonyawelling.ifrance.com/lib/discount-footwear.html discount footwear] [http://erlinetor.we.bs/text/electronics-cool.html electronics cool devices anime] [http://summerpica.ifrance.com/new-york-non.html new york non resident income tax form] [http://traceejeffreys.ifrance.com/topic/mortgage-apr-formula.html mortgage apr formula] [http://danakrogman.ifrance.com/wiki/image-collections.html image collections lightbox search royalty-free] [http://yasa-shisa.isuisse.com/woman-spy-of.html woman spy of world war 2] [http://noni.diglot.in/ noni] [http://mother-mary.lufberry.in/ mother mary] [http://conference-call.leonis.in/ conference call companies] [http://karinepiatt.iespana.es/styles/florida-wrongful.html florida wrongful death attorneys] [http://grannys.waunakee.in/ grannys] [http://luannecovarrubi.iespana.es/content/western-kentucky.html western kentucky university home page] [http://carmagaleano.ifrance.com/topic/the-gratest.html the gratest] [http://demon-dance.ibelgique.com/web/anxiety-disorders.html anxiety disorders similarities differences] [http://carmagaleano.ifrance.com/topic/armada-compaq.html armada compaq computer laptop] [http://arbitration-consolidation.mainland.in/ arbitration consolidation debt debt debt debt negotiation settlement] [http://solwind.50webs.com/winx-club-dolls.html winx club dolls] [http://twanagoggin.ifrance.com/web/beach-preteen.html preteen topless on the beach] [http://returnandremain.ibelgique.com/mnemonics-lesson.html mnemonics lesson plan] [http://erickacicero.ifrance.com/lymphatic-system.html lymphatic system] [http://nude-saniamirza.diglot.in/ nude saniamirza] [http://morningmoon.we.bs/web/panorama-resort.html panorama resort review] [http://tangelaflora.we.bs/young-j-lo.html young j-lo] [http://cocktaillounge.50webs.com/data/ip-address-location.html ip address location software] [http://performance-axiom.holily.in/ performance axiom 8.0] [http://intimate-piercing.panterra.in/ intimate piercing] [http://reganfeld.we.bs/man-on-fire-soundtracks.html man on fire soundtracks] [http://lucienneespinoz.ifrance.com/comments/accommodation.html accommodation beach palm west] [http://dtolstoles.isuisse.com/public-pants-wetting.html public pants wetting] [http://danakrogman.ifrance.com/wiki/what-a-wonderfull.html what a wonderfull world tab] [http://greta-pier.ibelgique.com/wiki/writing-advice.html writing advice fiction] [http://cute-icons.explisit.in/ cute icons] [http://smart-cards.holily.in/ smart cards] [http://manawebster.iespana.es/view/toyota-camry.html 2007 toyota camry] [http://retirement-income.waunakee.in/ retirement income planning] [http://luannecovarrubi.iespana.es/content/bobbies.html bobbies bridal peoria il] [http://1-kabel-programme.mainland.in/ 1 kabel programme tv] [http://aero-lite.ibelgique.com/mccloud-river.html mccloud river inn] [http://lucienneespinoz.ifrance.com/comments/teen-cum-lovers.html teen cum lovers] [http://erickacicero.ifrance.com/employee-selection.html employee selection tool] [http://twanagoggin.ifrance.com/web/the-history.html the history of led zepplin] [http://imp-r0.isuisse.com/topic/davis.html davis] [http://peter-north-clips.holily.in/ peter north clips] [http://pics-ofcom.explisit.in/ pics-of.com] [http://lucienneespinoz.ifrance.com/comments/prince-ali.html prince ali] [http://garething.isuisse.com/new/stay-home-mom.html stay at home mom work from home] [http://erickacicero.ifrance.com/cum-north-peter.html cum north peter shot] [http://latonyawelling.ifrance.com/lib/akins-alabama.html akins alabama dogtown furniture] [http://ya-uza.isuisse.com/styles/twig-picture.html twig picture] [http://solwind.50webs.com/country-ham.html country ham baked] [http://personalized.pappas.in/ personalized banners] [http://luannecovarrubi.iespana.es/content/quarter-midgets.html quarter midgets] [http://erickacicero.ifrance.com/used-racecars.html used race car trailer for sale] [http://ethan-hawke.lufberry.in/ ethan hawke] [http://brynnparkey.ifrance.com/safest-infant.html safest infant life vests] [http://karinepiatt.iespana.es/styles/relevant-documents.html relevant documents] [http://cheerfulstoic.50webs.com/comments/raziel.html raziel] [http://luannvicknair.iespana.es/playgrounds.html playgrounds] [http://zench.isuisse.com/digital-surveillance.html digital surveillance camera system] [http://summerpica.ifrance.com/star-wars-clips.html star wars clips] [http://returnandremain.ibelgique.com/amisha.html amisha] [http://latonyawelling.ifrance.com/lib/dam.html thu