Object capabilities are a technique for fine-grained privilege separation in programming languages and systems, with important applications in security. However, current formal characterisations do not fully capture capability-safety of a programming language and are not sufficient for verifying typical applications. Using state-of-the-art techniques from programming languages research, we define a logical relation for a core calculus of JavaScript that better characterises capability-safety. The relation is powerful enough to reason about typical capability patterns and supports evolvable invariants on shared data structures, capabilities with restricted authority over them and isolated components with restricted communication channels. We...
A capability machine is a type of CPU allowing fine-grained privilege separation using capabilities,...
The security of a software system relies on the principle of least privilege,which says that each so...
In this paper we present a new tool called DOCaT (Dynamic Ob-ject Capability Tracer), a model checke...
Object capabilities are a technique for fine-grained privilege separation in programming languages a...
© 2016 IEEE. Object capabilities are a technique for fine-grained privilegeseparation in programming...
A growing number of current web sites combine active content (applications) from untrusted sources, ...
In capability-safe languages, components can access a resource only if they possess a capability for...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
International audience—Motivated by the problem of understanding the difference between practical ac...
Capability machines provide security guarantees at machine level which makes them an interesting tar...
This paper presents a capability-based mechanism for permissive yet secure enforcement of informatio...
We present a formal system that models programmable abstractions for access control. Composite abstr...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
Conventional computer architectures provide little or no hardware support for enforcing data securit...
The principle of least authority states that each component of the system should be given authority ...
A capability machine is a type of CPU allowing fine-grained privilege separation using capabilities,...
The security of a software system relies on the principle of least privilege,which says that each so...
In this paper we present a new tool called DOCaT (Dynamic Ob-ject Capability Tracer), a model checke...
Object capabilities are a technique for fine-grained privilege separation in programming languages a...
© 2016 IEEE. Object capabilities are a technique for fine-grained privilegeseparation in programming...
A growing number of current web sites combine active content (applications) from untrusted sources, ...
In capability-safe languages, components can access a resource only if they possess a capability for...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
International audience—Motivated by the problem of understanding the difference between practical ac...
Capability machines provide security guarantees at machine level which makes them an interesting tar...
This paper presents a capability-based mechanism for permissive yet secure enforcement of informatio...
We present a formal system that models programmable abstractions for access control. Composite abstr...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
Conventional computer architectures provide little or no hardware support for enforcing data securit...
The principle of least authority states that each component of the system should be given authority ...
A capability machine is a type of CPU allowing fine-grained privilege separation using capabilities,...
The security of a software system relies on the principle of least privilege,which says that each so...
In this paper we present a new tool called DOCaT (Dynamic Ob-ject Capability Tracer), a model checke...