Books and Theses
Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages by Arnaud Jean-Baptiste
Semantics and Types for Safe Web Programming by Arjun Guha
Language and Framework Support for Reviewably-Secure Software Systems by Adrian Mettler.
Analysing the Security Properties of Object-Capability Patterns by Toby Murray.
Ambient References: Object Designation in Mobile Ad Hoc Networks by Tom Van Cutsem.
Patterns of Safe Collaboration by Fred Spiessens.
Object-Capability Security in Virtual Environments by Martin Scheffler
E in a Walnut by Marc Stiegler - This is a basic tutorial on the E language covering basic, distributed, and secure distributed programming.
Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control by Mark S. Miller. Explains the rationale, philosophy, and goals of E and related systems.
Safe Serialization Under Mutual Suspicion (Wiki conversion in progress)
Tutorials and References
Features and Object Capabilities: Reconciling Two Visions of Modularity by Salman Saghafi, Kathi Fisler, Shriram Krishnamurthi.
Tahoe – The Least-Authority Filesystem by Zooko Wilcox-O'Hearn and Brian Warner.
Taming of Pict by Matej Košík. See also Standard Library of Tamed Pict Programming Language.
Capability Myths Demolished by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.
Authority Analysis for Least Privilege Environments by Toby Murray and Gavin Lowe.
MinorFs by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.
Mashing with Permission by Tyler Close.
ACLs don't by Tyler Close.
Access Control by Ben Laurie.
Verifiable Functional Purity in Java by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.
Joe-E: A Security-Oriented Subset of Java by Adrian Mettler, David Wagner, and Tyler Close.
Fine-Grained Privilege Separation for Web Applications by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.
Class Properties for Security Review in an Object-Capability Subset of Java (Short Paper) by Adrian Mettler and David Wagner.
Concurrency Among Strangers: Programming in E as Plan Coordination - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains E's concurrency control & distributed computing model.
Causeway: A message-oriented distributed debugger by Terry Stanley, Tyler Close, and Mark S. Miller.
Not One Click for Security by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.
User Interaction Design for Secure Systems by Ka-Ping Yee.
Rich Sharing for the Web by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?
Talks and Presentations
The Lazy Programmer's Guide to Secure Computing by Marc Stiegler
Part 2: Bringing Object-orientation to Security Programming by Mark S. Miller (slides)
Tradeoffs in Retrofitting Security: An Experience Report by Mark S. Miller
Google TechTalk: Caja by Mike Samuel
The Lively Kernel by Dan Ingalls
Gears and the Mashup Problem by Douglas Crockford
Desktops to Donuts: Object-Caps Across Scales by Marc Stiegler
Core Patterns for Web Permissions by Tyler Close
Paradigm Regained: Abstraction Mechanisms for Access Control by Mark Miller
The Virus Safe Computing Initiative at HP Labs by Alan Karp
On the Spread of the Capability Approach by Bill Tulloh