Advertisement

Capabilities: Effects for Free

  • Aaron Craig
  • Alex PotaninEmail author
  • Lindsay Groves
  • Jonathan Aldrich
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11232)

Abstract

Object capabilities are increasingly used to reason informally about the properties of secure systems. But can capabilities also aid in formal reasoning? To answer this question, we examine a calculus that uses effects to capture resource use and extend it to support capability-based reasoning. We demonstrate that capabilities provide a way to reason about effects: we can bound the effects of an expression based on the capabilities to which it has access. This reasoning is “free” in that it relies only on type-checking (not effect-checking), does not require the programmer to add effect annotations within the expression, and does not require the expression to be analysed for its effects. Our result sheds light on the essence of what capabilities provide and suggests ways of integrating lightweight capability-based reasoning into languages.

References

  1. 1.
    Coker, Z., Maass, M., Ding, T., Le Goues, C., Sunshine, J.: Evaluating the flexibility of the Java sandbox. In: Proceedings of the 31st Annual Computer Security Applications Conference, ACSAC 2015, USA, pp. 1–10 (2015)Google Scholar
  2. 2.
    Craig, A., Potanin, A., Groves, L., Aldrich, J.: Capabilities: effects for free. Technical report, School of Engineering and Computer Science, Victoria University of Wellington, Wellington, New Zealand (2018). https://ecs.victoria.ac.nz/Main/TechnicalReportSeries
  3. 3.
    Dennis, J.B., Van Horn, E.C.: Programming semantics for multiprogrammed computations. Commun. ACM 9(3), 143–155 (1966)CrossRefGoogle Scholar
  4. 4.
    Devriese, D., Birkedal, L., Piessens, F.: Reasoning about object capabilities with logical relations and effect parametricity. In: IEEE European Symposium on Security and Privacy (2016)Google Scholar
  5. 5.
    Dimoulas, C., Moore, S., Askarov, A., Chong, S.: Declarative policies for capability control. In: Computer Security Foundations Symposium (2014)Google Scholar
  6. 6.
    Drossopoulou, S., Noble, J., Miller, M.S., Murray, T.: Reasoning about risk and trust in an open world. In: ECOOP, pp. 451–475 (2007)Google Scholar
  7. 7.
    Hunt, G., et al.: Sealing OS processes to improve dependability and safety. SIGOPS OS Rev. 41(3), 341–354 (2007)CrossRefGoogle Scholar
  8. 8.
    Kiniry, J.R.: Exceptions in Java and Eiffel: two extremes in exception design and application. In: Dony, C., Knudsen, J.L., Romanovsky, A., Tripathi, A. (eds.) Advanced Topics in Exception Handling Techniques. LNCS, vol. 4119, pp. 288–300. Springer, Heidelberg (2006).  https://doi.org/10.1007/11818502_16CrossRefGoogle Scholar
  9. 9.
    Leijen, D.: Koka: programming with row polymorphic effect types. In: Mathematically Structured Functional Programming 2014. EPTCS, March 2014MathSciNetCrossRefGoogle Scholar
  10. 10.
    Lucassen, J.M., Gifford, D.K.: Polymorphic effect systems. In: POPL, POPL 1988, USA, pp. 47–57 (1988)Google Scholar
  11. 11.
    Maass, M.: A theory and tools for applying sandboxes effectively. Ph.D. thesis, Carnegie Mellon University (2016)Google Scholar
  12. 12.
    Madhavapeddy, A., et al.: Unikernels: library operating systems for the cloud. SIGPLAN Not. 48(4), 461–472 (2013)CrossRefGoogle Scholar
  13. 13.
    Maffeis, S., Mitchell, J.C., Taly, A.: Object capabilities and isolation of untrusted web applications. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP 2010, pp. 125–140. IEEE Computer Society (2010)Google Scholar
  14. 14.
    Melicher, D., Shi, Y., Potanin, A., Aldrich, J.: A capability-based module system. In: 31st European Conference on Object-Oriented Programming (ECOOP 2017), pp 20:1–20:27 (2017). Article No. 20Google Scholar
  15. 15.
    Melicher, D., Shi, Y., Zhao, V., Potanin, A., Aldrich, J.: Using object capabilities and effects to build an authority-safe module system: poster. In: Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018, Raleigh, North Carolina, USA, 10–11 April 2018Google Scholar
  16. 16.
    Miller, M., Yee, K.P., Shapiro, J.: Capability myths demolished. Technical report SRL2003-02, Systems Research Laboratory, Johns Hopkins University (2003)Google Scholar
  17. 17.
    Miller, M.S.: Robust composition: towards a unified approach to access control and concurrency control. Ph.D. thesis, Johns Hopkins University (2006)Google Scholar
  18. 18.
    Nielson, F., Nielson, H.R.: Type and effect systems. In: Olderog, E.-R., Steffen, B. (eds.) Correct System Design. LNCS, vol. 1710, pp. 114–136. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48092-7_6CrossRefGoogle Scholar
  19. 19.
    Rytz, L., Odersky, M., Haller, P.: Lightweight polymorphic effects. In: Noble, J. (ed.) ECOOP 2012. LNCS, vol. 7313, pp. 258–282. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-31057-7_13CrossRefGoogle Scholar
  20. 20.
    Talpin, J.P., Jouvelot, P.: The type and effect discipline. Inf. Comput. 111(2), 245–296 (1994)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Tang, Y.M.: Control-flow analysis by effect systems and abstract interpretation. Ph.D. thesis, Ecole des Mines de Paris (1994)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.School of Engineering and Computer ScienceVictoria University of WellingtonWellingtonNew Zealand
  2. 2.School of Computer ScienceCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations