Documentation

From Erights

(Difference between revisions)
Jump to: navigation, search
(Books and Theses: fix title)
(Books and Theses)
 
(41 intermediate revisions not shown)
Line 1: Line 1:
== Books and Theses ==
== Books and Theses ==
-
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration]
+
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste
-
[http://gonzo.uni-weimar.de/~scheffl2/Diploma_MScheffler.pdf Object-Capability Security in Virtual Environments]
+
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha
-
[[Image:Ewalnut-pink.gif]]
+
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.
-
[[Walnut|'''''E''''' in a Walnut]] - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.
+
-
[http://www.erights.org/talks/thesis/index.html Robust Composition] - Towards a Unified Approach to Access Control and Concurrency Control.  This is [[User:MarkM|Mark Miller]]'s PhD disseration, and it explains the rationale, philosophy, and goals of '''''E''''' and related systems.
+
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.
-
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)
+
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.
-
== Tutorials ==
+
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.
-
[http://www.erights.org/elang/intro/index.html Tutorials] - several short tutorials showing how to use '''''E'''''.
+
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler
-
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] - Reminders of some useful patterns.
+
[[Image:EWalnut-small.gif]]
 +
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.
-
[[FAQ]]
+
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.
 +
 
 +
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)
 +
 
 +
== Tutorials and References==
 +
<div id="Tutorials">
 +
* [http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.
 +
* [[:Category:Reference material]] — reference material on this wiki.
 +
* [http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.
 +
* [http://www.erights.org/elang/grammar/index.html Language Reference]
 +
* [[FAQ]]
 +
* [[E Under Eclipse]]
 +
</div>
== Papers ==
== Papers ==
 +
 +
=== Access Control ===
 +
 +
[http://cs.brown.edu/~sk/Publications/Papers/Published/sfk-feat-ocap-reconcil/ Features and Object Capabilities: Reconciling Two Visions of Modularity] by Salman Saghafi, Kathi Fisler, Shriram Krishnamurthi.
 +
 +
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.
 +
 +
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra
 +
 +
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].
 +
 +
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.
-
[http://www.hpl.hp.com/techreports/2003/HPL-2003-222.html Paradigm Regained: Abstraction Mechanisms for Access Control]
+
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.
 +
 
 +
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])
 +
 
 +
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.
 +
 
 +
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.
 +
 
 +
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.
 +
 
 +
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.
 +
 
 +
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.
 +
 
 +
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.
 +
 
 +
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.
 +
 
 +
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.
 +
 
 +
=== Concurrency Control ===
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro.  Explains '''''E''''''s concurrency control & distributed computing model.
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro.  Explains '''''E''''''s concurrency control & distributed computing model.
-
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.
+
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.
 +
 
 +
=== User Interface ===
 +
 
 +
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.
 +
 
 +
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.
 +
 
 +
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?
== Talks and Presentations ==
== Talks and Presentations ==
 +
 +
[https://sites.google.com/site/ladameeting/preparing-for-the-workshop/ladapapers/lada-js.pdf Two Phase Commit Among Strangers: Secure Distributed Escrow Exchange in 44 lines of JavaScript] by Mark S. Miller
 +
 +
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler
 +
 +
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])
 +
 +
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])
 +
 +
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis
 +
 +
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel
 +
 +
[http://www.hpi.uni-potsdam.de/hirschfeld/dls/dls-07/program/ Tradeoffs in Retrofitting Security: An Experience Report] by Mark S. Miller
 +
 +
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner
 +
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford
Line 45: Line 114:
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp
 +
 +
== Important emails ==
 +
 +
[http://www.eros-os.org/pipermail/cap-talk/2006-August/005534.html On the Spread of the Capability Approach] by Bill Tulloh

Latest revision as of 02:28, 11 April 2013

Contents

Books and Theses

Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages by Arnaud Jean-Baptiste

Semantics and Types for Safe Web Programming by Arjun Guha

Language and Framework Support for Reviewably-Secure Software Systems by Adrian Mettler.

Analysing the Security Properties of Object-Capability Patterns by Toby Murray.

Ambient References: Object Designation in Mobile Ad Hoc Networks by Tom Van Cutsem.

Patterns of Safe Collaboration by Fred Spiessens.

Object-Capability Security in Virtual Environments by Martin Scheffler

Image:EWalnut-small.gif E in a Walnut by Marc Stiegler - This is a basic tutorial on the E language covering basic, distributed, and secure distributed programming.

Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control by Mark S. Miller. Explains the rationale, philosophy, and goals of E and related systems.

Safe Serialization Under Mutual Suspicion (Wiki conversion in progress)

Tutorials and References

Papers

Access Control

Features and Object Capabilities: Reconciling Two Visions of Modularity by Salman Saghafi, Kathi Fisler, Shriram Krishnamurthi.

Tahoe – The Least-Authority Filesystem by Zooko Wilcox-O'Hearn and Brian Warner.

Automated Analysis of Security-critical JavaScript APIs by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra

Taming of Pict by Matej Košík. See also Standard Library of Tamed Pict Programming Language.

Capability Myths Demolished by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.

Capability-based Financial Instruments "An Ode to the Granovetter Diagram" - diagramming communication relationships.

Authority Analysis for Least Privilege Environments by Toby Murray and Gavin Lowe.

Non-delegatable authorities in capability systems by Toby Murray and Gavin Lowe. (ACM link)

MinorFs by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.

Mashing with Permission by Tyler Close.

ACLs don't by Tyler Close.

Access Control by Ben Laurie.

Verifiable Functional Purity in Java by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.

Joe-E: A Security-Oriented Subset of Java by Adrian Mettler, David Wagner, and Tyler Close.

Fine-Grained Privilege Separation for Web Applications by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.

Class Properties for Security Review in an Object-Capability Subset of Java (Short Paper) by Adrian Mettler and David Wagner.

Concurrency Control

Concurrency Among Strangers: Programming in E as Plan Coordination - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains E's concurrency control & distributed computing model.

Causeway: A message-oriented distributed debugger by Terry Stanley, Tyler Close, and Mark S. Miller.

User Interface

Not One Click for Security by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.

User Interaction Design for Secure Systems by Ka-Ping Yee.

Rich Sharing for the Web by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?

Talks and Presentations

Two Phase Commit Among Strangers: Secure Distributed Escrow Exchange in 44 lines of JavaScript by Mark S. Miller

The Lazy Programmer's Guide to Secure Computing by Marc Stiegler

Part 1: Secure Distributed Programming with Object-capabilities in JavaScript by Mark S. Miller (slides)

Part 2: Bringing Object-orientation to Security Programming by Mark S. Miller (slides)

Object Capabilities and Isolation of Untrusted Web Applications (Part 1) (Part 2) (Part 3) by Sergio Maffeis

Secure Collaboration - How Web Applications can Share and Still Be Paranoid by Mike Samuel

Tradeoffs in Retrofitting Security: An Experience Report by Mark S. Miller

Google TechTalk: Caja by Mike Samuel

The Lively Kernel by Dan Ingalls

Object-Capabilities for Security by David Wagner (slides from an earlier version of this talk)

Gears and the Mashup Problem by Douglas Crockford

Desktops to Donuts: Object-Caps Across Scales by Marc Stiegler

Core Patterns for Web Permissions by Tyler Close

Paradigm Regained: Abstraction Mechanisms for Access Control by Mark Miller

The Virus Safe Computing Initiative at HP Labs by Alan Karp

Important emails

On the Spread of the Capability Approach by Bill Tulloh

Personal tools
more tools