Analysing the security properties of object-capability patterns
نویسنده
چکیده
منابع مشابه
Analysing the Information Flow Properties of Object-Capability Patterns
We consider the problem of detecting covert channels within security-enforcing object-capability patterns. Traditional formalisms for reasoning about the security properties of object-capability patterns require one to be aware, a priori, of all possible mechanisms for covert information flow that might be present within a pattern, in order to detect covert channels within it. We show how the C...
متن کاملAnalysing Object-Capability Security
Much of the power and utility of modern computing arises in the different forms of cooperation that it enables. However, today this power comes with great risk because those engaged in cooperation are left vulnerable to one another. The Object-Capability (OCap) Model is a promising remedy, because it enables the creation of security-enforcing abstractions, or patterns, that can be composed with...
متن کاملJoe-E: A Security-Oriented Subset of Java
We present Joe-E, a language designed to support the development of secure software systems. Joe-E is a subset of Java that makes it easier to architect and implement programs with strong security properties that can be checked during a security review. It enables programmers to apply the principle of least privilege to their programs; implement application-specific reference monitors that cann...
متن کاملAnalysing Object-Capability Patterns With Murφ
Object Capability (OCap) patterns can be used to enforce the principle of least authority. However, despite the popularity and promise of OCap patterns, these patterns have not been sufficiently analyzed or verified. We analyze several OCap patterns using the Murφ verification tool and confirm the utility of our model by finding previously known vulnerabilities. Because these vulnerabilities we...
متن کاملHow Emily Tamed the Caml
security, programming, performance How does one make a program breach resistant? One promising approach is to apply the Principle of Least Authority at object granularity. The E language has previously demonstrated that object-capability languages turn many of the security requirements for software into emergent properties of traditional object-oriented design and modularity enforcement. Emily ...
متن کامل