[Pl-seminar] 10/23: Scott Moore, Secure Scripting with Capabilities and Contracts

[Vincent St-Amour]

NUPRL Seminar presents

Scott Moore
Harvard University

4:00 - 5:30 (non-standard time)
Thursday, 10/23 (non-standard day)
Room 128 Forsyth Building[1] (non-standard place)


Secure Scripting with Capabilities and Contracts

Abstract:
Capability-based security is a security paradigm where all access decisions
are mediated by unforgeable tokens of authority. Capabilities are powerful
because they allow individual components to delegate authority to each
other in a fine-grained way. Unfortunately, reasoning about how
capabilities are used can be difficult.

Behavioral contracts are a widely used specification tool for software
components. Contracts enrich interfaces with executable specifications of
logical assertions. The rigorous enforcement of contracts provides to
programmers precise guarantees about a program's execution, and offers
useful feedback for debugging contract violations.

In this talk, I will demonstrate how capabilities and contracts can be used
together to develop programs with clear, declarative security
specifications. Specifically, I will focus on two applications of contracts
in capability-based security. First, I will describe Shill; a
capability-based shell scripting language where contracts specify and
enforce policies about which OS resources scripts intend to use and how
they use them. These contracts help script authors and users to adhere to
the Principle of Least Privilege. Shill extends the guarantees that these
contracts provide to arbitrary programs using sandboxing techniques.
Second, I will present a contract system for describing and enforcing
declarative policies on the flow of capabilities between components. Using
this system, components can specify not only what capabilities they require
from their users, but also how they intend to share these capabilities with
other components.


[1] Building 55 on http://www.northeastern.edu/campusmap/map/index.html