Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
Verification caching: towards efficient and secure mobile code execution environments
Proceedings of the 2002 ACM symposium on Applied computing
Access and Integrity Control in a Public-Access, High-Assurance Configuration Management System
Proceedings of the 11th USENIX Security Symposium
Capability-Based Financial Instruments
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Pluggable verification modules: an extensible protection mechanism for the JVM
OOPSLA '04 Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Non-delegatable authorities in capability systems
Journal of Computer Security
Isolating untrusted software extensions by custom scoping rules
Computer Languages, Systems and Structures
Fine-grained privilege separation for web applications
Proceedings of the 19th international conference on World wide web
The structure of authority: why security is not a separable concern
MOZ'04 Proceedings of the Second international conference on Multiparadigm Programming in Mozart/Oz
The oz-e project: design guidelines for a secure multiparadigm programming language
MOZ'04 Proceedings of the Second international conference on Multiparadigm Programming in Mozart/Oz
Discretionary capability confinement
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Capabilities for information flow
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Hi-index | 0.00 |
Cooperation between independent agents depends upon establishing adegree of security. Each of the cooperating agents needs assurance that the cooperation will not endanger resources of value to that agent. In a computer system, a computational mechanism can assure safe cooperation among the system''s users by mediating resource access according to desired security policy. Such a mechanism, which is called a {\em{}security kernel\/}, lies at the heart of many operating systems and programming environments.The report describes Scheme 48, a programming environment whose design is guided by established principles of operating system security. Scheme 48''s security kernel is small, consisting of the call-by- value $\lambda$-calculus with a few simple extensions to support abstract data types, object mutation, and access to hardware resources. Each agent (user or subsystem) has a separate evaluation environment that holds objects representing privileges granted to that agent. Because environments ultimately determine availability of object references, protection and sharing can be controlled largely by the way in which environments are constructed. I will describe experience with Scheme 48 that shows how it serves as a robust and flexible experimental platform. Two successful applications of Scheme 48 are the programming environment for the Cornell mobile robots, where Scheme 48 runs with no (other) operating system support; and a secure multi-user environment that runs on workstations.