http://50.77.162.165/mediawiki/index.php?feed=atom&target=Markm&title=Special%3AContributionsErights - User contributions [en]2026-04-19T14:35:53ZFrom ErightsMediaWiki 1.15.5-7http://50.77.162.165/wiki/DocumentationDocumentation2022-11-29T14:23:47Z<p>Markm: Added "Necessity" paper</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[https://github.com/erights/uploaded-papers/raw/master/ocap-virtual-env.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
[https://dl.acm.org/doi/10.1145/3563317 Necessity specifications for robustness] by Julian Mackay, Susan Eisenbach, James Noble, Sophia Drossopoulou<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
[https://www.youtube.com/watch?v=KoM_aCuFk1w&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Immunity from Viruses, Safety from Geeks Bearing Gifts] by Mark S. Miller, 2002, invited talk at Naval Postgraduate School, Monterey CA. CapDesk and DarpaBrowser are secure UIs with the same designation-as-authorization logic as ocap languages and OSes.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://www.doc.ic.ac.uk/~scd/Holistic_Specs.WG2.3.pdf Holistic Specifications of Robust Programs] slides for talk by Sophia Drossopoulou IFIP WG 2.3 May 2018, on joint work with James Noble, Toby Murray, and Mark S. Miller.<br />
<br />
[https://www.youtube.com/watch?v=lxf7HTxWluc&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=25 Towards Reasoning About Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble, Google March 2016, on joint work with Toby Murray, and Mark S. Miller ([https://ai.google/research/pubs/pub44272 paper])<br />
<br />
[https://slideslive.com/38908776/security-with-scala-refined-types-and-object-capabilities?subdomain=false Security with Scala: Refined Types and Object Capabilities] - talk by Will Sargent at Scala Days 2018.<br />
<br />
[https://www.youtube.com/playlist?list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Stopping Exfiltration] - talk by Mark S. Miller at friam, redo from talk at tc39 May 2018.<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[http://wiki.erights.org/mediawiki/index.php?title=Special:UserLogin&returnto=Documentation Towards Reasoning about Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble given at Google 2016, on joint work with Toby Murray and Mark S. Miller.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[https://www.youtube.com/watch?v=WG0JuONIE-c&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=24&t=0s Two Phase Commit Among Strangers] - talk by Mark S. Miller at JSTools (year?). ([https://github.com/erights/slides/raw/master/2phase-commit-among-strangers.pdf slides])<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2020-11-02T23:46:59Z<p>Markm: /* User Interface */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[https://github.com/erights/uploaded-papers/raw/master/ocap-virtual-env.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
[https://www.youtube.com/watch?v=KoM_aCuFk1w&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Immunity from Viruses, Safety from Geeks Bearing Gifts] by Mark S. Miller, 2002, invited talk at Naval Postgraduate School, Monterey CA. CapDesk and DarpaBrowser are secure UIs with the same designation-as-authorization logic as ocap languages and OSes.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://www.doc.ic.ac.uk/~scd/Holistic_Specs.WG2.3.pdf Holistic Specifications of Robust Programs] slides for talk by Sophia Drossopoulou IFIP WG 2.3 May 2018, on joint work with James Noble, Toby Murray, and Mark S. Miller.<br />
<br />
[https://www.youtube.com/watch?v=lxf7HTxWluc&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=25 Towards Reasoning About Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble, Google March 2016, on joint work with Toby Murray, and Mark S. Miller ([https://ai.google/research/pubs/pub44272 paper])<br />
<br />
[https://slideslive.com/38908776/security-with-scala-refined-types-and-object-capabilities?subdomain=false Security with Scala: Refined Types and Object Capabilities] - talk by Will Sargent at Scala Days 2018.<br />
<br />
[https://www.youtube.com/playlist?list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Stopping Exfiltration] - talk by Mark S. Miller at friam, redo from talk at tc39 May 2018.<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[http://wiki.erights.org/mediawiki/index.php?title=Special:UserLogin&returnto=Documentation Towards Reasoning about Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble given at Google 2016, on joint work with Toby Murray and Mark S. Miller.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[https://www.youtube.com/watch?v=WG0JuONIE-c&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=24&t=0s Two Phase Commit Among Strangers] - talk by Mark S. Miller at JSTools (year?). ([https://github.com/erights/slides/raw/master/2phase-commit-among-strangers.pdf slides])<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2020-11-02T23:43:09Z<p>Markm: /* User Interface */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[https://github.com/erights/uploaded-papers/raw/master/ocap-virtual-env.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
