Comments on: Languages and security: a short reading list

By: Ben Laurie

Ben Laurie — Fri, 13 Mar 2009 14:43:10 +0000

I'm sad that you didn't reference my wonderful paper on capabilities (called "Access Control" to fool the sceptics). Designed to be rather easier reading than Mark's thesis or the Caja website :-)

By: James Iry

James Iry — Wed, 11 Mar 2009 15:19:25 +0000

There's a discussion on Lambda the Ultimate.

By: Grant Rettke

Grant Rettke — Wed, 11 Mar 2009 01:49:43 +0000

How would you classify Spark ADA?

By: Mark S. Miller

Mark S. Miller — Tue, 10 Mar 2009 15:55:01 +0000

Hi Ivan,

Thanks for the kind words as well as the helpful criticism. I’d just like to clarify that Caja is the joint work of Mike Samuel, Ihab Awad, Ben Laurie, Mike Stay, Jasvir Nagra, and myself; with significant contributions from David-Sarah Hopwood and Doug Crockford. Joe-E is the joint work of Adrian Mettler and David Wagner.

Any suggestions for how members of school 3 could better explain ourselves? The horrible state of our current explanations is not due to lack of trying. Perhaps a fresh angle is needed?

By: Steven Cheng

Steven Cheng — Tue, 10 Mar 2009 15:06:27 +0000

Are there any approaches that introduce/use programming language features to better capture and abstract standard security practices?

So maybe something like static typing used to ensure that information is exchanged in a certain way?

Guess that’s something like 2?