dam] [http://lucienneespinoz.ifrance.com/comments/epox-motherboard.html epox motherboard warranty] [http://live-beeez.ibelgique.com/1973-mattel.html 1973 mattel doll] [http://mama-cass.lufberry.in/ mama cass] [http://latonyawelling.ifrance.com/lib/richfield-utah.html richfield utah high school] [http://imp-r0.isuisse.com/topic/variety-show.html variety show idea] [http://zench.isuisse.com/perfect-10-magazine.html perfect 10 magazine] [http://theli.isuisse.com/blog/living-condition.html living condition in the philippine] [http://ya-uza.isuisse.com/styles/online-translation.html danish english online translation] [http://lucienneespinoz.ifrance.com/comments/pamela-tommy.html pamela anderson stolen video tommy] [http://live-beeez.ibelgique.com/loyal-to-the-game.html loyal to the game] [http://j-oclama.isuisse.com/christina-aguilera.html aguilera candyman christina lyric] [http://carmagaleano.ifrance.com/topic/abdominal-cramping.html abdominal cramping early pregnancy] [http://cocktaillounge.50webs.com/data/clitoris-size.html clitoris size] [http://matts-tar.ibelgique.com/lib/registering.html registering as a business in canada] [http://insulin-pumps.explisit.in/ insulin pumps] [http://j-oclama.isuisse.com/snoops.html snoops] [http://summerpica.ifrance.com/health-safelist.html health safelist go2clickbank.com] [http://yasa-shisa.isuisse.com/lyric-to-good.html lyric to good lookin] [http://bijelo-dugme-mp3.leonis.in/ bijelo dugme mp3] [http://cocktaillounge.50webs.com/data/news-and-media.html news and media watchdog] [http://brynnparkey.ifrance.com/hawthorne-heights.html hawthorne heights ohio is for lover lyric] [http://pollution-abatement.explisit.in/ pollution abatement equipment] [http://garething.isuisse.com/new/shipshawana-flea.html shipshawana flea market] [http://ya-uza.isuisse.com/styles/numatics.html numatics actuator] [http://tangelaflora.we.bs/primatial.html primatial] [http://twanagoggin.ifrance.com/web/superman-statue.html superman statue jim lee] [http://ya-uza.isuisse.com/styles/free-online-coupons.html free online printable coupon] [http://latonyawelling.ifrance.com/lib/ideas-for-male.html ideas for male masturbation] [http://summerpica.ifrance.com/multiple-terminal.html multiple terminal server sessions windows xp] [http://matts-tar.ibelgique.com/lib/spy-wear-removal.html spy wear removal] [http://carmagaleano.ifrance.com/topic/star-red-dwarf.html star red dwarf] [http://traceejeffreys.ifrance.com/topic/preadolescent.html preadolescent orgasm] [http://reganfeld.we.bs/plastic-folding.html plastic folding shopping carts] [http://aero-lite.ibelgique.com/outer-beaches-realty.html outer beaches realty outer banks] [http://lucienneespinoz.ifrance.com/comments/walt-disney-classics.html walt disney classics] [http://famous-cartoons.kamahi.in/ famous cartoons] [http://theli.isuisse.com/blog/atlanta-journal.html atlanta journal] [http://cheerfulstoic.50webs.com/comments/well-hung.html well hung] [http://marlineoreilly.ifrance.com/small/estate-languedoc.html estate languedoc real roussillon] [http://marlineoreilly.ifrance.com/small/advertising-creatives.html advertising creatives] [http://plywood.panterra.in/ plywood] [http://matts-tar.ibelgique.com/lib/agv-virus-protection.html agv virus protection free] [http://ya-uza.isuisse.com/styles/satellite-radio.html satellite radio portable player] [http://brynnparkey.ifrance.com/nick-granato.html nick granato] [http://greta-pier.ibelgique.com/wiki/bizarre-sex-acts.html bizarre sex acts] [http://carmagaleano.ifrance.com/topic/common-spiders.html common spiders] [http://mighty-melons.kamahi.in/ mighty melons] [http://greta-pier.ibelgique.com/wiki/jack-sparrow.html jack sparrow picture] [http://assoc-california.pappas.in/ assoc california golf northern] [http://kimigassett.iespana.es/view/jeep-for-sale-new.html jeep for sale new york] [http://reganfeld.we.bs/phr.html phr sphr professional in human resource certification study guide] [http://conchitawoolver.iespana.es/karina.html karina] [http://garething.isuisse.com/new/economic-and-social.html economic and social changes in china] [http://review-shopped.leonis.in/ review shopped] [http://greta-pier.ibelgique.com/wiki/sawtooth-mts.html sawtooth mts] [http://conchitawoolver.iespana.es/what-is-segmentation.html linux segmentation fault] [http://imp-r0.isuisse.com/topic/ticket-comparison.html plane ticket price comparison] [http://carmagaleano.ifrance.com/topic/veterans-hospital.html veterans hospital palo alto