That’s not what you said earlier

Mark Miller is well known for the work he has done on the security of JavaScript, including the introduction of proxies to ECMAScript 5 with the intention of making it easier to keep mash-ups secure. I have only recently got around to reading his phd thesis, “Robust Composition: Towards a unified approach to access and concurrency control”. The thesis is a really good read. It introduces object capability based access control, as implemented in the E language, together with discussion on how to allow objects to interact safely when third parties might be trying to exploit the situation. There is a Caja project which deals with the practical use of the object capability model including revocable references via caretakers and membranes.

Some of the ideas from the thesis went into the design of proxies for ECMAScript 5, and this paper is a great discussion of how proxies can be made to interact with object invariants such as JavaScript’s notion of frozen objects.

Advertisements
This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s