Article

Object capabilities for security

Author:
David Wagner

University of California, Berkeley

University of California, Berkeley
View Profile

PLAS '06: Proceedings of the 2006 workshop on Programming languages and analysis for securityJune 2006Pages 1–2https://doi.org/10.1145/1134744.1134745

Published:10 June 2006Publication History

PLAS '06: Proceedings of the 2006 workshop on Programming languages and analysis for security

Pages 1–2

ABSTRACT

Existing systems often do a poor job of meeting the principle of least privilege. I will discuss how object capability systems and language-based methods can help address this shortcoming. In language-based object capability systems, an object reference is treated as a capability; unforgeability of references ensures unforgeability of capabilities; and all privileges are expressed as capabilities in this way. This makes it possible to decompose the system into distrusting "privilege-separated" components, providing each component with the least privilege it needs to do its job; to reason about the privileges and powers available to various program elements, often in a local (modular) way; and to avoid common pitfalls, such as confused deputy and TOCTTOU vulnerabilities. I will attempt to introduce the audience to some work in this area that is perhaps not so widely known, and I will describe some work in progress to construct a subset of Java, called Joe-E, that is intended to enable capability-style programming using a programming syntax that is familiar to Java programmers.

Index Terms

Object capabilities for security
1. Security and privacy
  1. Software and application security
    1. Software security engineering
2. Software and its engineering

Recommendations

Canada's cyber warfare capabilities
CERIAS '13: Proceedings of the 14th Annual Information Security Symposium

This paper discusses Canada and its ability to wage cyber warfare. Several definitions of cyber warfare are presented and discussed, as well as the motives and potential actors behind a cyber attack. Several definitions of cyberspace are also discussed ...
Read More
Features and object capabilities: reconciling two visions of modularity
AOSD '12: Proceedings of the 11th annual international conference on Aspect-oriented Software Development

The prevalence of threats and attacks in modern systems demands programming techniques that help developers maintain security and privacy. In particular, frameworks for composing components written by multiple parties must enable the authors of each ...
Read More
Incorporating attacker capabilities in risk estimation and mitigation

The risk exposure of a given threat to an information system is a function of the likelihood of the threat and the severity of its impacts. Existing methods for estimating threat likelihood assume that the attacker is able to cause a given threat, that ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PLAS '06: Proceedings of the 2006 workshop on Programming languages and analysis for security
June 2006
102 pages
ISBN:1595933743
DOI:10.1145/1134744
General Chair:
Vugranam Sreedhar
IBM T.J. Watson Research Center, USA
,
Program Chair:
Steve Zdancewic
University of Pennsylvania, USA
Copyright © 2006 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 10 June 2006
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate43of77submissions,56%
Upcoming Conference
PLDI '24

Sponsor:

sigplan

ACM SIGPLAN Conference on Programming Language Design and Implementation

June 24 - 28, 2024

Copenhagen , Denmark
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 3
  Total Citations
  View Citations
- 233
  Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Object capabilities for security

PLAS '06: Proceedings of the 2006 workshop on Programming languages and analysis for security

ABSTRACT

Cited By

Index Terms

Recommendations

Canada's cyber warfare capabilities

Features and object capabilities: reconciling two visions of modularity

Incorporating attacker capabilities in risk estimation and mitigation

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Object capabilities for security

PLAS '06: Proceedings of the 2006 workshop on Programming languages and analysis for security

ABSTRACT

Cited By

Index Terms

Recommendations

Canada's cyber warfare capabilities

Features and object capabilities: reconciling two visions of modularity

Incorporating attacker capabilities in risk estimation and mitigation

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media