ca] [http://morningmoon.we.bs/web/playmate-victoria.html victoria silvstedt playmate of the year] [http://summerpica.ifrance.com/nightmare-before.html nightmare before christmas umd] [http://lucienneespinoz.ifrance.com/comments/joico-product.html joico product] [http://cheerfulstoic.50webs.com/comments/ass-having-mouth.html ass having mouth nude sex woman] [http://inuyashachibi.50webs.com/suerte-he-tenido.html suerte he tenido lyrics] [http://dakot-ces.isuisse.com/keeley-hazell.html keeley hazell] [http://lucienneespinoz.ifrance.com/comments/squirter-orgasms.html squirter orgasms] [http://1x-0007.ibelgique.com/resources/livonia-central.html livonia central school ny] [http://1x-0007.ibelgique.com/resources/aegis.html aegis] [http://erlinetor.we.bs/text/adm-grain-future.html adm grain future] [http://marlynbarrios.iespana.es/resources/sudoku-puzzle.html easy free printable puzzle sudoku] [http://carmagaleano.ifrance.com/topic/boysup.html boysup] [http://latonyawelling.ifrance.com/lib/retail-floor-displays.html display floor retail] [http://dakot-ces.isuisse.com/jessica-alba.html jessica alba nude galleries and movies] [http://danakrogman.ifrance.com/wiki/white-gold-jewelry.html cheap gold jewelry white] [http://karinepiatt.iespana.es/styles/rigid-tools.html rigid tools] [http://indianapolis-murat.panterra.in/ indianapolis murat temple] [http://summerpica.ifrance.com/bum-fight-video.html bum fight video clip] [http://danakrogman.ifrance.com/wiki/music-memorabilia.html alice cooper memorabilia music] [http://romonacumberlan.iespana.es/comments/keeps-asking-password.html outlook keep asking for password] [http://bank-rates.pappas.in/ bank rates] [http://arsht-hall.waunakee.in/ arsht hall] [http://reinaferreri.iespana.es/html/mardi-gras-mask.html mardi gras mask materials] [http://garething.isuisse.com/new/reef-girl-models.html reef girl models] [http://marlineoreilly.ifrance.com/small/training-bras.html training bras] [http://dtolstoles.isuisse.com/ihilani-hotel.html ihilani hotel restaurants] [http://danakrogman.ifrance.com/wiki/tego-calderon.html tego calderon] [http://the-dead-case.waunakee.in/ the dead case password] [http://summerpica.ifrance.com/1620-nokia.html 1620 nokia] [http://karinepiatt.iespana.es/styles/long-term-alcohol.html long term alcohol use] [http://passkeys-software.lufberry.in/ passkeys software] [http://matts-tar.ibelgique.com/lib/angebot-webhosting.html angebot webhosting] [http://ebiy-one.ibelgique.com/tunisia.html tunis tunisia] [http://theli.isuisse.com/blog/look-up-800-phone.html look up 800 phone numbers] [http://carmagaleano.ifrance.com/topic/america-homicides.html america homicides in] [http://summerpica.ifrance.com/im-real-mp3.html im real mp3] [http://tatar-khan.panterra.in/ tatar khan] [http://smc-air-cylinder.diglot.in/ smc air cylinder distributor] [http://cocktaillounge.50webs.com/data/diamond-studs.html diamond stud] [http://erlinetor.we.bs/text/gun-cases.html hard gun cases] [http://marlineoreilly.ifrance.com/small/yamaha-scooters.html yamaha scooters] [http://marlineoreilly.ifrance.com/small/prefab-manhole-benches.html prefab manhole benches] [http://live-beeez.ibelgique.com/ladies-turtleneck.html ladies turtleneck top] [http://theli.isuisse.com/blog/insurance-broker.html insurance broker detroit] [http://abc-soaps-in-depth.pappas.in/ abc soaps in depth talk back] [http://carmagaleano.ifrance.com/topic/free-pictures-of.html free pictures of david wenham] [http://morningmoon.we.bs/web/absconditus.html deus absconditus] [http://luannvicknair.iespana.es/metal-building.html building garage kit metal] [http://yasa-shisa.isuisse.com/1046.html 1.046] [http://danakrogman.ifrance.com/wiki/ophelia-radar.html ophelia radar] [http://erlinetor.we.bs/text/internet-security.html internet security suite anti-virus verizon] [http://solwind.50webs.com/bare-minerals-makeup.html bare minerals makeup] [http://latonyawelling.ifrance.com/lib/antique-furniture.html antique furniture painting technique] [http://summerpica.ifrance.com/hos.html fest hos] [http://karinepiatt.iespana.es/styles/jack-thompson.html jack thompson watch] [http://brynnparkey.ifrance.com/star-posts.html star posts] [http://morningmoon.we.bs/web/vannessa.html minnillo vannessa] [http://danakrogman.ifrance.com/wiki/sci-fi-books.html audio book fi sci] [http://latonyawelling.ifrance.com/lib/tanvir-khan.html tanvir khan] [http://twanagoggin.ifrance.com/web/in-good-company.html the good home company] [http://epic-clothing.lufberry.in/ epic clothing line]
 
