Add to ORKGIn capability systems it can be hard to assert confinement from static analysis only. In this paper we propose membranes as an extension for capability secure languages to help ensure confinement at runtime. We apply the extension to a subset of the multi-paradigm language Oz and provide the operational semantics of the extended language. 1 Problem context Secure systems aim at providing privacy of information and confinement of services. Systems based on Access Control Lists (ACLs) rely on a special module called the ”reference monitor”, to force an access-control policy. Designation of a resource doesn’t imply access to that resource. Systems based on Capabilities [MSC + 01] have no reference monitor: designation is equivalent to access. ...
Vulnerabilities in computer systems arise in part due to programmer's logical errors, and in part al...
A confined program is one which is unable to leak information to an unauthorized party or modify una...
µKlaim is a process language that permits programming distributed systems made up of several mobile ...
This paper describes Metagap'e, a formally specified family of capability systems capable of re...
Conventional computer architectures provide little or no hardware support for enforcing data securit...
We present a formal system that models programmable abstractions for access control. Composite abstr...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
Capability systems can be used to imple-ment higher-level security policies including the *-property...
Capability systems can be used to implement higher-level security policies including the *-property ...
We address three common misconceptions about capability-based systems: the Equivalence Myth (access ...
This paper presents a capability-based mechanism for permissive yet secure enforcement of informatio...
AbstractWe introduce a capability-based access control model integrated into a linguistic formalism ...
We introduce a capability-based accesscontrol model integrated into a linguistic formalism for model...
Traditional access control models and mechanisms struggle to contain the threats posed by malware an...
Vulnerabilities in computer systems arise in part due to programmer's logical errors, and in part al...
A confined program is one which is unable to leak information to an unauthorized party or modify una...
µKlaim is a process language that permits programming distributed systems made up of several mobile ...
This paper describes Metagap'e, a formally specified family of capability systems capable of re...
Conventional computer architectures provide little or no hardware support for enforcing data securit...
We present a formal system that models programmable abstractions for access control. Composite abstr...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
Capability systems can be used to imple-ment higher-level security policies including the *-property...
Capability systems can be used to implement higher-level security policies including the *-property ...
We address three common misconceptions about capability-based systems: the Equivalence Myth (access ...
This paper presents a capability-based mechanism for permissive yet secure enforcement of informatio...
AbstractWe introduce a capability-based access control model integrated into a linguistic formalism ...
We introduce a capability-based accesscontrol model integrated into a linguistic formalism for model...
Traditional access control models and mechanisms struggle to contain the threats posed by malware an...
Vulnerabilities in computer systems arise in part due to programmer's logical errors, and in part al...
A confined program is one which is unable to leak information to an unauthorized party or modify una...
µKlaim is a process language that permits programming distributed systems made up of several mobile ...