[https://www.youtube.com/watch?v=KoM_aCuFk1w&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Immunity from Viruses, Safety from Geeks Bearing Gifts] by Mark S. Miller, 2002, invited talk at Naval Postgraduate School, Monterey CA. I demonstrate CapDesk and the DarpaBrowser, explaining how these user interfaces follow the same designation-as-authorization logic as ocap languages and OSes.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://www.doc.ic.ac.uk/~scd/Holistic_Specs.WG2.3.pdf Holistic Specifications of Robust Programs] slides for talk by Sophia Drossopoulou IFIP WG 2.3 May 2018, on joint work with James Noble, Toby Murray, and Mark S. Miller.<br />
<br />
[https://www.youtube.com/watch?v=lxf7HTxWluc&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=25 Towards Reasoning About Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble, Google March 2016, on joint work with Toby Murray, and Mark S. Miller ([https://ai.google/research/pubs/pub44272 paper])<br />
<br />
[https://slideslive.com/38908776/security-with-scala-refined-types-and-object-capabilities?subdomain=false Security with Scala: Refined Types and Object Capabilities] - talk by Will Sargent at Scala Days 2018.<br />
<br />
[https://www.youtube.com/playlist?list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Stopping Exfiltration] - talk by Mark S. Miller at friam, redo from talk at tc39 May 2018.<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[http://wiki.erights.org/mediawiki/index.php?title=Special:UserLogin&returnto=Documentation Towards Reasoning about Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble given at Google 2016, on joint work with Toby Murray and Mark S. Miller.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[https://www.youtube.com/watch?v=WG0JuONIE-c&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=24&t=0s Two Phase Commit Among Strangers] - talk by Mark S. Miller at JSTools (year?). ([https://github.com/erights/slides/raw/master/2phase-commit-among-strangers.pdf slides])<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2018-10-15T03:50:12Z<p>Markm: /* Books and Theses */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[https://github.com/erights/uploaded-papers/raw/master/ocap-virtual-env.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://www.doc.ic.ac.uk/~scd/Holistic_Specs.WG2.3.pdf Holistic Specifications of Robust Programs] slides for talk by Sophia Drossopoulou IFIP WG 2.3 May 2018, on joint work with James Noble, Toby Murray, and Mark S. Miller.<br />
<br />
[https://www.youtube.com/watch?v=lxf7HTxWluc&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=25 Towards Reasoning About Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble, Google March 2016, on joint work with Toby Murray, and Mark S. Miller ([https://ai.google/research/pubs/pub44272 paper])<br />
<br />
[https://slideslive.com/38908776/security-with-scala-refined-types-and-object-capabilities?subdomain=false Security with Scala: Refined Types and Object Capabilities] - talk by Will Sargent at Scala Days 2018.<br />
<br />
[https://www.youtube.com/playlist?list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Stopping Exfiltration] - talk by Mark S. Miller at friam, redo from talk at tc39 May 2018.<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[http://wiki.erights.org/mediawiki/index.php?title=Special:UserLogin&returnto=Documentation Towards Reasoning about Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble given at Google 2016, on joint work with Toby Murray and Mark S. Miller.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[https://www.youtube.com/watch?v=WG0JuONIE-c&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=24&t=0s Two Phase Commit Among Strangers] - talk by Mark S. Miller at JSTools (year?). ([https://github.com/erights/slides/raw/master/2phase-commit-among-strangers.pdf slides])<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2018-10-01T15:13:21Z<p>Markm: /* Talks and Presentations */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://www.doc.ic.ac.uk/~scd/Holistic_Specs.WG2.3.pdf Holistic Specifications of Robust Programs] slides for talk by Sophia Drossopoulou IFIP WG 2.3 May 2018, on joint work with James Noble, Toby Murray, and Mark S. Miller.<br />
<br />
[https://www.youtube.com/watch?v=lxf7HTxWluc&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=25 Towards Reasoning About Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble, Google March 2016, on joint work with Toby Murray, and Mark S. Miller ([https://ai.google/research/pubs/pub44272 paper])<br />
