[e-lang] Joe-E paper available

Mark Miller erights at gmail.com
Tue Jan 12 16:40:58 PST 2010 

I just wanted to let you and everyone know that this is an *awesome* paper.
Besides explaining Joe-E itself, it is perhaps the clearest and most
powerful statement to date of the benefits provided by object-capability
languages. I will be recommending this paper widely.


On Sat, Jan 9, 2010 at 12:54 AM, David Wagner <daw at cs.berkeley.edu> wrote:

> I wanted to let you all know about a new paper on Joe-E, from Adrian
> Mettler, Tyler Close, and I.  The paper describes the Joe-E language,
> how it was designed to facilitate secure programming, and the ways in
> which Joe-E has supported the security goals of the Waterken server.
> See below for the URL.
>
> We've benefitted from contributions and insights from many folks on this
> mailing list; thank you, everyone, and happy reading!
>
>
> Adrian Mettler, David Wagner, and Tyler Close. "Joe-E: A
> Security-Oriented Subset of Java".  To appear at ISOC NDSS 2010.
> http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf<http://www.cs.berkeley.edu/%7Edaw/papers/joe-e-ndss10.pdf>
>
> Abstract:
> We present Joe-E, a language designed to support the development
> of secure software systems.  Joe-E is a subset of Java that makes
> it easier to architect and implement programs with strong security
> properties that can be checked during a security review.  It enables
> programmers to apply the principle of least privilege to their programs;
> implement application-specific reference monitors that cannot be bypassed;
> introduce and use domain-specific security abstractions; safely execute
> and interact with untrusted code; and build secure, extensible systems.
> Joe-E demonstrates how it is possible to achieve the strong security
> properties of an object-capability language while retaining the features
> and feel of a mainstream object-oriented language.  Additionally,
> we present ways in which Java's static type safety complements
> object-capability analysis and permits additional security properties
> to be verified statically, compared with previous object-capability
> languages which rely on runtime checks.  In this paper, we describe the
> design and implementation of Joe-E and its advantages for security and
> auditability over standard Java.  We demonstrate how Joe-E can be used to
> develop systems with novel security properties that would be difficult
> or impossible to ensure otherwise, including a web application platform
> that provides transparent, transactional object persistence and can
> safely host multiple mutually-distrustful applications in a single JVM.
>
> _______________________________________________
> e-lang mailing list
> e-lang at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang
>



-- 
Text by me above is hereby placed in the public domain

   Cheers,
   --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/e-lang/attachments/20100112/d0d8b0bf/attachment.html

More information about the e-lang mailing list