Modular object-oriented programming with units and mixins
ICFP '98 Proceedings of the third ACM SIGPLAN international conference on Functional programming
Protection and the control of information sharing in multics
Communications of the ACM
On the criteria to be used in decomposing systems into modules
Communications of the ACM
Capability-Based Computer Systems
Capability-Based Computer Systems
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
IEEE Transactions on Software Engineering
Feature-Oriented Programming and the AHEAD Tool Suite
Proceedings of the 26th International Conference on Software Engineering
Aspect-oriented programming and modular reasoning
Proceedings of the 27th international conference on Software engineering
Foundations of incremental aspect model-checking
ACM Transactions on Software Engineering and Methodology (TOSEM)
Robust composition: towards a unified approach to access control and concurrency control
Robust composition: towards a unified approach to access control and concurrency control
FEATUREHOUSE: Language-independent, automated software composition
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
The road to feature modularity?
Proceedings of the 15th International Software Product Line Conference, Volume 2
ADsafety: type-based verification of JavaScript Sandboxing
SEC'11 Proceedings of the 20th USENIX conference on Security
Access control in feature-oriented programming
Science of Computer Programming
Type checking annotation-based product lines
ACM Transactions on Software Engineering and Methodology (TOSEM)
Hi-index | 0.00 |
The prevalence of threats and attacks in modern systems demands programming techniques that help developers maintain security and privacy. In particular, frameworks for composing components written by multiple parties must enable the authors of each component to erect safeguards against intrusion by other components. Object-capability systems have been particularly prominent for enabling encapsulation in such contexts. We describe the program structures dictated by object capabilities and compare these against those that ensue from feature-oriented programming. We argue that the scalability offered by the latter appears to clash with the precision of authority designation demanded by the former. In addition to presenting this position from first principles, we illustrate it with a case study. We then offer a vision of how this conflict might be reconciled, and discuss some of the issues that need to be considered in bridging this mismatch. Our findings suggest a significant avenue for research at the intersection of software engineering and security.