|
Mark S. Miller, Taught the world that object programming, done right, was already close to object-capability secure programming.
Mark S. Miller is a research scientist at Google, main designer of the E and Caja secure programming languages, a pioneer of agoric (market-based secure distributed) computing, an architect of the Xanadu hypertext publishing system, and a representative to the EcmaScript committee.
|
Presentation: "Remaining Hazards and Mitigating Patterns of Secure Mashups in EcmaScript 5"Time: Friday 16:50 - 17:50 Location: Metropolitan Ballroom II & III
Abstract: To make secure mashups practical, we must address both the offensive code problem and the defensive code problem. The offensive code problem is familiar -- how to keep potentially hostile programs from exceeding their proper authority. The defensive code problem is how to write abstractions with rich APIs to be exposed to potential hostile code that can nevertheless robustly defend their own integrity. Mashing up mutually suspicious bodies of code requires a symmetric solution to both problems.
JavaScript is the language of mashups. We designed the latest JavaScript standard, EcmaScript 5, with the features needed to turn itself into Secure EcmaScript (SES) -- an object-capability subset of JavaScript adequate to solve both these problems. However, JavaScript's evolution is constrained by its history so there was only so much we could fix. Remaining unfixable irregularities of JavaScript create surprising new security hazards. We present several patterns for programming in SES that help programmers avoid these remaining traps and successfully write fully defensive abstractions. Time permitting, we will also explain how expected features of the next EcmaScript standard will provide even better support for secure programming. |
 |
||