== Books and Theses ==
== Books and Theses ==
-
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration]
+
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste
-
[http://gonzo.uni-weimar.de/~scheffl2/Diploma_MScheffler.pdf Object-Capability Security in Virtual Environments]
+
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha
-
[[Image:Ewalnut-pink.gif]]
+
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.
-
[[Walnut|'''''E''''' in a Walnut]] - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.
+
-
[http://www.erights.org/talks/thesis/index.html Robust Composition] - Towards a Unified Approach to Access Control and Concurrency Control.  This is [[User:MarkM|Mark Miller]]'s PhD disseration, and it explains the rationale, philosophy, and goals of '''''E''''' and related systems.
+
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.
-
[[Safe_Serialization_Under_Mutual_Suspicion]] (Wiki conversion in progress)
+
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.
-
== Tutorials ==
+
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.
-
[http://www.erights.org/elang/intro/index.html Tutorials] - several short tutorials showing how to use '''''E'''''.
+
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler
-
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] - Reminders of some useful patterns.
+
[[Image:EWalnut-small.gif]]
 +
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.
-
[[FAQ]]
+
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.
 +
 
 +
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)
 +
 
 +
== Tutorials and References==
 +
<div id="Tutorials">
 +
* [http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.
 +
* [[:Category:Reference material]] — reference material on this wiki.
 +
* [http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.
 +
* [http://www.erights.org/elang/grammar/index.html Language Reference]
 +
* [[FAQ]]
 +
* [[E Under Eclipse]]
 +
</div>
== Papers ==
== Papers ==
 +
 +
=== Access Control ===
 +
 +
[http://cs.brown.edu/~sk/Publications/Papers/Published/sfk-feat-ocap-reconcil/ Features and Object Capabilities: Reconciling Two Visions of Modularity] by Salman Saghafi, Kathi Fisler, Shriram Krishnamurthi.
 +
 +
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.
 +
 +
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra
 +
 +
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].
 +
 +
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.
-
[http://www.hpl.hp.com/techreports/2003/HPL-2003-222.html Paradigm Regained: Abstraction Mechanisms for Access Control]
+
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.
 +
 
 +
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])
 +
 
 +
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.
 +
 
 +
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.
 +
 
 +
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.
 +
 
 +
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.
 +
 
 +
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.
 +
 
 +
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.
 +
 
 +
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.
 +
 
 +
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.
 +
 
 +
=== Concurrency Control ===
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro.  Explains '''''E''''''s concurrency control & distributed computing model.
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro.  Explains '''''E''''''s concurrency control & distributed computing model.
-
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.
+
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.
 +
 
