Suche senden
Hochladen
Object Capability Security
•
Als ODP, PDF herunterladen
•
0 gefällt mir
•
390 views
R
rafaelferreira
Folgen
Slides for a talk on Object Capability Security given in AgileBrazil 2011.
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 61
Jetzt herunterladen
Empfohlen
Александр Терещук - Memory Analyzer Tool and memory optimization tips in Android
Александр Терещук - Memory Analyzer Tool and memory optimization tips in Android
UA Mobile
20121108 html5 drag_drop
20121108 html5 drag_drop
LearningTech
TDD With Typescript - Noam Katzir
TDD With Typescript - Noam Katzir
Wix Engineering
C++ Programming - 6th Study
C++ Programming - 6th Study
Chris Ohk
REST e JSR-311
REST e JSR-311
rafaelferreira
Palestra Mocks - AgileBrazil 2010
Palestra Mocks - AgileBrazil 2010
rafaelferreira
Lambda Calculus
Lambda Calculus
rafaelferreira
Cloud Reliability Patterns
Cloud Reliability Patterns
rafaelferreira
Empfohlen
Александр Терещук - Memory Analyzer Tool and memory optimization tips in Android
Александр Терещук - Memory Analyzer Tool and memory optimization tips in Android
UA Mobile
20121108 html5 drag_drop
20121108 html5 drag_drop
LearningTech
TDD With Typescript - Noam Katzir
TDD With Typescript - Noam Katzir
Wix Engineering
C++ Programming - 6th Study
C++ Programming - 6th Study
Chris Ohk
REST e JSR-311
REST e JSR-311
rafaelferreira
Palestra Mocks - AgileBrazil 2010
Palestra Mocks - AgileBrazil 2010
rafaelferreira
Lambda Calculus
Lambda Calculus
rafaelferreira
Cloud Reliability Patterns
Cloud Reliability Patterns
rafaelferreira
Bottom Up
Bottom Up
Brian Moschel
【第一季第二期】Dive into javascript event
【第一季第二期】Dive into javascript event
tbosstraining
Dive into javascript event
Dive into javascript event
Goddy Zhao
Advanced akka features
Advanced akka features
Grzegorz Duda
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
adamsapparelsformen
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Andrzej Ludwikowski
Event Sourcing - what could go wrong - Jfokus 2022
Event Sourcing - what could go wrong - Jfokus 2022
Andrzej Ludwikowski
Hibernate Presentation
Hibernate Presentation
guest11106b
ClojureScript Anatomy
ClojureScript Anatomy
Mike Fogus
Event Sourcing - what could possibly go wrong?
Event Sourcing - what could possibly go wrong?
Andrzej Ludwikowski
Reverse Engineering Malicious Javascript
Reverse Engineering Malicious Javascript
Yusuf Motiwala
React responsively, render responsibly - react meetup
React responsively, render responsibly - react meetup
Yoav Niran
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
Amazon Web Services
Data Binding in qooxdoo
Data Binding in qooxdoo
Martin Wittemann
Testing JS with Jasmine
Testing JS with Jasmine
Evgeny Gurin
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Codemotion
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
GeilDanke
Lagergren jvmls-2013-final
Lagergren jvmls-2013-final
Marcus Lagergren
Java Performance Tuning
Java Performance Tuning
Minh Hoang
On Failure and Resilience
On Failure and Resilience
Mike Brittain
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Weitere ähnliche Inhalte
Ähnlich wie Object Capability Security
Bottom Up
Bottom Up
Brian Moschel
【第一季第二期】Dive into javascript event
【第一季第二期】Dive into javascript event
tbosstraining
Dive into javascript event
Dive into javascript event
Goddy Zhao
Advanced akka features
Advanced akka features
Grzegorz Duda
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
adamsapparelsformen
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Andrzej Ludwikowski
Event Sourcing - what could go wrong - Jfokus 2022
Event Sourcing - what could go wrong - Jfokus 2022
Andrzej Ludwikowski
Hibernate Presentation
Hibernate Presentation
guest11106b
ClojureScript Anatomy
ClojureScript Anatomy
Mike Fogus
Event Sourcing - what could possibly go wrong?
Event Sourcing - what could possibly go wrong?
Andrzej Ludwikowski
Reverse Engineering Malicious Javascript
Reverse Engineering Malicious Javascript
Yusuf Motiwala
React responsively, render responsibly - react meetup
React responsively, render responsibly - react meetup
Yoav Niran
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
Amazon Web Services
Data Binding in qooxdoo
Data Binding in qooxdoo
Martin Wittemann
Testing JS with Jasmine
Testing JS with Jasmine
Evgeny Gurin
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Codemotion
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
GeilDanke
Lagergren jvmls-2013-final
Lagergren jvmls-2013-final
Marcus Lagergren
Java Performance Tuning
Java Performance Tuning
Minh Hoang
On Failure and Resilience
On Failure and Resilience
Mike Brittain
Ähnlich wie Object Capability Security
(20)
Bottom Up
Bottom Up
【第一季第二期】Dive into javascript event
【第一季第二期】Dive into javascript event
Dive into javascript event
Dive into javascript event
Advanced akka features
Advanced akka features
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
Do it in Java Please ExamPrep4_Spring2023 Source Packages lo.pdf
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Event sourcing - what could possibly go wrong ? Devoxx PL 2021
Event Sourcing - what could go wrong - Jfokus 2022
Event Sourcing - what could go wrong - Jfokus 2022
Hibernate Presentation
Hibernate Presentation
ClojureScript Anatomy
ClojureScript Anatomy
Event Sourcing - what could possibly go wrong?
