ABSTRACT
The prevalence of threats and attacks in modern systems demands programming techniques that help developers maintain security and privacy. In particular, frameworks for composing components written by multiple parties must enable the authors of each component to erect safeguards against intrusion by other components. Object-capability systems have been particularly prominent for enabling encapsulation in such contexts.
We describe the program structures dictated by object capabilities and compare these against those that ensue from feature-oriented programming. We argue that the scalability offered by the latter appears to clash with the precision of authority designation demanded by the former. In addition to presenting this position from first principles, we illustrate it with a case study. We then offer a vision of how this conflict might be reconciled, and discuss some of the issues that need to be considered in bridging this mismatch. Our findings suggest a significant avenue for research at the intersection of software engineering and security.
- Aldrich, J. 2004. Open modules: Modular reasoning in aspect-oriented programming. In Foundations of Aspect-Oriented Languages. 7--18.Google Scholar
- Apel, S., Kastner, C., and Lengauer, C. 2009. Featurehouse: Language-independent, automated software composition. In Proceedings of the 31st International Conference on Software Engineering. ICSE '09. IEEE Computer Society, Washington, DC, USA, 221--231. Google ScholarDigital Library
- Apel, S., Kolesnikov, S., Liebig, J., Kastner, C., Kuhlemann, M., and Leich, T. 2010. Access control in feature-oriented programming. Science of Computer Programming. Google ScholarDigital Library
- Batory, D. 2004. Feature-oriented programming and the AHEAD tool suite. In International Conference on Software Engineering. 702--703. Google ScholarDigital Library
- Batory, D. S., Sarvela, J. N., and Rauschmayer, A. 2004. Scaling step-wise refinement. IEEE Transactions on Software Engineering 30, 6, 355--371. Google ScholarDigital Library
- Findler, R. B. and Flatt, M. 1998. Modular object-oriented programming with units and mixins. In ACM SIGPLAN International Conference on Functional Programming. 94--104. Google ScholarDigital Library
- Hardy, N. 1988. The confused deputy (or why capabilities might have been invented). ACM SIGOPS Operating Systems Review 22. Google ScholarDigital Library
- Kastner, C., Apel, S., and Ostermann, K. 2011. The road to feature modularity? In Proceedings of the International Workshop on Feature-Oriented Software Development (FOSD). Google ScholarDigital Library
- Kastner, C., Apel, S., Thüm, T., and Saake, G. 2011. Type checking annotation-based product lines. ACM Transactions on Software Engineering and Methodology (TOSEM). Google ScholarDigital Library
- Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., and Griswold, W. 2001. An overview of AspectJ. In European Conference on Object-Oriented Programming. 327--353. Google ScholarDigital Library
- Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C. V., Loingtier, J.-M., and Irwin, J. 1997. Aspect-oriented programming. In European Conference on Object-Oriented Programming. 220--242.Google Scholar
- Kiczales, G. and Mezini, M. 2005. Aspect-oriented programming and modular reasoning. In International Conference on Software Engineering. 49--58. Google ScholarDigital Library
- Krishnamurthi, S. and Fisler, K. 2007. Foundations of incremental aspect model-checking. ACM Transactions on Software Engineering and Methodology 16, 2. Google ScholarDigital Library
- Levy, H. M. 1984. Capability-Based Computer Systems. Digital Equipment Corporation. Google ScholarDigital Library
- Mettler, A., Wagner, D., and Close, T. 2010. Joe-E: A security-oriented subset of Java. In Network and Distributed System Security Symposium.Google Scholar
- Miller, M., Yee, K.-P., and Shapiro, J. Capability myths demolished. Available online at http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf. Last accessed Sept 23, 2011.Google Scholar
- Miller, M. S. 2006. Robust composition: Towards a unified approach to access control and concurrency control. Ph.D. thesis, Johns Hopkins University. Google ScholarDigital Library
- Parnas, D. L. 1972. On the criteria to be used in decomposing systems into modules. Communications of the ACM 15, 12, 1053--1058. Google ScholarDigital Library
- Politz, J. G., Eliopoulos, S. A., Guha, A., and Krishnamurthi, S. 2011. ADsafety: Type-based verification of JavaScript sandboxing. In USENIX Security Symposium. Google ScholarDigital Library
- Prehofer, C. 1997. Feature-oriented programming: A fresh look at objects. In ECOOP'97--Object-Oriented Programming, 11th European Conference, M. Aksit and S. Matsuoka, Eds. Vol. 1241. Springer, Jyvaskyla, Finland, 419--443.Google ScholarCross Ref
- Saltzer, J. H. 1974. Protection and the control of information sharing in Multics. Communications of the ACM 17, 7. Google ScholarDigital Library
Index Terms
- Features and object capabilities: reconciling two visions of modularity
Recommendations
Object capabilities for security
PLAS '06: Proceedings of the 2006 workshop on Programming languages and analysis for securityExisting systems often do a poor job of meeting the principle of least privilege. I will discuss how object capability systems and language-based methods can help address this shortcoming. In language-based object capability systems, an object reference ...
Object-oriented design in feature-oriented programming
FOSD '12: Proceedings of the 4th International Workshop on Feature-Oriented Software DevelopmentObject-oriented programming is the state-of-the-art programming paradigm for developing large and complex software systems. To support the development of maintainable and evolvable code, a developer can rely on different mechanisms and concepts such as ...
Canada's cyber warfare capabilities
CERIAS '13: Proceedings of the 14th Annual Information Security SymposiumThis paper discusses Canada and its ability to wage cyber warfare. Several definitions of cyber warfare are presented and discussed, as well as the motives and potential actors behind a cyber attack. Several definitions of cyberspace are also discussed ...
Comments