Documentation

From Erights

(Difference between revisions)
Jump to: navigation, search
m (dronmonalrel)
(Talks and Presentations)
(67 intermediate revisions not shown)
Line 1: Line 1:
-
[http://joygobert.ifrance.com/articles/aclu-pray.html aclu pray] [http://www.mitystov.00author.com/ website] [http://marshallmcnemar.ifrance.com/pages/morpheous.html download free morpheous] [http://www.nomads.20fr.com/ domain] [http://helenenoah.pop3.ru/data/types-of-flowers.html types of flowers] [http://adriennedeverea.ifrance.com/wiki/motorcycle-paint.html motorcycle paint job price] [http://carynbernier.pop3.ru/real-estate-cherry.html real estate cherry hill nj] [http://elizcroce.iespana.es/description/metal-glass.html metal glass wood library furniture] [http://cindisavoie.ifrance.com/articles/wacky-packages.html wacky packages all new series 2] [http://tabithadossanto.pop3.ru/sydneys-restaurant.html sydneys restaurant tynemouth] [http://3d-action-download.lufberry.in/ 3d action download free game] [http://franciscageis.pop3.ru/askew-grill-menu.html askew grill menu] [http://noellewoll.ide.am/q/morgan-lander.html morgan lander] [http://www.aryndhati.engineersb.com/ web] [http://rocioslez.freehostia.com/description/ultram-online-pharmacy.html ultram online pharmacy] [http://transproter.pappas.in/ transproter] [http://carynbernier.pop3.ru/paris-latsis.html paris latsis] [http://www.itendil.gobot.com/ page] [http://www.timxar.orbitaltec.net/ domain] [http://isabelhsu.ifrance.com/text/nas-mp3.html nas mp3] [http://jongharney.ifrance.com/small/freedom-airlines.html freedom airlines] [http://serial-number.diglot.in/ serial number nero 7] [http://www.bebopbaby.yearbookhigh.com/ website] [http://jerricakohn.ifrance.com/new/collectionsetccom.html collectionsetc.com] [http://helenenoah.pop3.ru/data/thumbnail-gallery.html thumbnail gallery posts variety] [http://chaneltiffany.ide.am/html/extended-swim-platform.html extended swim platform] [http://www.ultaenangel.vettepics.com/ home] [http://keikoreep.ifrance.com/azure-condominiums.html azure condominiums] [http://www.space-kat.canadianwebs.com/ http] [http://meanings-dreams.leonis.in/ meanings dreams] [http://adriennedeverea.ifrance.com/wiki/burton.html richard burton] [http://dongkarpinski.ifrance.com/small/least-square.html least square mean definition] [http://www.rashands.theshoppe.com/ sitemap] [http://chasityneblett.ifrance.com/text/the-game-the-documentary.html the game the documentary lyric] [http://conceptionharwe.ide.am/new/jewelry-box.html jewelry box] [http://raelenemauney.ifrance.com/topic/sample-contracts.html free sample contract] [http://asian-foods.25teabags.in/ asian foods] [http://lesson-plan-london.britzka.in/ lesson plan london calling the clash] [http://dannetteschauer.pop3.ru/q/replacement.html replacement porch swing covers] [http://adriennedeverea.ifrance.com/wiki/girls-in-thongs.html girls in thongs string bikinis] [http://light-deflection.saltbox.in/ light deflection] [http://chanellfeinberg.ide.am/directory/simple-plan-perfect.html simple plan perfect] [http://apartment-colorado.saltbox.in/ apartment colorado louisville rental] [http://louriemats.freehostia.com/lib/www-vodaphone-it.html www vodaphone it] [http://carynbernier.pop3.ru/ace-massage.html ace massage] [http://chasityneblett.ifrance.com/text/reynolds-aluminum.html reynolds aluminum siding] [http://yamaha-dt-50-sm.explisit.in/ yamaha dt 50 sm] [http://adriennedeverea.ifrance.com/wiki/home-water-treatment.html home water treatment systems] [http://lisettezeiger.pop3.ru/comments/complex-carbohydrates.html food high in complex carbohydrate] [http://rebeccamikesell.iespana.es/library/muumuu.html muumuu pattern] [http://the-time-machine.explisit.in/ the time machine] [http://manymori.ifrance.com/boobs-growing.html growing boob story] [http://danilledelph.ifrance.com/kool-aid.html aid drank essay kool never] [http://thick-dick-gallery.mainland.in/ thick dick gallery] [http://albany-county-district.mainland.in/ albany county district attorney new york] [http://delphiaho.freehostia.com/vampyros-lesbos.html vampyros lesbos] [http://dongkarpinski.ifrance.com/small/hair-removal.html hair man permanent removal] [http://www.kazriko.clogdancing.com/ domain] [http://alibabacom.lufberry.in/ alibaba.com] [http://raelenemauney.ifrance.com/topic/ls-dreams.html dream ls magazine] [http://jerricakohn.ifrance.com/new/buff-teenage.html buff teenage guys] [http://louriemats.freehostia.com/lib/tre-maschi.html tre maschi] [http://cindisavoie.ifrance.com/articles/lincoln-cavern.html lincoln cavern] [http://orbitz-billiards.capucine.in/ orbitz billiards] [http://www.mikluha.dzaba.com/ http] [http://cammysorrells.ide.am/matting-supply.html art matting supply] [http://oziecompton.iespana.es/polyphase-filter.html polyphase filter design] [http://www.ogcouvey.actorsite.com/ url] [http://carolynesalcedo.ifrance.com/gallery-of-pretty.html gallery of pretty babes] [http://carolynesalcedo.ifrance.com/pugs-for-sale.html baby pug sale] [http://adelagreco.ugu.pl/atlanta-lawyer.html atlanta estate lawyer real] [http://manymori.ifrance.com/printshop-cd.html printshop cd label] [http://ilonabiehl.ugu.pl/blog/sclerodema.html sclerodema] [http://anna-bag-lyric.take-you.in/ anna bag lyric nalick paper] [http://chiekolinneman.ide.am/blog/10-40-day-in.html 10 40 day in lose pound] [http://marshallmcnemar.ifrance.com/pages/vitamin-shop.html canadian vitamin shop] [http://rosenabloss.iespana.es/horse-hung-young.html horse hung young] [http://ilonabiehl.ugu.pl/blog/toyboxes.html toyboxes] [http://redwoods.diglot.in/ redwoods] [http://franciscageis.pop3.ru/lyrics-to-its.html lyrics to its alright now] [http://www.arguandi.htmlplanet.com/ domain] [http://ilonabiehl.ugu.pl/blog/registered-agent.html texas registered agent] [http://raelenemauney.ifrance.com/topic/trucking-hauling.html trucking hauling software] [http://louriemats.freehostia.com/lib/jbl-ti2k.html jbl ti2k] [http://tabithadossanto.pop3.ru/mode.html depeche mode] [http://dongkarpinski.ifrance.com/small/vegas-show-tickets.html vegas show tickets] [http://juliennebaines.ifrance.com/saturns.html saturns moons] [http://debikawakami.ide.am/liner-mary-ocean.html liner mary ocean queen] [http://nudist-youths.britzka.in/ nudist youths] [http://www.moiraine-sedai.jokestan.cc/ domain] [http://wanoutlaw.ugu.pl/web/wwwwheresgeorgecom.html www.wheresgeorge.com] [http://chanellfeinberg.ide.am/directory/puma-shose.html puma shose] [http://helenenoah.pop3.ru/data/home-network-coloado.html home network coloado] [http://adelagreco.ugu.pl/asf-repair-freeware.html asf repair freeware] [http://chiekolinneman.ide.am/blog/ron-andrews-links.html andrew links ron smoking] [http://adriennedeverea.ifrance.com/wiki/aquarium-fish.html aquarium fish care] [http://wanoutlaw.ugu.pl/web/stacker-2.html stacker 2 side effects] [http://mitglied.lycos.de/burippy//article/staircase-stringer.html staircase stringer] [http://www.blueangles.usclargo.com/ url] [http://isabelhsu.ifrance.com/text/ftv-midnight-hot.html ftv