Documentation

From Erights

(Difference between revisions)
Jump to: navigation, search
(Talks and Presentations)
(moved from main page)
Line 1: Line 1:
-
== Books and Theses ==
+
== Documentation ==
-
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.
+
=== Books ===
-
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.
+
[[Image:Ewalnut-pink.gif]]
 +
[[Walnut|'''''E''''' in a Walnut]] - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.
-
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.
+
[http://www.erights.org/talks/thesis/index.html Robust Composition] - Towards a Unified Approach to Access Control and Concurrency Control.  This is [[User:MarkM|Mark Miller]]'s PhD disseration, and it explains the rationale, philosophy, and goals of '''''E''''' and releated systems.
-
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler
+
[[Safe_Serialization_Under_Mutual_Suspicion]] (Wiki conversion in progress)
-
[[Image:EWalnut-small.gif]]
+
=== Tutorials ===
-
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.
+
-
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.
+
[http://www.erights.org/elang/intro/index.html Tutorials] - several short tutorials showing how to use '''''E'''''.
-
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)
+
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] - Reminders of some useful patterns.
-
== Tutorials and References==
+
[[FAQ]]
-
<div id="Tutorials">
+
-
* [http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.
+
-
* [[:Category:Reference material]] — reference material on this wiki.
+
-
* [http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.
+
-
* [http://www.erights.org/elang/grammar/index.html Language Reference]
+
-
* [[FAQ]]
+
-
* [[E Under Eclipse]]
+
-
</div>
+
-
== Papers ==
+
=== Papers ===
-
=== Access Control ===
+
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the Granovetter Diagram" - diagramming communication relationships.
-
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.
+
=== Talks / Presentations ===
-
 
+
-
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.
+
-
 
+
-
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.
+
-
 
+
-
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])
+
-
 
+
-
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.
+
-
 
+
-
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.
+
-
 
+
-
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.
+
-
 
+
-
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.
+
-
 
+
-
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.
+
-
 
+
-
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.
+
-
 
+
-
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.
+
-
 
+
-
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.
+
-
 
+
-
=== Concurrency Control ===
+
-
 
+
-
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro.  Explains '''''E''''''s concurrency control & distributed computing model.
+
-
 
+
-
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.
+
-
 
+
-
=== User Interface ===
+
-
 
+
-
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.
+
-
 
+
-
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.
+
-
 
+
-
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?
+
-
 
+
-
== Talks and Presentations ==
+
-
 
+
-
[https://sites.google.com/site/ladameeting/preparing-for-the-workshop/ladapapers/lada-js.pdf Two Phase Commit Among Strangers: Secure Distributed Escrow Exchange in 44 lines of JavaScript] by Mark S. Miller
+
-
 
+
-
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler
+
-
 
+
-
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])
+
-
 
+
-
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])
+
-
 
+
-
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis
+
-
 
+
-
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel
+
-
 
+
-
[http://www.hpi.uni-potsdam.de/hirschfeld/dls/dls-07/program/ Tradeoffs in Retrofitting Security: An Experience Report] by Mark S. Miller
+
-
 
+
-
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel
+
-
 
+
-
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls
+
-
 
+
-
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner
+
-
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])
+
-
 
+
-
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford
+
-
 
+
-
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler
+
-
 
+
-
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close
+
-
 
+
-
[http://www.youtube.com/watch?v=oE3x_gM3YFU Paradigm Regained: Abstraction Mechanisms for Access Control] by Mark Miller
+
-
 
+
-
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp
+
-
 
+
-
== Important emails ==
+
-
 
+
-
[http://www.eros-os.org/pipermail/cap-talk/2006-August/005534.html On the Spread of the Capability Approach] by Bill Tulloh
+

Revision as of 17:37, 26 December 2006

Contents

Documentation

Books

Image:Ewalnut-pink.gif E in a Walnut - This is a basic tutorial on the E language covering basic, distributed, and secure distributed programming.

Robust Composition - Towards a Unified Approach to Access Control and Concurrency Control. This is Mark Miller's PhD disseration, and it explains the rationale, philosophy, and goals of E and releated systems.

Safe_Serialization_Under_Mutual_Suspicion (Wiki conversion in progress)

Tutorials

Tutorials - several short tutorials showing how to use E.

Quick Reference Card - Reminders of some useful patterns.

FAQ

Papers

Capability-based Financial Instruments "An Ode to the Granovetter Diagram" - diagramming communication relationships.

Talks / Presentations

Personal tools
more tools