Concurrent Prolog: collected papers
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
On the criteria to be used in decomposing systems into modules
Communications of the ACM
Protection in programming languages
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
Selected writings on computing: a personal perspective
Selected writings on computing: a personal perspective
Object Design: Roles, Responsibilities, and Collaborations
Object Design: Roles, Responsibilities, and Collaborations
User Interaction Design for Secure Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
ACM SIGOPS Operating Systems Review
The transfer of information and authority in a protection system
SOSP '79 Proceedings of the seventh ACM symposium on Operating systems principles
ACM SIGOPS Operating Systems Review
A Security Kernel Based on the Lambda-Calculus
A Security Kernel Based on the Lambda-Calculus
ACTORS AND CONTINUOUS FUNCTIONALS
ACTORS AND CONTINUOUS FUNCTIONALS
Aligning Security and Usability
IEEE Security and Privacy
IEEE Security and Privacy
Protection: principles and practice
AFIPS '72 (Spring) Proceedings of the May 16-18, 1972, spring joint computer conference
The oz-e project: design guidelines for a secure multiparadigm programming language
MOZ'04 Proceedings of the Second international conference on Multiparadigm Programming in Mozart/Oz
Using pre-release software to SPUR student learning
Proceedings of the 6th conference on Information technology education
PULSE: a pluggable user-space Linux security environment
AISC '08 Proceedings of the sixth Australasian conference on Information security - Volume 81
Non-delegatable authorities in capability systems
Journal of Computer Security
Reusability of Functionality-Based Application Confinement Policy Abstractions
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
An overview of programming language based security
Proceedings of the 47th Annual Southeast Regional Conference
Laissez-faire file sharing: access control designed for individuals at the endpoints
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Concurrency among strangers: programming in E as plan coordination
TGC'05 Proceedings of the 1st international conference on Trustworthy global computing
A practical formal model for safety analysis in capability-based systems
TGC'05 Proceedings of the 1st international conference on Trustworthy global computing
ACM Transactions on Information and System Security (TISSEC)
The oz-e project: design guidelines for a secure multiparadigm programming language
MOZ'04 Proceedings of the Second international conference on Multiparadigm Programming in Mozart/Oz
Hi-index | 0.00 |
Common programming practice grants excess authority for the sake of functionality; programming principles require least authority for the sake of security. If we practice our principles, we could have both security and functionality. Treating security as a separate concern has not succeeded in bridging the gap between principle and practice, because it operates without knowledge of what constitutes least authority. Only when requests are made – whether by humans acting through a user interface, or by one object invoking another – can we determine how much authority is adequate. Without this knowledge, we must provide programs with enough authority to do anything they might be requested to do. We examine the practice of least authority at four major layers of abstraction – from humans in an organization down to individual objects within a programming language. We explain the special role of object-capability languages – such as E or the proposed Oz-E – in supporting practical least authority.