Modules in Wyvern: Advanced Control over Security and Privacy
| Title | Modules in Wyvern: Advanced Control over Security and Privacy |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Kurilova, Darya, Potanin, Alex, Aldrich, Jonathan |
| Conference Name | Proceedings of the Symposium and Bootcamp on the Science of Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4277-3 |
| Keywords | authority, capabilities, Collaboration, human factors, language-based security, Metrics, modules, pubcrawl, Resiliency, safe coding standards, Security by Default |
| Abstract | In today's systems, restricting the authority of untrusted code is difficult because, by default, code has the same authority as the user running it. Object capabilities are a promising way to implement the principle of least authority, but being too low-level and fine-grained, take away many conveniences provided by module systems. We present a module system design that is capability-safe, yet preserves most of the convenience of conventional module systems. We demonstrate how to ensure key security and privacy properties of a program as a mode of use of our module system. Our authority safety result formally captures the role of mutable state in capability-based systems and uses a novel non-transitive notion of authority, which allows us to reason about authority restriction: the encapsulation of a stronger capability inside a weaker one. |
| URL | http://doi.acm.org/10.1145/2898375.2898376 |
| DOI | 10.1145/2898375.2898376 |
| Citation Key | kurilova_modules_2016 |