The schematic protection model: its definition and analysis for acyclic attenuating schemes
Journal of the ACM (JACM)
Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
Designing distributed applications with mobile code paradigms
ICSE '97 Proceedings of the 19th international conference on Software engineering
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Typed memory management in a calculus of capabilities
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A Linear Time Algorithm for Deciding Subject Security
Journal of the ACM (JACM)
A language extension for expressing constraints on data access
Communications of the ACM
SAFKASI: a security mechanism for language-based systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Programming semantics for multiprogrammed computations
Communications of the ACM
Software—Practice & Experience - Special issue on aliasing in object-oriented systems
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Encapsulating objects with confined types
OOPSLA '01 Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
The Java Programming Language
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Stack inspection: Theory and variants
ACM Transactions on Programming Languages and Systems (TOPLAS)
Capabilities for Sharing: A Generalisation of Uniqueness and Read-Only
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
A Language-Based Approach to Security
Informatics - 10 Years Back. 10 Years Ahead.
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
A State-Transition Model of Trust Management and Access Control
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A Security Kernel Based on the Lambda-Calculus
A Security Kernel Based on the Lambda-Calculus
Lightweight confinement for featherweight java
OOPSLA '03 Proceedings of the 18th annual ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications
On mutually-exclusive roles and separation of duty
Proceedings of the 11th ACM conference on Computer and communications security
A systematic approach to static access control
ACM Transactions on Programming Languages and Systems (TOPLAS)
A fine-grained, controllable, user-to-user delegation method in RBAC
Proceedings of the tenth ACM symposium on Access control models and technologies
Journal of Functional Programming
Implementing multiple protection domains in java
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Reasoning about safety properties in a JVM-like environment
Science of Computer Programming
Isolating untrusted software extensions by custom scoping rules
Computer Languages, Systems and Structures
Hi-index | 0.00 |
Motivated by the need of application-level access control in dynamically extensible systems, this work proposes a static annotation system for modeling capabilities in a Java-like programming language. Unlike previous language-based capability systems, the proposed annotation system can provably enforce capability confinement. This confinement guarantee is leveraged to model a strong form of separation of duty known as hereditary mutual suspicion. The annotation system has been fully implemented in a standard Java Virtual Machine.