Submit Search
Upload
Object Capability Security
•
Download as ODP, PDF
•
0 likes
•
390 views
R
rafaelferreira
Follow
Slides for a talk on Object Capability Security given in AgileBrazil 2011.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 61
Download now
Recommended
Александр Терещук - Memory Analyzer Tool and memory optimization tips in Android
Александр Терещук - Memory Analyzer Tool and memory optimization tips in Android
UA Mobile
20121108 html5 drag_drop
20121108 html5 drag_drop
LearningTech
TDD With Typescript - Noam Katzir
TDD With Typescript - Noam Katzir
Wix Engineering
C++ Programming - 6th Study
C++ Programming - 6th Study
Chris Ohk
REST e JSR-311
REST e JSR-311
rafaelferreira
Palestra Mocks - AgileBrazil 2010
Palestra Mocks - AgileBrazil 2010
rafaelferreira
Lambda Calculus
Lambda Calculus
rafaelferreira
Cloud Reliability Patterns
Cloud Reliability Patterns
rafaelferreira
Recommended
Александр Терещук - Memory Analyzer Tool and memory optimization tips in Android
Александр Терещук - Memory Analyzer Tool and memory optimization tips in Android
UA Mobile
20121108 html5 drag_drop
20121108 html5 drag_drop
LearningTech
TDD With Typescript - Noam Katzir
TDD With Typescript - Noam Katzir
Wix Engineering
C++ Programming - 6th Study
C++ Programming - 6th Study
Chris Ohk
REST e JSR-311
REST e JSR-311
rafaelferreira
Palestra Mocks - AgileBrazil 2010
Palestra Mocks - AgileBrazil 2010
rafaelferreira
Lambda Calculus
Lambda Calculus
rafaelferreira
Cloud Reliability Patterns
Cloud Reliability Patterns
rafaelferreira
Bottom Up
Bottom Up
Brian Moschel
【第一季第二期】Dive into javascript event
【第一季第二期】Dive into javascript event
tbosstraining
Dive into javascript event
Dive into javascript event
Goddy Zhao
Advanced akka features
Advanced akka features
Grzegorz Duda
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
adamsapparelsformen
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Andrzej Ludwikowski
Event Sourcing - what could go wrong - Jfokus 2022
Event Sourcing - what could go wrong - Jfokus 2022
Andrzej Ludwikowski
Hibernate Presentation
Hibernate Presentation
guest11106b
ClojureScript Anatomy
ClojureScript Anatomy
Mike Fogus
Event Sourcing - what could possibly go wrong?
Event Sourcing - what could possibly go wrong?
Andrzej Ludwikowski
Reverse Engineering Malicious Javascript
Reverse Engineering Malicious Javascript
Yusuf Motiwala
React responsively, render responsibly - react meetup
React responsively, render responsibly - react meetup
Yoav Niran
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
Amazon Web Services
Data Binding in qooxdoo
Data Binding in qooxdoo
Martin Wittemann
Testing JS with Jasmine
Testing JS with Jasmine
Evgeny Gurin
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Codemotion
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
GeilDanke
Lagergren jvmls-2013-final
Lagergren jvmls-2013-final
Marcus Lagergren
Java Performance Tuning
Java Performance Tuning
Minh Hoang
On Failure and Resilience
On Failure and Resilience
Mike Brittain
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
More Related Content
Similar to Object Capability Security
Bottom Up
Bottom Up
Brian Moschel
【第一季第二期】Dive into javascript event
【第一季第二期】Dive into javascript event
tbosstraining
Dive into javascript event
Dive into javascript event
Goddy Zhao
Advanced akka features
Advanced akka features
Grzegorz Duda
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
adamsapparelsformen
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Andrzej Ludwikowski
Event Sourcing - what could go wrong - Jfokus 2022
Event Sourcing - what could go wrong - Jfokus 2022
Andrzej Ludwikowski
Hibernate Presentation
Hibernate Presentation
guest11106b
ClojureScript Anatomy
ClojureScript Anatomy
Mike Fogus
Event Sourcing - what could possibly go wrong?
Event Sourcing - what could possibly go wrong?