 +
=== User Interface ===
 +
 
 +
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.
 +
 
 +
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.
 +
 
 +
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?
== Talks and Presentations ==
== Talks and Presentations ==
 +
 +
[https://sites.google.com/site/ladameeting/preparing-for-the-workshop/ladapapers/lada-js.pdf Two Phase Commit Among Strangers: Secure Distributed Escrow Exchange in 44 lines of JavaScript] by Mark S. Miller
 +
 +
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler
 +
 +
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])
 +
 +
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])
 +
 +
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis
 +
 +
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel
 +
 +
[http://www.hpi.uni-potsdam.de/hirschfeld/dls/dls-07/program/ Tradeoffs in Retrofitting Security: An Experience Report] by Mark S. Miller
 +
 +
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel
 +
 +
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls
 +
 +
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner
 +
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])
 +
 +
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford
 +
 +
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler
 +
 +
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close
 +
 +
[http://www.youtube.com/watch?v=oE3x_gM3YFU Paradigm Regained: Abstraction Mechanisms for Access Control] by Mark Miller
 +
 +
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp
 +
 +
== Important emails ==
 +
 +
[http://www.eros-os.org/pipermail/cap-talk/2006-August/005534.html On the Spread of the Capability Approach] by Bill Tulloh

Latest revision as of 02:28, 11 April 2013

Contents

Books and Theses

Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages by Arnaud Jean-Baptiste

Semantics and Types for Safe Web Programming by Arjun Guha

Language and Framework Support for Reviewably-Secure Software Systems by Adrian Mettler.

Analysing the Security Properties of Object-Capability Patterns by Toby Murray.

Ambient References: Object Designation in Mobile Ad Hoc Networks by Tom Van Cutsem.

Patterns of Safe Collaboration by Fred Spiessens.

Object-Capability Security in Virtual Environments by Martin Scheffler

Image:EWalnut-small.gif E in a Walnut by Marc Stiegler - This is a basic tutorial on the E language covering basic, distributed, and secure distributed programming.

Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control by Mark S. Miller. Explains the rationale, philosophy, and goals of E and related systems.

Safe Serialization Under Mutual Suspicion (Wiki conversion in progress)

Tutorials and References

Papers

Access Control

Features and Object Capabilities: Reconciling Two Visions of Modularity by Salman Saghafi, Kathi Fisler, Shriram Krishnamurthi.

Tahoe – The Least-Authority Filesystem by Zooko Wilcox-O'Hearn and Brian Warner.

Automated Analysis of Security-critical JavaScript APIs by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra

Taming of Pict by Matej Košík. See also Standard Library of Tamed Pict Programming Language.

Capability Myths Demolished by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.

Capability-based Financial Instruments "An Ode to the Granovetter Diagram" - diagramming communication relationships.

Authority Analysis for Least Privilege Environments by Toby Murray and Gavin Lowe.

Non-delegatable authorities in capability systems by Toby Murray and Gavin Lowe. (ACM link)

MinorFs by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.

Mashing with Permission by Tyler Close.

ACLs don't by Tyler Close.

Access Control by Ben Laurie.

Verifiable Functional Purity in Java by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.

Joe-E: A Security-Oriented Subset of Java by Adrian Mettler, David Wagner, and Tyler Close.

Fine-Grained Privilege Separation for Web Applications by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.

Class Properties for Security Review in an Object-Capability Subset of Java (Short Paper) by Adrian Mettler and David Wagner.

Concurrency Control

Concurrency Among Strangers: Programming in E as Plan Coordination - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains E's concurrency control & distributed computing model.

Causeway: A message-oriented distributed debugger by Terry Stanley, Tyler Close, and Mark S. Miller.

User Interface

Not One Click for Security by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.

User Interaction Design for Secure Systems by Ka-Ping Yee.

Rich Sharing for the Web by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?

Talks and Presentations

Two Phase Commit Among Strangers: Secure Distributed Escrow Exchange in 44 lines of JavaScript by Mark S. Miller

The Lazy Programmer's Guide to Secure Computing by Marc Stiegler

Part 1: Secure Distributed Programming with Object-capabilities in JavaScript by Mark S. Miller (slides)

Part 2: Bringing Object-orientation to Security Programming by Mark S. Miller (slides)

Object Capabilities and Isolation of Untrusted Web Applications (Part 1) (Part 2) (Part 3) by Sergio Maffeis

Secure Collaboration - How Web Applications can Share and Still Be Paranoid by Mike Samuel

Tradeoffs in Retrofitting Security: An Experience Report by Mark S. Miller

Google TechTalk: Caja by Mike Samuel

The Lively Kernel by Dan Ingalls

Object-Capabilities for Security by David Wagner (slides from an earlier version of this talk)

Gears and the Mashup Problem by Douglas Crockford

Desktops to Donuts: Object-Caps Across Scales by Marc Stiegler

Core Patterns for Web Permissions by Tyler Close

Paradigm Regained: Abstraction Mechanisms for Access Control by Mark Miller

The Virus Safe Computing Initiative at HP Labs by Alan Karp

Important emails

On the Spread of the Capability Approach by Bill Tulloh

Personal tools
more tools