• About
  • About the Department
  • Contact
  • Directions
  • Partners
  • Rooms
  • Systems & Software
  • Conduit
  • News
  • Events
  • Blog
• People
  • Our Community
  • Faculty
  • Staff
  • Grad Students
  • Ugrad Students
  • Alums
  • Directory
• Research
  • Research Links
  • Areas
  • Publications
• Degrees
  • Degree Programs
  • Doctoral
  • Masters
  • Undergrad
  • Programs
  • Miscellaneous
• Courses
  • Course List
  • Schedule
  • Sections
  • TA Program

The 40th IPP Symposium

Tradeoffs in Retrofitting Security: An Experience Report

Mark S. Miller, Google

In 1973, John Reynold's and James Morris' Gedanken Language retrofit object-capability security into an Algol-like base language. Today, there are active projects retrofitting Java, Javascript, Python, Mozart/Oz, OCaml, Perl, and Pict. These represent a variety of approaches, with different tradeoffs regarding legacy compatibility, safety, and expressivity. In this talk I propose a taxonomy of these approaches, and discuss some of the lessons learned to date. I will also demo CapDesk, a proof of concept of a virus-safe desktop, applying object-capability principles at the user interface level.

Mark S. Miller is a research scientist at Google working on Caja, open source coordinator for the E secure distributed programming language, co-creator of the agoric paradigm of market-based computing, and an architect of the Xanadu hypertext publishing system.