midnight hot] [http://adriennedeverea.ifrance.com/wiki/blonde-goddess.html blonde goddess] [http://mitglied.lycos.de/altuey//assassination.html assassination nixon torrent] [http://carolynesalcedo.ifrance.com/list-of-mythical.html list of mythical figures] [http://forced.britzka.in/ forced] [http://preciousstahl.ifrance.com/victorias-secret.html victorias secret catalog] [http://rocioslez.freehostia.com/description/mappa-bisceglie.html mappa bisceglie] [http://jilldaughter.ide.am/article/rose-bros-furniture.html rose bros furniture] [http://pussy-sex-teen-xxx.holily.in/ pussy sex teen xxx] [http://ilonabiehl.ugu.pl/blog/clint-eastwood.html clint eastwood gorillaz video] [http://movie-releases.diglot.in/ movie releases] [http://tabithadossanto.pop3.ru/neon-ski-sign.html neon ski sign] [http://adelagreco.ugu.pl/usb-serial-adapter.html serial cable adapter for usb port] [http://isabelhsu.ifrance.com/text/fire-table.html fire table] [http://mandaraby.ide.am/topic/xbox-wireless-network.html xbox wireless network connection] [http://carynbernier.pop3.ru/free-file-sharing.html free file sharing] [http://mitglied.lycos.de/homathia//data/sale-nyc.html sale nyc] [http://louriemats.freehostia.com/lib/manuali-it.html manuali it] [http://cindisavoie.ifrance.com/articles/black-hoes.html black hoes] [http://leroka.sitemynet.com link] [http://potatoe.waunakee.in/ potatoe] [http://water-softener.lufberry.in/ water softener systems] [http://dorothycluff.iespana.es/q/american-association.html american association for the study of liver diseases] [http://danilledelph.ifrance.com/william-optics.html william optics swan eyepieces] [http://www.lauraxpeace.msgserver.net/ website] [http://dongbrannan.pop3.ru/html/muscle-lust.html muscle lust] [http://www.goes-here.freehomepage.com/ website] [http://tabithadossanto.pop3.ru/pass-a-drug-test.html ways to pass a drug test] [http://www.denik.00game.com/ http] [http://cleopatrarollis.ifrance.com/explode.html explode] [http://girls-gone-wild.take-you.in/ girls gone wild 2] [http://adelagreco.ugu.pl/epsom-salts.html epsom salts] [http://carynbernier.pop3.ru/cd-now.html cd now] [http://avulsion-fracture.diglot.in/ avulsion fracture fibula] [http://lead-acid-battery.take-you.in/ lead acid battery charger schematic diagram] [http://manymori.ifrance.com/residual-income.html residual income business opportunity] [http://cristinebaughma.iespana.es/web/redway1.html redway1] [http://www.beepworld.de/members/timtims/ domain] [http://adriennedeverea.ifrance.com/wiki/toledo-11-tv.html toledo 11 tv station] [http://new-york-appartments.lufberry.in/ new york appartments to rent] [http://danilledelph.ifrance.com/pleasant-hawaiian.html pleasant hawaiian holidays] [http://asbestos-lung-cancer.capucine.in/ asbestos lung cancer] [http://jacintado.freehostia.com/camping-mattinata.html camping mattinata] [http://cammysorrells.ide.am/natural-beauty.html natural beauty product] [http://mitglied.lycos.de/fagriesi//content/voluptuous-older.html voluptuous older women] [http://lisettezeiger.pop3.ru/comments/knight-lord-ragnarok.html knight lord ragnarok wallpaper] [http://delanaflack.ugu.pl/murano-vetro.html murano vetro] [http://eras-aamc.waunakee.in/ eras aamc] [http://marshallmcnemar.ifrance.com/pages/asian-festival.html asian festival film international] [http://www.sreperio.jokestan.cc/ web] [http://www.crunchcandy.blacksmart.net/ url] [http://jacintado.freehostia.com/sony-cfd-e100ls.html sony cfd-e100ls] [http://mitglied.lycos.de/burippy//article/hawaii-home.html hawaii home rentals] [http://carolynesalcedo.ifrance.com/fox-6-news.html fox 6 news] [http://tabithadossanto.pop3.ru/carport-plans.html carport plans] [http://st-croix-county.leonis.in/ st croix county government] [http://mitglied.lycos.de/altuey//leg-humping.html leg humping dogs] [http://deettatimko.pop3.ru/blog/karuna-reiki.html karuna reiki master] [http://mitglied.lycos.de/homathia//data/home-sales-california.html california new home sales] [http://conceptionharwe.ide.am/new/air-force-academy.html air force academy wedding photo] [http://debikawakami.ide.am/american-institute.html american institute of architects dc] [http://www.stloup.usclargo.com/ link] [http://search-engine-optimization.mainland.in/ search engine optimization search engine placement] [http://tabithadossanto.pop3.ru/alpinestars.html alpinestars] [http://dongkarpinski.ifrance.com/small/allyn-bacon-publishers.html allyn bacon publishers] [http://jerricakohn.ifrance.com/new/marshmallow.html marshmallow] [http://back-packs.pappas.in/ back packs] [http://cleopatrarollis.ifrance.com/golden-mean.html golden mean book and caliper set] [http://marshallmcnemar.ifrance.com/pages/session-class.html session class jsp] [http://shlomo-katz.diglot.in/ shlomo katz] [http://delphiaho.freehostia.com/inverter-5003.html inverter 5003 a] [http://info-on-foster.panterra.in/ info on foster care] [http://danilledelph.ifrance.com/nigeria-gnp.html nigeria gnp per capita] [http://helenenoah.pop3.ru/data/car-clip-art.html free race car clip art] [http://chiekolinneman.ide.am/blog/lady-let-look-now.html lady let look now take] [http://loudon-tennessee.leonis.in/ loudon tennessee deep water lots] [http://danilledelph.ifrance.com/chest-hair.html chest hair] [http://mitglied.lycos.de/fagriesi//content/credit-checks.html credit checks] [http://keikoreep.ifrance.com/computer-bag.html computer bag] [http://dannetteschauer.pop3.ru/q/blackberry-7290.html blackberry 7290] [http://jongharney.ifrance.com/small/montague.html montague] [http://cindisavoie.ifrance.com/articles/serial-cracks.html serial cracks] [http://dell-support.diglot.in/ dell support] [http://5-pin-bowling-scoring.panterra.in/ 5 pin bowling scoring] [http://kaseyupshaw.iespana.es/text/plesiochronous.html plesiochronous] [http://ashley.bestelinks.nl/ home] [http://raelenemauney.ifrance.com/topic/online-term-life.html online term life] [http://georginagoo.ugu.pl/styles/freaky-stuff.html freaky stuff weird] [http://joygobert.ifrance.com/articles/peco.html peco] [http://jilldaughter.ide.am/article/immediate-annuity.html annuity fixed immediate] [http://jongharney.ifrance.com/small/sexy-honeymoon-tips.html sexy honeymoon tips] [http://jongharney.ifrance.com/small/mac-osx-software.html mac osx software] [http://mitglied.lycos.de/altuey//simplie.html simplie] [http://elizcroce.iespana.es/description/321-gay-room.html 321 gay room] [http://rosenabloss.iespana.es/drawings-of-mystical.html drawings of mystical creatures] [http://chanellfeinberg.ide.am/directory/family-vacation.html family getaway michigan northeast vacation] [http://adelinazehr.pop3.ru/lib/texas-girl-pic.html texas girl pic] [http://joygobert.ifrance.com/articles/international.html international travel medical insurance] [http://mitglied.lycos.de/burippy//article/us-coins.html us coins] [http://elizcroce.iespana.es/description/irs-problems.html irs problem solver] [http://joygobert.ifrance.com/articles/java-date-and.html java date and time functions]
+
== Tutorials and References==
 +
 
