Skip to main content
Springer Nature Link
Log in

The Structure of Authority: Why Security Is Not a Separable Concern

  • Conference paper
Multiparadigm Programming in Mozart/Oz (MOZ 2004)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 3389))

Included in the following conference series:

Abstract

Common programming practice grants excess authority for the sake of functionality; programming principles require least authority for the sake of security. If we practice our principles, we could have both security and functionality. Treating security as a separate concern has not succeeded in bridging the gap between principle and practice, because it operates without knowledge of what constitutes least authority. Only when requests are made – whether by humans acting through a user interface, or by one object invoking another – can we determine how much authority is adequate. Without this knowledge, we must provide programs with enough authority to do anything they might be requested to do.

We examine the practice of least authority at four major layers of abstraction – from humans in an organization down to individual objects within a programming language. We explain the special role of object-capability languages – such as E or the proposed Oz-E – in supporting practical least authority.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abrams, M., Bailey, D.: Abstraction and Refinement of Layered Security Policy. In: Abrams, M.D., Jajodia, S., Podell, H.J. (eds.) Information Security: An Integrated Collection of Essays, pp. 126–136. IEEE Computer Society Press, Los Alamitos (1995)

    Google Scholar 

  2. Bishop, M., Snyder, L.: The Transfer of Information and Authority in a Protection System. In: Proc. 7th ACM Symposium on Operating Systems Principles, Operating Systems Review, vol. 13(4), pp. 45–54 (1979)

    Google Scholar 

  3. Tyler Close “What Does the ’y’ Refer to” (2003), http://www.waterken.com/dev/YURL/Definition/

  4. Dennis, J.B., Van Horn, E.C.: Programming Semantics for Multiprogrammed Computations. Communications of the ACM 9(3), 143–155 (1966)

    Article  MATH  Google Scholar 

  5. Dijkstra, E.W.: On the role of scientific thought”, EWD 447. In: Dijkstra, E.W. (ed.) Selected Writings on Computing: A Personal Perspective. Springer, Heidelberg (1982)

    Google Scholar 

  6. Graham, G.S., Denning, P.J.: Protection-principles and practice. In: Proc. AFIPS 1972 SJCC, vol. 40, pp. 417–429. AFIPS Press, Montvale (1972)

    Google Scholar 

  7. Hardy, N.: The KeyKOS Architecture. ACM Operating Systems Review, 8–25 (September 1985), http://www.agorics.com/Library/KeyKos/architecture.html

  8. Hayek, F.A.: Use of Knowledge in Society. American Economic Review XXXV(4), 519–530 (1945), http://www.virtualschool.edu/mon/Economics/HayekUseOfKnowledge.html

    Google Scholar 

  9. Hayek, F.A.: The Theory of Complex Phenomena. In: Bunge (ed.) The Critical Approach to Science and Philosophy (1964)

    Google Scholar 

  10. Hewitt, C., Baker, H.: Actors and Continuous Functionals. MIT-LCS-TR-194 (1977) Locality Laws online at, http://www.erights.org/history/actors.html

  11. Howard, M., Pincus, J., Wing, J.M.: Measuring Relative Attack Surfaces. In: Proceedings of the Workshop on Advanced Developments in Software and Systems Security (2003)

    Google Scholar 

  12. Lampson, B.W.: Protection. ACM Operating Systems Review. 8(1) (January 1974)

    Google Scholar 

  13. Miller, M.S., Bobrow, D.G., Tribble, E.D., Levy, J.: Logical Secrets. In: Shapiro, E. (ed.) Concurrent Prolog: Collected Papers, MIT Press, Cambridge (1987)

    Google Scholar 

  14. Miller, M.S.: A Theory of Taming (2002), http://www.erights.org/elib/legacy/taming.html

  15. Miller, M.S., Shapiro, J.S.: Paradigm Regained: Abstraction mechanisms for access control. In: Saraswat, V.A. (ed.) ASIAN 2003. LNCS, vol. 2896, pp. 224–242. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. Moffett, J.D., Sloman, M.S.: The Source of Authority for Commercial Access Control. IEEE Computer, Los Alamitos (1988)