<br />
[https://slideslive.com/38908776/security-with-scala-refined-types-and-object-capabilities?subdomain=false Security with Scala: Refined Types and Object Capabilities] - talk by Will Sargent at Scala Days 2018.<br />
<br />
[https://www.youtube.com/playlist?list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Stopping Exfiltration] - talk by Mark S. Miller at friam, redo from talk at tc39 May 2018.<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[http://wiki.erights.org/mediawiki/index.php?title=Special:UserLogin&returnto=Documentation Towards Reasoning about Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble given at Google 2016, on joint work with Toby Murray and Mark S. Miller.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[https://www.youtube.com/watch?v=WG0JuONIE-c&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=24&t=0s Two Phase Commit Among Strangers] - talk by Mark S. Miller at JSTools (year?). ([https://github.com/erights/slides/raw/master/2phase-commit-among-strangers.pdf slides])<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2018-10-01T15:12:54Z<p>Markm: /* Talks and Presentations */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://www.doc.ic.ac.uk/~scd/Holistic_Specs.WG2.3.pdf Holistic Specifications of Robust Programs] slides for talk by Sophia Drossopoulou IFIP WG 2.3 May 2018, on joint work with James Noble, Toby Murray, and Mark S. Miller.<br />
<br />
[https://www.youtube.com/watch?v=lxf7HTxWluc&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=25 Reasoning About Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble, Google March 2016, on joint work with Toby Murray, and Mark S. Miller ([https://ai.google/research/pubs/pub44272 paper])<br />
<br />
[https://slideslive.com/38908776/security-with-scala-refined-types-and-object-capabilities?subdomain=false Security with Scala: Refined Types and Object Capabilities] - talk by Will Sargent at Scala Days 2018.<br />
<br />
[https://www.youtube.com/playlist?list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Stopping Exfiltration] - talk by Mark S. Miller at friam, redo from talk at tc39 May 2018.<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[http://wiki.erights.org/mediawiki/index.php?title=Special:UserLogin&returnto=Documentation Towards Reasoning about Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble given at Google 2016, on joint work with Toby Murray and Mark S. Miller.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[https://www.youtube.com/watch?v=WG0JuONIE-c&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=24&t=0s Two Phase Commit Among Strangers] - talk by Mark S. Miller at JSTools (year?). ([https://github.com/erights/slides/raw/master/2phase-commit-among-strangers.pdf slides])<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2018-10-01T15:08:21Z<p>Markm: /* Talks and Presentations */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://www.doc.ic.ac.uk/~scd/Holistic_Specs.WG2.3.pdf Holistic Specifications of Robust Programs] slides for talk by Sophia Drossopoulou IFIP WG 2.3 May 2018, on joint work with James Noble, Toby Murray, and Mark S. Miller.<br />
<br />
[https://www.youtube.com/watch?v=lxf7HTxWluc&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=25 Reasoning About Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble, Google March 2016, on joint work with Toby Murray, and Mark S. Miller<br />
<br />
[https://slideslive.com/38908776/security-with-scala-refined-types-and-object-capabilities?subdomain=false Security with Scala: Refined Types and Object Capabilities] - talk by Will Sargent at Scala Days 2018.<br />
<br />
[https://www.youtube.com/playlist?list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Stopping Exfiltration] - talk by Mark S. Miller at friam, redo from talk at tc39 May 2018.<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[http://wiki.erights.org/mediawiki/index.php?title=Special:UserLogin&returnto=Documentation Towards Reasoning about Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble given at Google 2016, on joint work with Toby Murray and Mark S. Miller.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[https://www.youtube.com/watch?v=WG0JuONIE-c&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=24&t=0s Two Phase Commit Among Strangers] - talk by Mark S. Miller at JSTools (year?). ([https://github.com/erights/slides/raw/master/2phase-commit-among-strangers.pdf slides])<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2018-09-30T18:10:40Z<p>Markm: /* Talks and Presentations */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://www.doc.ic.ac.uk/~scd/Holistic_Specs.WG2.3.pdf Holistic Specifications of Robust Programs] slides for talk by Sophia Drossopoulou IFIP WG 2.3 May 2018, on joint work with James Noble, Toby Murray, and Mark S. Miller.<br />