 +
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar
 +
 
 +
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.
 +
 
 +
[[:Category:Reference material]] — reference material on this wiki.
 +
 
 +
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.
 +
 
 +
[http://www.erights.org/elang/grammar/index.html Language Reference]
 +
 
 +
[[FAQ]]
 +
 
 +
 
== Books and Theses ==
== Books and Theses ==
-
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration]
+
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.
-
[http://gonzo.uni-weimar.de/~scheffl2/Diploma_MScheffler.pdf Object-Capability Security in Virtual Environments]
+
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.
-
[[Image:Ewalnut-pink.gif]]
+
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.
-
[[Walnut|'''''E''''' in a Walnut]] - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.
+
-
[http://www.erights.org/talks/thesis/index.html Robust Composition] - Towards a Unified Approach to Access Control and Concurrency Control.  This is [[User:MarkM|Mark Miller]]'s PhD disseration, and it explains the rationale, philosophy, and goals of '''''E''''' and related systems.
+
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.
-
[[Safe_Serialization_Under_Mutual_Suspicion]] (Wiki conversion in progress)
+
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.
-
== Tutorials ==
+
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste
-
[http://www.erights.org/elang/intro/index.html Tutorials] - several short tutorials showing how to use '''''E'''''.
+
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha
-
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] - Reminders of some useful patterns.
+
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler
 +
 
 +
[[Image:EWalnut-small.gif]]
 +
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.
 +
 
 +
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)
-
[[FAQ]]
 
== Papers ==
== Papers ==
 +
 +
 +
=== Smart Contracting ===
 +
 +
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.
-
[http://www.hpl.hp.com/techreports/2003/HPL-2003-222.html Paradigm Regained: Abstraction Mechanisms for Access Control]
+
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.
-
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.
+
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.
 +
 
 +
 
 +
 
 +
=== Formal Methods ===
 +
 
 +
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer
 +
 
 +
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray
 +
 
 +
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller
 +
 
 +
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.
 +
 
 +
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.
 +
 +
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.
 +
 +
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan
 +
 +
 +
=== Access Control ===
 +
 +
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.
 +
 +
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.
 +
 +
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.
 +
 +
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan
 +
 +
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].
 +
 +
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])
 +
 +
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.
 +
 +
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.
 +
 +
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.
 +
 +
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.
 +
 +
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.
 +
 +
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.
 +
 +
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko
 +
 +
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr
 +
 +
 +
=== Concurrency Control ===
 +
 +
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro.  Explains '''''E''''''s concurrency control & distributed computing model.
 +
 +
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.
 +
 +
 +
 +
=== User Interface ===
 +
 +
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.
 +
 +
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.
 +
 +
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?
 +
 +
== Talks and Presentations ==
== Talks and Presentations ==
 +
 +
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk at July 2017 TC39 (EcmaScript committee) meeting.
 +
 +
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.
 +
 +
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.
 +
 +
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.
 +
 +
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.
 +
 +
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler
 +
 +
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])
 +
 +
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])
 +
 +
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner
 +
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])
 +
 +
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close
 +
 +
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis
 +
 +
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel
 +
 +
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel
 +
 +
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls
 +
 +
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford
 +
 +
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler
 +
 +
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp
 +
 +
== Important emails ==
 +
 +
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh
 +
 +
 +
== Other collections ==
 +
 +
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly
 +
 +
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]

Revision as of 13:48, 3 August 2017

Contents

Tutorials and References

What are Capabilities by Chip Morningstar

Tutorials — several short tutorials showing how to use E.

Category:Reference material — reference material on this wiki.

Quick Reference Card — Reminders of some useful patterns.

Language Reference

FAQ


Books and Theses

Analysing the Security Properties of Object-Capability Patterns by Toby Murray.

Patterns of Safe Collaboration by Fred Spiessens.

Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control by Mark S. Miller. Explains the rationale, philosophy, and goals of E and related systems.

Language and Framework Support for Reviewably-Secure Software Systems by Adrian Mettler.

Ambient References: Object Designation in Mobile Ad Hoc Networks by Tom Van Cutsem.

Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages by Arnaud Jean-Baptiste

Semantics and Types for Safe Web Programming by Arjun Guha

Object-Capability Security in Virtual Environments by Martin Scheffler

Image:EWalnut-small.gif E in a Walnut by Marc Stiegler - This is a basic tutorial on the E language covering basic, distributed, and secure distributed programming.