    Google Scholar 

  17. Morris, J.H.: Protection in Programming Languages. CACM 16(1), 15–21 (1973), http://www.erights.org/history/morris73.pdf

    MATH  Google Scholar 

  18. Parnas, D.L.: On the Criteria To Be Used in Decomposing a System into Modules. Communications of the ACM 15(12), 1053–1058 (1972)

    Article  Google Scholar 

  19. Rees, J.: A Security Kernel Based on the Lambda-Calculus. MIT AI Memo No. 1564. MIT, Cambridge (1996), http://mumble.net/jar/pubs/secureos/

    Google Scholar 

  20. Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  21. Schneider, F.B.: Least Privilege and More. IEEE Security & Privacy, 55–59 (September/October 2003)

    Google Scholar 

  22. Simon, H.S.: The Architecture of Complexity: Hierarchic Systems. Proceedings of the American Philosophical Society 106, 467–482 (1962)

    Google Scholar 

  23. Shapiro, J.S., Smith, J.M., Farber, D.J.: EROS: A Fast Capability System. In: Proceedings of the 17th ACM Symposium on Operating Systems Principles, December 1999, pp. 170–185 (1999)

    Google Scholar 

  24. Spiessens, F., Roy, P.V.: The Oz-E Project: Design Guidelines for a Secure Multiparadigm Programming Language. In: Van Roy, P. (ed.) MOZ 2004. LNCS (LNAI), vol. 3389, pp. 21–40. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  25. Stiegler, M., Miller, M.: A Capability Based Client: The DarpaBrowser (2002), http://www.combex.com/papers/darpa-report/index.html

  26. Stiegler, M., Karp, A.H., Yee, K.-P., Miller, M.: Polaris: Virus Safe Computing for Windows XP, HP Tech Report (in preparation)

    Google Scholar 

  27. Tulloh, B., Miller, M.S.: Institutions as Abstraction Boundaries. In: To appear in Economics, Philosophy, & Information Technology: The Intellectual Contributions of Don Lavoie, George Mason University, Fairfax, VA (2002), http://www.erights.org/talks/categories/

    Google Scholar 

  28. Wagner, D., Tribble, D.: A Security Analysis of the Combex DarpaBrowser Architecture (2002), http://www.combex.com/papers/darpa-review/index.html

  29. Wirfs-Brock, R., McKean, A.: Object Design: Roles, Responsibilities, and Collaborations. Addison-Wesley, Reading (2002)

    Google Scholar 

  30. Yee, K.-P.: User Interaction Design for Secure Systems. In: Proceedings of the International Conference on Information and Communications Security (2002) Complete version online at, http://zesty.ca/pubs/csd-02-1184.ps

  31. Yee, K.-P.: Aligning Usability and Security. IEEE Security & Privacy Magazine (September 2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Hewlett Packard Labs,  

    Mark S. Miller

  2. Johns Hopkins University,  

    Mark S. Miller & Jonathan S. Shapiro

  3. George Mason University,  

    Bill Tulloh

Authors
  1. Mark S. Miller
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bill Tulloh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jonathan S. Shapiro
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing Science and Engineering, Université catholique de Louvain, Place Sainte Barbe, 2, B-1348, Louvain-la-Neuve, Belgium

    Peter Van Roy

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Miller, M.S., Tulloh, B., Shapiro, J.S. (2005). The Structure of Authority: Why Security Is Not a Separable Concern. In: Van Roy, P. (eds) Multiparadigm Programming in Mozart/Oz. MOZ 2004. Lecture Notes in Computer Science, vol 3389. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31845-3_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-31845-3_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25079-1

  • Online ISBN: 978-3-540-31845-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics