[cap-talk] Announcing "Analysing Object-Capability Security" Paper and Authodox v. 0.2.0

[Toby Murray]

On Thu, 2008-05-29 at 23:09 +0100, lists at notatla.org.uk wrote:
> Toby Murray <toby.murray at comlab.ox.ac.uk> wrote:
> 
> > [The OCap model is totally Mark Miller's creation, btw. Hopefully he'll
> > chime in if I've messed up any of the above.]
> 
> So that only dates from ~2006 and is totally different from the work
> in KeyKOS etc?
>  

The OCap model dates from as early as 2003, if not before. It was first
described properly in "Paradigm Regained: Abstraction Mechanisms for
Access Control", although the term may be older than that.

The object-capability model is certainly relevant to the KeyKOS work.
The OCap model is a model that tries to encompass the semantics of a
range of different capability systems including OSs like KeyKOS and
languages like E. The vast similarities between these two kinds of
systems are precisely those things the model expresses.

One can approximate the semantics of KeyKOS within the general OCap
model.
 
> > Possibly. I was purposely trying to leave it ambiguous as to who might
> > be creating these abstractions.
> 
> > While the text tends to suggest that Alice would create these
> > abstractions since they serve her interest, this need not necessarily be
> > the case. Alice and Bob might have signed a contract that governs the
> > terms of their collaboration.
> 
> I don't think it does really - that was me reading into it background
> info from this list.

That's good to know. It's always difficult trying to guess how others
will interpret what you've written. Thanks again for the feedback.