Documentation

From Erights

(Difference between revisions)
Jump to: navigation, search
(Talks and Presentations)
(User Interface)
(17 intermediate revisions not shown)
Line 1: Line 1:
-
== Books and Theses ==
+
== Tutorials and References==
-
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste
+
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar
-
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha
+
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.
-
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.
+
[[:Category:Reference material]] — reference material on this wiki.
 +
 
 +
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.
 +
 
 +
[http://www.erights.org/elang/grammar/index.html Language Reference]
 +
 
 +
[[FAQ]]
 +
 
 +
 
 +
== Books and Theses ==
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.
 +
 +
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.
 +
 +
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.
 +
 +
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.
-
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.
+
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste
 +
 
 +
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler
Line 17: Line 34:
[[Image:EWalnut-small.gif]]
[[Image:EWalnut-small.gif]]
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.
-
 
-
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.
 
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)
-
== Tutorials and References==
 
-
<div id="Tutorials">
 
-
* [http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.
 
-
* [[:Category:Reference material]] — reference material on this wiki.
 
-
* [http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.
 
-
* [http://www.erights.org/elang/grammar/index.html Language Reference]
 
-
* [[FAQ]]
 
-
* [[E Under Eclipse]]
 
-
</div>
 
== Papers ==
== Papers ==
 +
=== Smart Contracting ===
=== Smart Contracting ===
Line 44: Line 51:
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.
-
=== Access Control ===
 
-
[http://cs.brown.edu/~sk/Publications/Papers/Published/sfk-feat-ocap-reconcil/ Features and Object Capabilities: Reconciling Two Visions of Modularity] by Salman Saghafi, Kathi Fisler, Shriram Krishnamurthi.
 
-
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.
+
=== Formal Methods ===
 +
 
 +
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer
 +
 
 +
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray
 +
 
 +
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller
 +
 
 +
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra
-
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].
+
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.
 +
 
 +
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.
 +
 
 +
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan
 +
 
 +
 
 +
=== Access Control ===
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.
-
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.
+
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.
 +
 
 +
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.
 +
 
 +
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan
 +
 
 +
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.
-
 
-
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.
 
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.
Line 73: Line 97:
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.
 +
 +
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko
 +
 +
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr
 +
=== Concurrency Control ===
=== Concurrency Control ===
Line 80: Line 109:
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.
-
=== User Interface ===
 
-
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.
+
 
 +
=== User Interface ===
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?
 +
 +
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.
 +
 +
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.
 +
 +
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.
 +
 +
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.
 +
 +
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.
== Talks and Presentations ==
== Talks and Presentations ==
-
[http://2016.ecoop.org/event/ecoop-2016-papers-plenary-speaker- The Elements of Decision Alignment: Large programs as complex organizations] - Keynote by Mark S. Miller at ECOOP 2016.  
+
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk at July 2017 TC39 (EcmaScript committee) meeting.
 +
 
 +
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.
Line 97: Line 138:
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.
-
 
-
[http://www.erights.org/talks/index.html#google-abac Google Techtalk series on ABAC]  - Authorization Based Access Control.
 
-
 
-
[https://sites.google.com/site/ladameeting/preparing-for-the-workshop/ladapapers/lada-js.pdf Two Phase Commit Among Strangers: Secure Distributed Escrow Exchange in 44 lines of JavaScript] by Mark S. Miller
 
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler
Line 107: Line 144:
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])
 +
 +
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner
 +
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])
 +
 +
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel
-
 
-
[http://www.hpi.uni-potsdam.de/hirschfeld/dls/dls-07/program/ Tradeoffs in Retrofitting Security: An Experience Report] by Mark S. Miller
 
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls
-
 
-
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner
 
-
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])
 
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford
Line 125: Line 162:
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler
-
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close
+
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp
-
[http://www.youtube.com/watch?v=oE3x_gM3YFU Paradigm Regained: Abstraction Mechanisms for Access Control] by Mark S. Miller
+
== Important emails ==
-
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp
+
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh
-
== Important emails ==
 
-
[http://www.eros-os.org/pipermail/cap-talk/2006-August/005534.html On the Spread of the Capability Approach] by Bill Tulloh
+
== Other collections ==
 +
 
 +
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly
 +
 
 +
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]

Revision as of 01:04, 17 February 2018

Contents

Tutorials and References

What are Capabilities by Chip Morningstar

Tutorials — several short tutorials showing how to use E.

Category:Reference material — reference material on this wiki.

Quick Reference Card — Reminders of some useful patterns.

Language Reference

FAQ


Books and Theses

Analysing the Security Properties of Object-Capability Patterns by Toby Murray.

Patterns of Safe Collaboration by Fred Spiessens.

Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control by Mark S. Miller. Explains the rationale, philosophy, and goals of E and related systems.