Safe Serialization Under Mutual Suspicion (Wiki conversion in progress)


Papers

Smart Contracting

Distributed Electronic Rights in JavaScript - paper for ESOP'13 Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.

Capability-based Financial Instruments "An Ode to the Granovetter Diagram" - diagramming communication relationships.

Mashing with Permission by Tyler Close.

The Digital Path by Mark Miller and Marc Stiegler.


Formal Methods

Robust and Compositional Verification of Object Capability Patterns by David Swasey, Deepak Garg, Derek Dreyer

Permission and Authority Revisited: towards a formalization by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray

Reasoning about Risk and Trust in an Open World by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller

Analysing the Security Properties of Object-Capability Patterns by Toby Murray.

Automated Analysis of Security-critical JavaScript APIs by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra

Authority Analysis for Least Privilege Environments by Toby Murray and Gavin Lowe.

Patterns of Safe Collaboration by Fred Spiessens.

Dynamic Detection of Object Capability Violations Through Model Checking by Dustin Rhodes, Tim Disney, Cormac Flanagan


Access Control

Capability Myths Demolished by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.

ACLs don't by Tyler Close.

Tahoe – The Least-Authority Filesystem by Zooko Wilcox-O'Hearn and Brian Warner.

A Capability-Based Module System for Authority Control by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan

Taming of Pict by Matej Košík. See also Standard Library of Tamed Pict Programming Language.

Non-delegatable authorities in capability systems by Toby Murray and Gavin Lowe. (ACM link)

MinorFs by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.

Access Control by Ben Laurie.

Verifiable Functional Purity in Java by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.

Joe-E: A Security-Oriented Subset of Java by Adrian Mettler, David Wagner, and Tyler Close.

Fine-Grained Privilege Separation for Web Applications by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.

Class Properties for Security Review in an Object-Capability Subset of Java (Short Paper) by Adrian Mettler and David Wagner.

LaCasa: Lightweight Affinity and Object Capabilities in Scala by Philipp Haller and Alex Loiko

Secret Handshake : Key Exchange as a Capability System by Dominic Tarr


Concurrency Control

Concurrency Among Strangers: Programming in E as Plan Coordination - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains E's concurrency control & distributed computing model.

Causeway: A message-oriented distributed debugger by Terry Stanley, Tyler Close, and Mark S. Miller.


User Interface

Not One Click for Security by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.

User Interaction Design for Secure Systems by Ka-Ping Yee.

Rich Sharing for the Web by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?


Talks and Presentations

Extremely Modular Distributed JavaScript - vision talk at July 2017 TC39 (EcmaScript committee) meeting.

The Elements of Decision Alignment: Large programs as complex organizations - talk by Mark S. Miller at UCI in 2017.

Frozen Realms: Draft standard support for safer JavaScript plugins - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.

Computer Security as the Future of Law - talk by Mark S. Miller at the 1997 Extro 3 Conference.

Interview with Mark S. Miller - about Smart Contracts, Prediction, Singularities, and more.

The Lazy Programmer's Guide to Secure Computing by Marc Stiegler

Part 1: Secure Distributed Programming with Object-capabilities in JavaScript by Mark S. Miller (slides)

Part 2: Bringing Object-orientation to Security Programming by Mark S. Miller (slides)

Object-Capabilities for Security by David Wagner (slides from an earlier version of this talk)

Core Patterns for Web Permissions by Tyler Close

Object Capabilities and Isolation of Untrusted Web Applications (Part 1) (Part 2) (Part 3) by Sergio Maffeis

Secure Collaboration - How Web Applications can Share and Still Be Paranoid by Mike Samuel

Google TechTalk: Caja by Mike Samuel

The Lively Kernel by Dan Ingalls

Gears and the Mashup Problem by Douglas Crockford

Desktops to Donuts: Object-Caps Across Scales by Marc Stiegler

The Virus Safe Computing Initiative at HP Labs by Alan Karp

Important emails

On the Spread of the Capability Approach by Bill Tulloh


Other collections

Awesome Object Capabilities and Capability-based Security by Dan Connolly

Gravity Reading List

Personal tools
more tools