Object Capabilities for Security

Get the latest Flash player

googletechtalks
December 04, 2007

Google Tech Talks November, 30 2007 ABSTRACT Existing systems often do a poor job of meeting the principle of least privilege. I will discuss how object capability systems and language-based meth...

Google Tech Talks
November, 30 2007

ABSTRACT

Existing systems often do a poor job of meeting the principle of least privilege. I will discuss how object capability systems and language-based methods can help address this shortcoming. In language-based object capability systems, an object reference is treated as a capability; unforgeability of references ensures unforgeability of capabilities; and all privileges are expressed as capabilities in this way. This makes it possible to decompose the system into distrusting "privilege-separated" components, providing each component with the least privilege it needs to do its job; to reason about the privileges and powers available to various program elements, often in a local (modular) way; and to avoid common pitfalls, such as confused deputy and TOCTTOU vulnerabilities.

I will attempt to introduce the audience to some work in this area that is perhaps not so widely known, and I will describe some work in progress to construct a subset of Java, called Joe-E, that is intended to enable capability-style programming using a programming syntax that is familiar to Java programmers.

Speaker: David Wagner
David Wagner is an Associate Professor in the Computer Science Division at the University of California at Berkeley with extensive experience in computer security and cryptography. He and his Berkeley colleagues are known for discovering a wide variety of security vulnerabilities in various cellphone standards, 802.11 wireless networks, and other widely deployed systems, and he has published two books and over 90 peer-reviewed scientific papers. David is a founding member of the ACCURATE center on electronic voting. He is active in the areas of systems security, cryptography, and electronic voting.

Category: People & Blogs

Tags:

google techtalks techtalk engedu talk talks googletechtalks education

More From: googletechtalks

Emerging Security Vulnerabilities & the Impact ...

6,507 views

Crime: The Real Internet Security Problem

6,182 views

Theory and Practice of Cryptography

22,168 views

Reverse engineering techniques to find security...

11,977 views

Theory and Practice of Cryptography

23,498 views

A Preview of Alice 3.0, Introductory Programmin...

33,747 views

Security's Once and Future King: Introducing Sm...

9,198 views

A Formal Approach for Developing Reliable Servi...

4,499 views

Security as a System-Level Constraint

3,485 views

Teaching Kids To Code

28,991 views

What Every Engineer Needs to Know About Securit...

2,402 views

Security is Broken

1,817 views

Advanced Topics in Programming Languages: Java ...

79,563 views

Aspect-Oriented Modeling - what it is and what ...

8,609 views

The Web That Wasn't

36,922 views

Practical Quantum Cryptography and Possible Att...

7,477 views

Getting C++ Threads Right

50,970 views

JavaScript: The Good Parts

50,597 views

Enabling Object Search rather than Page Search

2,849 views

WINE Conf 2007 - Wine and Samba

1,979 views

See all 1199 videos

Play All Stop Autoplaying | Play Next

QuickList(0)

Clear | Save

15 ratings

6,458 views

Favorite

Playlists

Flag

Want to add to Favorites? Sign In or Sign Up now!

Want to add to Playlists? Sign In or Sign Up now!

Want to flag a video? Sign In or Sign Up now!

Statistics & Data

Video Responses (0)

This video has no Responses. Be the first to Post a Video Response.

Text Comments (4) Options

douggypowis (9 months ago) Show Hide

Marked as spam

Yes well kudos to him, I think he adequately explains this topic :)

mettalika26 (1 year ago) Show Hide

Marked as spam

hkyuuuu

cristiandeidaho (1 year ago) Show Hide

-4

Marked as spam

Uhm gosh uhm people need to learn how to uh give a presentation, uh but, uhm, so uhm, uh in particular, you should review your presentation before you give it, uhm yes uhm.

Argonaut22j (1 year ago) Show Hide

-5

Marked as spam

Yeah, that guy needs to take a breath and realize that he's getting paid to communicate, not just think.

Showing 4 of 4 comments

Show More Comments

View All 4 comments

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.

YouTube	Programs	Help	Policy	Discover
Contact Us	Advertising	Get Help	Privacy Policy	YouTube on Your Phone
YouTube Store	Developers	YouTube Handbook	Terms of Service	YouTube on Your Site
Press Room	Partnerships	Community Help Forums	Copyright Notices	YouTube on Your TV
Business Blog	Content Management	Safety Center	Community Guidelines	YouTube RSS Feeds
YouTube Blog		Creator's Corner		TestTube

Add YouTube to your Google homepage

Current Location: Worldwide Show locations

Object Capabilities for Security

More From: googletechtalks

QuickList(0)

Related Videos

Statistics & Data

Video Responses (0)

Text Comments (4) Options

Would you like to comment?