Event Sourcing - what could possibly go wrong?
Reverse Engineering Malicious Javascript
Reverse Engineering Malicious Javascript
React responsively, render responsibly - react meetup
React responsively, render responsibly - react meetup
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
(APP310) Scheduling Using Apache Mesos in the Cloud | AWS re:Invent 2014
Data Binding in qooxdoo
Data Binding in qooxdoo
Testing JS with Jasmine
Testing JS with Jasmine
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
Andrzej Ludwikowski - Event Sourcing - what could possibly go wrong? - Codemo...
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
WebXR: A New Dimension For The Web Writing Virtual and Augmented Reality Apps...
Lagergren jvmls-2013-final
Lagergren jvmls-2013-final
Java Performance Tuning
Java Performance Tuning
On Failure and Resilience
On Failure and Resilience
Kürzlich hochgeladen
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Kürzlich hochgeladen
(20)
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Object Capability Security
1.
Object Capability
Security Rafael Ferreira
2.
3.
4.
5.
Melissa
6.
Document
7.
Document Macro
8.
Document Macro
9.
Ambient Document Macro
10.
Address book
Ambient Document Macro
11.
Address book
Ambient Document Macro
12.
13.
Mafia Ville
14.
Mafia Ville Farm Wars
15.
Ambient Mafia
Ville Farm Wars
16.
Ambient Mafia
Ville Farm Wars
17.
Ambient Untrusted
18.
19.
X Ambient Untrusted
20.
21.
Ambient Sandbox
Untrusted
22.
Ambient Sandbox
Untrusted
23.
Ambient Sandbox
Untrusted
24.
X Ambient Untrusted
25.
Untrusted
26.
OBJ
ECT S Untrusted
27.
How do objects
Meet?
28.
var Creature =
function () {...} var TheCreator = { make: function() { var creature = new Creature } }
29.
Parenthood var Creature =
function () {...} var TheCreator = { make: function() { var creature = new Creature } }
30.
make: function() {
var reference = ... var newObject = { ... var copy = reference } }
31.
Endowment make: function() {
var reference = ... var newObject = { ... var copy = reference } }
32.
meet: function() {
var someObject = ... var otherObject = ... someObject.doSomething(otherObject) }
33.
Introduction meet: function() {
var someObject = ... var otherObject = ... someObject.doSomething(otherObject) }
34.
this.reference = window
.document .getElementById("farmWarsDiv")
35.
Ambient this.reference = window
.document .getElementById("farmWarsDiv")
36.
X
Ambient this.reference = window .document .getElementById("farmWarsDiv")
37.
Only connectivity begets connectivity
38.
Address book
Ambient Document Macro
39.
Address book Text Editor
Document
40.
Address book Text Editor
Document Macro
41.
Address book Text Editor
Document Macro
42.
Object Capability · Memory
Safety · No global actions · No magic objects · Encapsulation
43.
The reference graph is
the access graph
44.
Ambient Mafia
Ville Farm Wars
45.
Host page
46.
Widget
Area > <div Host page
47.
Widget
Area Mafia > <div Ville Host page
48.
Widget
Area Mafia > <div Ville Host page
49.
Widget
Area Mafia > <div Ville Host page <di v> Widget Area Farm Wars
50.
Object Capability · Memory
Safety · No global actions · No magic objects · Encapsulation
51.
Object Capability · Memory
Safety · No global actions · No magic objects · Encapsulation c ri pt av as J
52.
Google Caja
53.
Google Caja J avas
cript Ja vasc ript Se cure
54.
EcmaScript.Next Still Unsafe
55.
EcmaScript.Next Still Unsafe
Can be secured
56.
EcmaScript.Next · “use strict;” ·
Object.freeze · Module System · Safe Eval · Proxies
57.
Caretaker
StatusUpdater = { updateStatus: function(message) }
58.
Caretaker
StatusUpdater Host Widget page
59.
Caretaker StatusUpdater
Proxy Host page Widget
60.
Caretaker StatusUpdater
Proxy Host page Gate Widget
61.
obrigado @rafaeldff
Hinweis der Redaktion
Live documents 1970 Smalltalk
Macros
I love you virus
Melissa Macro Virus
Macro changes the current document (inserting Simpsons quotes)
Jetzt herunterladen