<br />
[https://slideslive.com/38908776/security-with-scala-refined-types-and-object-capabilities?subdomain=false Security with Scala: Refined Types and Object Capabilities] - talk by Will Sargent at Scala Days 2018.<br />
<br />
[https://www.youtube.com/playlist?list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Stopping Exfiltration] - talk by Mark S. Miller at friam, redo from talk at tc39 May 2018.<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[http://wiki.erights.org/mediawiki/index.php?title=Special:UserLogin&returnto=Documentation Towards Reasoning about Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble given at Google 2016, on joint work with Toby Murray and Mark S. Miller.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[https://www.youtube.com/watch?v=WG0JuONIE-c&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=24&t=0s Two Phase Commit Among Strangers] - talk by Mark S. Miller at JSTools (year?). ([https://github.com/erights/slides/raw/master/2phase-commit-among-strangers.pdf slides])<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2018-08-20T00:01:13Z<p>Markm: /* Talks and Presentations */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://www.doc.ic.ac.uk/~scd/Holistic_Specs.WG2.3.pdf Holistic Specifications of Robust Programs] slides for talk by Sophia Drossopoulou IFIP WG 2.3 May 2018, on joint work with James Noble, Toby Murray, and Mark S. Miller.<br />
<br />
[https://slideslive.com/38908776/security-with-scala-refined-types-and-object-capabilities?subdomain=false Security with Scala: Refined Types and Object Capabilities] - talk by Will Sargent at Scala Days 2018.<br />
<br />
[https://www.youtube.com/playlist?list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Stopping Exfiltration] - talk by Mark S. Miller at friam, redo from talk at tc39 May 2018.<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[http://wiki.erights.org/mediawiki/index.php?title=Special:UserLogin&returnto=Documentation Towards Reasoning about Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble given at Google 2016, on joint work with Toby Murray and Mark S. Miller.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2018-08-19T23:23:55Z<p>Markm: /* Talks and Presentations */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://slideslive.com/38908776/security-with-scala-refined-types-and-object-capabilities?subdomain=false Security with Scala: Refined Types and Object Capabilities] - talk by Will Sargent at Scala Days 2018.<br />
<br />
[https://www.youtube.com/playlist?list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Stopping Exfiltration] - talk by Mark S. Miller at friam, redo from talk at tc39 May 2018.<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[http://wiki.erights.org/mediawiki/index.php?title=Special:UserLogin&returnto=Documentation Towards Reasoning about Risk and Trust in an Open World] talk by Sophia Drossopoulou and James Noble given at Google 2016, on joint work with Toby Murray and Mark S. Miller.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2018-07-14T23:47:22Z<p>Markm: /* Talks and Presentations */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://slideslive.com/38908776/security-with-scala-refined-types-and-object-capabilities?subdomain=false Security with Scala: Refined Types and Object Capabilities] - talk by Will Sargent at Scala Days 2018.<br />
<br />
[https://www.youtube.com/playlist?list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Stopping Exfiltration] - talk by Mark S. Miller at friam, redo from talk at tc39 May 2018.<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2018-06-13T00:44:31Z<p>Markm: /* Talks and Presentations */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://www.youtube.com/playlist?list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Stopping Exfiltration] - talk by Mark S. Miller at friam, redo from talk at tc39 May 2018.<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2018-05-18T20:45:05Z<p>Markm: /* Talks and Presentations */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[https://www.youtube.com/watch?v=Gpm6yVCrh0s&index=11&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5] by Mark Miller ([https://raw.githubusercontent.com/erights/slides/master/remaining-hazards.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/DocumentationDocumentation2018-05-08T18:17:32Z<p>Markm: /* Talks and Presentations */</p>
<hr />
<div>== Tutorials and References==<br />
<br />
[http://habitatchronicles.com/2017/05/what-are-capabilities/ What are Capabilities] by Chip Morningstar<br />
<br />
[http://www.erights.org/elang/intro/index.html Tutorials] — several short tutorials showing how to use '''''E'''''.<br />
<br />
[[:Category:Reference material]] — reference material on this wiki.<br />
