Enviar búsqueda
Cargar
Object Capability Security
•
Descargar como ODP, PDF
•
0 recomendaciones
•
390 vistas
R
rafaelferreira
Seguir
Slides for a talk on Object Capability Security given in AgileBrazil 2011.
Leer menos
Leer más
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 61
Descargar ahora
Recomendados
Александр Терещук - Memory Analyzer Tool and memory optimization tips in Android
Александр Терещук - Memory Analyzer Tool and memory optimization tips in Android
UA Mobile
20121108 html5 drag_drop
20121108 html5 drag_drop
LearningTech
TDD With Typescript - Noam Katzir
TDD With Typescript - Noam Katzir
Wix Engineering
C++ Programming - 6th Study
C++ Programming - 6th Study
Chris Ohk
REST e JSR-311
REST e JSR-311
rafaelferreira
Palestra Mocks - AgileBrazil 2010
Palestra Mocks - AgileBrazil 2010
rafaelferreira
Lambda Calculus
Lambda Calculus
rafaelferreira
Cloud Reliability Patterns
Cloud Reliability Patterns
rafaelferreira
Recomendados
Александр Терещук - Memory Analyzer Tool and memory optimization tips in Android
Александр Терещук - Memory Analyzer Tool and memory optimization tips in Android
UA Mobile
20121108 html5 drag_drop
20121108 html5 drag_drop
LearningTech
TDD With Typescript - Noam Katzir
TDD With Typescript - Noam Katzir
Wix Engineering
C++ Programming - 6th Study
C++ Programming - 6th Study
Chris Ohk
REST e JSR-311
REST e JSR-311
rafaelferreira
Palestra Mocks - AgileBrazil 2010
Palestra Mocks - AgileBrazil 2010
rafaelferreira
Lambda Calculus
Lambda Calculus
rafaelferreira
Cloud Reliability Patterns
Cloud Reliability Patterns
rafaelferreira
Bottom Up
Bottom Up
Brian Moschel
【第一季第二期】Dive into javascript event
【第一季第二期】Dive into javascript event
tbosstraining
Dive into javascript event
Dive into javascript event
Goddy Zhao
Advanced akka features
Advanced akka features
Grzegorz Duda
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
adamsapparelsformen
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Andrzej Ludwikowski
Event Sourcing - what could go wrong - Jfokus 2022
Event Sourcing - what could go wrong - Jfokus 2022
Andrzej Ludwikowski
Hibernate Presentation
Hibernate Presentation
guest11106b
ClojureScript Anatomy
ClojureScript Anatomy
Mike Fogus
Event Sourcing - what could possibly go wrong?
Event Sourcing - what could possibly go wrong?
Andrzej Ludwikowski
Reverse Engineering Malicious Javascript
Reverse Engineering Malicious Javascript
Yusuf Motiwala
React responsively, render responsibly - react meetup
React responsively, render responsibly - react meetup
Yoav Niran
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
Amazon Web Services
Data Binding in qooxdoo
Data Binding in qooxdoo
Martin Wittemann
Testing JS with Jasmine
Testing JS with Jasmine
Evgeny Gurin
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Codemotion
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
GeilDanke
Lagergren jvmls-2013-final
Lagergren jvmls-2013-final
Marcus Lagergren
Java Performance Tuning
Java Performance Tuning
Minh Hoang
On Failure and Resilience
On Failure and Resilience
Mike Brittain
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Más contenido relacionado
Similar a Object Capability Security
Bottom Up
Bottom Up
Brian Moschel
【第一季第二期】Dive into javascript event
【第一季第二期】Dive into javascript event
tbosstraining
Dive into javascript event
Dive into javascript event
Goddy Zhao
Advanced akka features
Advanced akka features
Grzegorz Duda
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
adamsapparelsformen
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Andrzej Ludwikowski
Event Sourcing - what could go wrong - Jfokus 2022
Event Sourcing - what could go wrong - Jfokus 2022
Andrzej Ludwikowski
Hibernate Presentation
Hibernate Presentation
guest11106b
ClojureScript Anatomy
ClojureScript Anatomy
Mike Fogus
Event Sourcing - what could possibly go wrong?
Event Sourcing - what could possibly go wrong?
Andrzej Ludwikowski
Reverse Engineering Malicious Javascript
Reverse Engineering Malicious Javascript
Yusuf Motiwala
React responsively, render responsibly - react meetup
React responsively, render responsibly - react meetup
Yoav Niran
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
Amazon Web Services
Data Binding in qooxdoo
Data Binding in qooxdoo
Martin Wittemann
Testing JS with Jasmine
Testing JS with Jasmine
Evgeny Gurin
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Codemotion
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
GeilDanke
Lagergren jvmls-2013-final
Lagergren jvmls-2013-final
Marcus Lagergren
Java Performance Tuning
Java Performance Tuning
Minh Hoang
On Failure and Resilience
On Failure and Resilience
Mike Brittain
Similar a Object Capability Security
(20)
Bottom Up
Bottom Up
【第一季第二期】Dive into javascript event
【第一季第二期】Dive into javascript event
Dive into javascript event
Dive into javascript event
Advanced akka features
Advanced akka features
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Event Sourcing - what could go wrong - Jfokus 2022
Event Sourcing - what could go wrong - Jfokus 2022
Hibernate Presentation
Hibernate Presentation
ClojureScript Anatomy
ClojureScript Anatomy
Event Sourcing - what could possibly go wrong?
Event Sourcing - what could possibly go wrong?
Reverse Engineering Malicious Javascript
Reverse Engineering Malicious Javascript
React responsively, render responsibly - react meetup
React responsively, render responsibly - react meetup
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
Data Binding in qooxdoo
Data Binding in qooxdoo
Testing JS with Jasmine
Testing JS with Jasmine
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
Lagergren jvmls-2013-final
Lagergren jvmls-2013-final
Java Performance Tuning
Java Performance Tuning
On Failure and Resilience
On Failure and Resilience
Último
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Último
(20)
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Object Capability Security
1.
Object Capability
Security Rafael Ferreira
2.
3.
4.
5.
Melissa
6.
Document
7.
Document Macro
8.
Document Macro
9.
Ambient Document Macro
10.
Address book
Ambient Document Macro
11.
Address book
Ambient Document Macro
12.
13.
Mafia Ville
14.
Mafia Ville Farm Wars
15.
Ambient Mafia
Ville Farm Wars
16.
Ambient Mafia
Ville Farm Wars
17.
Ambient Untrusted
18.
19.
X Ambient Untrusted
20.
21.
Ambient Sandbox
Untrusted
22.
Ambient Sandbox
Untrusted
23.
Ambient Sandbox
Untrusted
24.
X Ambient Untrusted
25.
Untrusted
26.
OBJ
ECT S Untrusted
27.
How do objects
Meet?
28.
var Creature =
function () {...} var TheCreator = { make: function() { var creature = new Creature } }
29.
Parenthood var Creature =
function () {...} var TheCreator = { make: function() { var creature = new Creature } }
30.
make: function() {
var reference = ... var newObject = { ... var copy = reference } }
31.
Endowment make: function() {
var reference = ... var newObject = { ... var copy = reference } }
32.
meet: function() {
var someObject = ... var otherObject = ... someObject.doSomething(otherObject) }
33.
Introduction meet: function() {
var someObject = ... var otherObject = ... someObject.doSomething(otherObject) }
34.
this.reference = window
.document .getElementById("farmWarsDiv")
35.
Ambient this.reference = window
.document .getElementById("farmWarsDiv")
36.
X
Ambient this.reference = window .document .getElementById("farmWarsDiv")
37.
Only connectivity begets connectivity
38.
Address book
Ambient Document Macro
39.
Address book Text Editor
Document
40.
Address book Text Editor
Document Macro
41.
Address book Text Editor
Document Macro
42.
Object Capability · Memory
Safety · No global actions · No magic objects · Encapsulation
43.
The reference graph is
the access graph
44.
Ambient Mafia
Ville Farm Wars
45.
Host page
46.
Widget
Area > <div Host page
47.
Widget
Area Mafia > <div Ville Host page
48.
Widget
Area Mafia > <div Ville Host page
49.
Widget
Area Mafia > <div Ville Host page <di v> Widget Area Farm Wars
50.
Object Capability · Memory
Safety · No global actions · No magic objects · Encapsulation
51.
Object Capability · Memory
Safety · No global actions · No magic objects · Encapsulation c ri pt av as J
52.
Google Caja
53.
Google Caja J avas
cript Ja vasc ript Se cure
54.
EcmaScript.Next Still Unsafe
55.
EcmaScript.Next Still Unsafe
Can be secured
56.
EcmaScript.Next · “use strict;” ·
Object.freeze · Module System · Safe Eval · Proxies
57.
Caretaker
StatusUpdater = { updateStatus: function(message) }
58.
Caretaker
StatusUpdater Host Widget page
59.
Caretaker StatusUpdater
Proxy Host page Widget
60.
Caretaker StatusUpdater
Proxy Host page Gate Widget
61.
obrigado @rafaeldff
Notas del editor
Live documents 1970 Smalltalk
Macros
I love you virus
Melissa Macro Virus
Macro changes the current document (inserting Simpsons quotes)
Descargar ahora