Andrzej Ludwikowski
Reverse Engineering Malicious Javascript
Reverse Engineering Malicious Javascript
Yusuf Motiwala
React responsively, render responsibly - react meetup
React responsively, render responsibly - react meetup
Yoav Niran
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
Amazon Web Services
Data Binding in qooxdoo
Data Binding in qooxdoo
Martin Wittemann
Testing JS with Jasmine
Testing JS with Jasmine
Evgeny Gurin
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Codemotion
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
GeilDanke
Lagergren jvmls-2013-final
Lagergren jvmls-2013-final
Marcus Lagergren
Java Performance Tuning
Java Performance Tuning
Minh Hoang
On Failure and Resilience
On Failure and Resilience
Mike Brittain
Similar to Object Capability Security
(20)
Bottom Up
Bottom Up
【第一季第二期】Dive into javascript event
【第一季第二期】Dive into javascript event
Dive into javascript event
Dive into javascript event
Advanced akka features
Advanced akka features
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Event Sourcing - what could go wrong - Jfokus 2022
Event Sourcing - what could go wrong - Jfokus 2022
Hibernate Presentation
Hibernate Presentation
ClojureScript Anatomy
ClojureScript Anatomy
Event Sourcing - what could possibly go wrong?
Event Sourcing - what could possibly go wrong?
Reverse Engineering Malicious Javascript
Reverse Engineering Malicious Javascript
React responsively, render responsibly - react meetup
React responsively, render responsibly - react meetup
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
Data Binding in qooxdoo
Data Binding in qooxdoo
Testing JS with Jasmine
Testing JS with Jasmine
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
Lagergren jvmls-2013-final
Lagergren jvmls-2013-final
Java Performance Tuning
Java Performance Tuning
On Failure and Resilience
On Failure and Resilience
Recently uploaded
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Bhuvaneswari Subramani
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Recently uploaded
(20)
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Object Capability Security
1.
Object Capability
Security Rafael Ferreira
2.
3.
4.
5.
Melissa
6.
Document
7.
Document Macro
8.
Document Macro
9.
Ambient Document Macro
10.
Address book
Ambient Document Macro
11.
Address book
Ambient Document Macro
12.
13.
Mafia Ville
14.
Mafia Ville Farm Wars
15.
Ambient Mafia
Ville Farm Wars
16.
Ambient Mafia
Ville Farm Wars
17.
Ambient Untrusted
18.
19.
X Ambient Untrusted
20.
21.
Ambient Sandbox
Untrusted
22.
Ambient Sandbox
Untrusted
23.
Ambient Sandbox
Untrusted
24.
X Ambient Untrusted
25.
Untrusted
26.
OBJ
ECT S Untrusted
27.
How do objects
Meet?
28.
var Creature =
function () {...} var TheCreator = { make: function() { var creature = new Creature } }
29.
Parenthood var Creature =
function () {...} var TheCreator = { make: function() { var creature = new Creature } }
30.
make: function() {
var reference = ... var newObject = { ... var copy = reference } }
31.
Endowment make: function() {
var reference = ... var newObject = { ... var copy = reference } }
32.
meet: function() {
var someObject = ... var otherObject = ... someObject.doSomething(otherObject) }
33.
Introduction meet: function() {
var someObject = ... var otherObject = ... someObject.doSomething(otherObject) }
34.
this.reference = window
.document .getElementById("farmWarsDiv")
35.
Ambient this.reference = window
.document .getElementById("farmWarsDiv")
36.
X
Ambient this.reference = window .document .getElementById("farmWarsDiv")
37.
Only connectivity begets connectivity
38.
Address book
Ambient Document Macro
39.
Address book Text Editor
Document
40.
Address book Text Editor
Document Macro
41.
Address book Text Editor
Document Macro
42.
Object Capability · Memory
Safety · No global actions · No magic objects · Encapsulation
43.
The reference graph is
the access graph
44.
Ambient Mafia
Ville Farm Wars
45.
Host page
46.
Widget
Area > <div Host page
47.
Widget
Area Mafia > <div Ville Host page
48.
Widget
Area Mafia > <div Ville Host page
49.
Widget
Area Mafia > <div Ville Host page <di v> Widget Area Farm Wars
50.
Object Capability · Memory
Safety · No global actions · No magic objects · Encapsulation
51.
Object Capability · Memory
Safety · No global actions · No magic objects · Encapsulation c ri pt av as J
52.
Google Caja
53.
Google Caja J avas
cript Ja vasc ript Se cure
54.
EcmaScript.Next Still Unsafe
55.
EcmaScript.Next Still Unsafe
Can be secured
56.
EcmaScript.Next · “use strict;” ·
Object.freeze · Module System · Safe Eval · Proxies
57.
Caretaker
StatusUpdater = { updateStatus: function(message) }
58.
Caretaker
StatusUpdater Host Widget page
59.
Caretaker StatusUpdater
Proxy Host page Widget
60.
Caretaker StatusUpdater
Proxy Host page Gate Widget
61.
obrigado @rafaeldff
Editor's Notes
Live documents 1970 Smalltalk
Macros
I love you virus
Melissa Macro Virus
Macro changes the current document (inserting Simpsons quotes)
Download now