Object Capability Security
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Object Capability Security

  • 165 views
Uploaded on

Slides for a talk on Object Capability Security given in AgileBrazil 2011.

Slides for a talk on Object Capability Security given in AgileBrazil 2011.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
165
On Slideshare
158
From Embeds
7
Number of Embeds
2

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 7

http://www.linkedin.com 6
https://www.linkedin.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Live documents 1970 Smalltalk
  • Macros
  • I love you virus
  • Melissa Macro Virus
  • Macro changes the current document (inserting Simpsons quotes)

Transcript

  • 1. Object Capability Security Rafael Ferreira
  • 2. Melissa
  • 3. Document
  • 4. DocumentMacro
  • 5. DocumentMacro
  • 6. Ambient Document Macro
  • 7. Addressbook Ambient Document Macro
  • 8. Addressbook Ambient Document Macro
  • 9. Mafia Ville
  • 10. Mafia VilleFarm Wars
  • 11. Ambient Mafia Ville Farm Wars
  • 12. Ambient Mafia Ville Farm Wars
  • 13. Ambient Untrusted
  • 14. XAmbient Untrusted
  • 15. AmbientSandbox Untrusted
  • 16. AmbientSandbox Untrusted
  • 17. AmbientSandbox Untrusted
  • 18. XAmbient Untrusted
  • 19. Untrusted
  • 20. OBJ ECT SUntrusted
  • 21. How do objects Meet?
  • 22. var Creature = function () {...}var TheCreator = { make: function() { var creature = new Creature }}
  • 23. Parenthoodvar Creature = function () {...}var TheCreator = { make: function() { var creature = new Creature }}
  • 24. make: function() { var reference = ... var newObject = { ... var copy = reference }}
  • 25. Endowmentmake: function() { var reference = ... var newObject = { ... var copy = reference }}
  • 26. meet: function() { var someObject = ... var otherObject = ... someObject.doSomething(otherObject)}
  • 27. Introductionmeet: function() { var someObject = ... var otherObject = ... someObject.doSomething(otherObject)}
  • 28. this.reference = window .document .getElementById("farmWarsDiv")
  • 29. Ambientthis.reference = window .document .getElementById("farmWarsDiv")
  • 30. X Ambientthis.reference = window .document .getElementById("farmWarsDiv")
  • 31. Only connectivitybegets connectivity
  • 32. Addressbook Ambient Document Macro
  • 33. AddressbookText Editor Document
  • 34. AddressbookText Editor Document Macro
  • 35. AddressbookText Editor Document Macro
  • 36. Object Capability· Memory Safety· No global actions· No magic objects· Encapsulation
  • 37. The reference graphis the access graph
  • 38. Ambient Mafia Ville Farm Wars
  • 39. Hostpage
  • 40. Widget Area > <divHostpage
  • 41. Widget Area Mafia > <div VilleHostpage
  • 42. Widget Area Mafia > <div VilleHostpage
  • 43. Widget Area Mafia > <div VilleHostpage <di v> Widget Area Farm Wars
  • 44. Object Capability· Memory Safety· No global actions· No magic objects· Encapsulation
  • 45. Object Capability· Memory Safety· No global actions· No magic objects· Encapsulation c ri pt av as J
  • 46. Google Caja
  • 47. Google CajaJ avas cript Ja vasc ript Se cure
  • 48. EcmaScript.NextStill Unsafe
  • 49. EcmaScript.NextStill Unsafe Can be secured
  • 50. EcmaScript.Next· “use strict;”· Object.freeze· Module System · Safe Eval· Proxies
  • 51. Caretaker StatusUpdater= { updateStatus: function(message)}
  • 52. Caretaker StatusUpdaterHost Widgetpage
  • 53. Caretaker StatusUpdater ProxyHostpage Widget
  • 54. Caretaker StatusUpdater ProxyHostpage Gate Widget
  • 55. obrigado@rafaeldff