Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
MOZ
2004
Springer
2004
Springer
The Structure of Authority: Why Security Is Not a Separable Concern
Common programming practice grants excess authority for the sake of functionality; programming principles require least authority for the sake of security. If we practice our principles, we could have both security and functionality. Treating security as a separate concern has not succeeded in bridging the gap between principle and practice, because it operates without knowledge of what constitutes least authority. Only when requests are made – whether by humans acting through a user interface, or by one object invoking another – can we determine how much authority is adequate. Without this knowledge, we must provide programs with enough authority to do anything they might be requested to do. We examine the practice of least authority at four major layers of ion – from humans in an organization down to individual objects within a programming language. We explain the special role of objectcapability languages – such as E or the proposed Oz-E – in supporting practical least aut...
Real-time TrafficRelated Content
| Added | 02 Jul 2010 |
| Updated | 02 Jul 2010 |
| Type | Conference |
| Year | 2004 |
| Where | MOZ |
| Authors | Mark S. Miller, Bill Tulloh, Jonathan S. Shapiro |
Comments (0)
Researcher Info
|