Language and Framework Support for Reviewably-Secure Software Systems by Adrian Mettler.

Ambient References: Object Designation in Mobile Ad Hoc Networks by Tom Van Cutsem.

Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages by Arnaud Jean-Baptiste

Semantics and Types for Safe Web Programming by Arjun Guha

Object-Capability Security in Virtual Environments by Martin Scheffler

Image:EWalnut-small.gif E in a Walnut by Marc Stiegler - This is a basic tutorial on the E language covering basic, distributed, and secure distributed programming.

Safe Serialization Under Mutual Suspicion (Wiki conversion in progress)


Papers

Smart Contracting

Distributed Electronic Rights in JavaScript - paper for ESOP'13 Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.

Capability-based Financial Instruments "An Ode to the Granovetter Diagram" - diagramming communication relationships.

Mashing with Permission by Tyler Close.

The Digital Path by Mark Miller and Marc Stiegler.


Formal Methods

Robust and Compositional Verification of Object Capability Patterns by David Swasey, Deepak Garg, Derek Dreyer

Permission and Authority Revisited: towards a formalization by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray

Reasoning about Risk and Trust in an Open World by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller

Analysing the Security Properties of Object-Capability Patterns by Toby Murray.

Automated Analysis of Security-critical JavaScript APIs by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra

Authority Analysis for Least Privilege Environments by Toby Murray and Gavin Lowe.

Patterns of Safe Collaboration by Fred Spiessens.

Dynamic Detection of Object Capability Violations Through Model Checking by Dustin Rhodes, Tim Disney, Cormac Flanagan


Access Control

Capability Myths Demolished by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.

ACLs don't by Tyler Close.

Tahoe – The Least-Authority Filesystem by Zooko Wilcox-O'Hearn and Brian Warner.

A Capability-Based Module System for Authority Control by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan

Taming of Pict by Matej Košík. See also Standard Library of Tamed Pict Programming Language.

Non-delegatable authorities in capability systems by Toby Murray and Gavin Lowe. (ACM link)

MinorFs by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.

Access Control by Ben Laurie.

Verifiable Functional Purity in Java by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.

Joe-E: A Security-Oriented Subset of Java by Adrian Mettler, David Wagner, and Tyler Close.

Fine-Grained Privilege Separation for Web Applications by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.

Class Properties for Security Review in an Object-Capability Subset of Java (Short Paper) by Adrian Mettler and David Wagner.

LaCasa: Lightweight Affinity and Object Capabilities in Scala by Philipp Haller and Alex Loiko

Secret Handshake : Key Exchange as a Capability System by Dominic Tarr


Concurrency Control

Concurrency Among Strangers: Programming in E as Plan Coordination - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains E's concurrency control & distributed computing model.

Causeway: A message-oriented distributed debugger by Terry Stanley, Tyler Close, and Mark S. Miller.


User Interface

User Interaction Design for Secure Systems by Ka-Ping Yee.

Rich Sharing for the Web by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?

Are you sure? Yes. Oops! by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.

Making Policy Decisions Disappear into the User's Workflow by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.

Not One Click for Security by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.

Polaris: Virus Safe Computing for Windows XP by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.

Belay Research by Mark Lentczner. Secure ui principles for apps within the browser.

Talks and Presentations

Extremely Modular Distributed JavaScript - vision talk at July 2017 TC39 (EcmaScript committee) meeting.

The Elements of Decision Alignment: Large programs as complex organizations - talk by Mark S. Miller at UCI in 2017.

Frozen Realms: Draft standard support for safer JavaScript plugins - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.

Computer Security as the Future of Law - talk by Mark S. Miller at the 1997 Extro 3 Conference.

Interview with Mark S. Miller - about Smart Contracts, Prediction, Singularities, and more.

The Lazy Programmer's Guide to Secure Computing by Marc Stiegler

Part 1: Secure Distributed Programming with Object-capabilities in JavaScript by Mark S. Miller (slides)

Part 2: Bringing Object-orientation to Security Programming by Mark S. Miller (slides)

Object-Capabilities for Security by David Wagner (slides from an earlier version of this talk)

Core Patterns for Web Permissions by Tyler Close

Object Capabilities and Isolation of Untrusted Web Applications (Part 1) (Part 2) (Part 3) by Sergio Maffeis

Secure Collaboration - How Web Applications can Share and Still Be Paranoid by Mike Samuel

Google TechTalk: Caja by Mike Samuel

The Lively Kernel by Dan Ingalls

Gears and the Mashup Problem by Douglas Crockford

Desktops to Donuts: Object-Caps Across Scales by Marc Stiegler

The Virus Safe Computing Initiative at HP Labs by Alan Karp

Important emails

On the Spread of the Capability Approach by Bill Tulloh


Other collections

Awesome Object Capabilities and Capability-based Security by Dan Connolly

Gravity Reading List

Personal tools
more tools