<br />
[http://www.erights.org/elang/quick-ref.html Quick Reference Card] — Reminders of some useful patterns.<br />
<br />
[http://www.erights.org/elang/grammar/index.html Language Reference]<br />
<br />
[[FAQ]]<br />
<br />
<br />
== Books and Theses ==<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[http://www.erights.org/talks/thesis/index.html Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control] by Mark S. Miller. Explains the rationale, philosophy, and goals of '''''E''''' and related systems.<br />
<br />
[http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.pdf Language and Framework Support for Reviewably-Secure Software Systems] by Adrian Mettler.<br />
<br />
[http://soft.vub.ac.be/~tvcutsem/publications/assets/phd_tom_van_cutsem.pdf Ambient References: Object Designation in Mobile Ad Hoc Networks] by Tom Van Cutsem.<br />
<br />
[http://tel.archives-ouvertes.fr/docs/00/80/84/19/PDF/main.pdf Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages] by Arnaud Jean-Baptiste<br />
<br />
[http://people.cs.umass.edu/~arjun/papers/guha-dissertation2012.pdf Semantics and Types for Safe Web Programming] by Arjun Guha<br />
<br />
[http://mscheffler.files.wordpress.com/2008/07/diploma_mscheffler.pdf Object-Capability Security in Virtual Environments] by Martin Scheffler<br />
<br />
[[Image:EWalnut-small.gif]]<br />
[[Walnut|'''''E''''' in a Walnut]] by Marc Stiegler - This is a basic tutorial on the '''''E''''' language covering basic, distributed, and secure distributed programming.<br />
<br />
[[Safe Serialization Under Mutual Suspicion]] (Wiki conversion in progress)<br />
<br />
<br />
== Papers ==<br />
<br />
<br />
=== Smart Contracting ===<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote, by Miller, Tom Van Cutsem, and Bill Tulloh.<br />
<br />
[http://www.erights.org/elib/capability/ode/index.html Capability-based Financial Instruments] "An Ode to the [[wikipedia:Mark Granovetter|Granovetter]] Diagram" - diagramming communication relationships.<br />
<br />
[http://waterken.sourceforge.net/web-key/ Mashing with Permission] by Tyler Close.<br />
<br />
[http://www.erights.org/talks/pisa/paper/ The Digital Path] by Mark Miller and Marc Stiegler.<br />
<br />
<br />
<br />
=== Formal Methods ===<br />
<br />
[https://people.mpi-sws.org/~dreyer/papers/ocpl/paper.pdf Robust and Compositional Verification of Object Capability Patterns] by David Swasey, Deepak Garg, Derek Dreyer<br />
<br />
[https://research.google.com/pubs/pub45570.html Permission and Authority Revisited: towards a formalization] by Sophia Drossopoulou, James Noble, Mark S. Miller, Toby Murray<br />
<br />
[https://research.google.com/pubs/pub44272.html Reasoning about Risk and Trust in an Open World] by Sophia Drossopoulou, James Noble, Toby Murray, Mark S. Miller<br />
<br />
[http://web.comlab.ox.ac.uk/publications/publication3612-abstract.html Analysing the Security Properties of Object-Capability Patterns] by Toby Murray.<br />
<br />
[http://theory.stanford.edu/~ataly/Papers/sp11.pdf Automated Analysis of Security-critical JavaScript APIs] by Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, and Jasvir Nagra<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/AALPE.pdf Authority Analysis for Least Privilege Environments] by Toby Murray and Gavin Lowe.<br />
<br />
[http://www.evoluware.eu/fsp_thesis.pdf Patterns of Safe Collaboration] by Fred Spiessens.<br />
<br />
[https://www.researchgate.net/publication/277889299_Dynamic_Detection_of_Object_Capability_Violations_Through_Model_Checking Dynamic Detection of Object Capability Violations Through Model Checking] by Dustin Rhodes, Tim Disney, Cormac Flanagan<br />
<br />
<br />
=== Access Control ===<br />
<br />
[http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf Capability Myths Demolished] by Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. What you may have learned in CS class is wrong.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-20.html ACLs don't] by Tyler Close.<br />
<br />
[http://eprint.iacr.org/2012/524.pdf Tahoe – The Least-Authority Filesystem] by Zooko Wilcox-O'Hearn and Brian Warner.<br />
<br />
[http://drops.dagstuhl.de/opus/volltexte/2017/7270/ A Capability-Based Module System for Authority Control] by Melicher, Darya ; Shi, Yangqingwei ; Potanin, Alex ; Aldrich, Jonathan<br />
<br />
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4327&rep=rep1&type=pdf Taming of Pict] by Matej Košík. See also [http://www2.fiit.stuba.sk/~kosik/doc/tamed-pict--standard-library.pdf Standard Library of Tamed Pict Programming Language].<br />
<br />
[http://web.comlab.ox.ac.uk/oucl/work/toby.murray/papers/NDA.pdf Non-delegatable authorities in capability systems] by Toby Murray and Gavin Lowe. ([http://portal.acm.org/citation.cfm?id=1460561&dl=ACM&coll=GUIDE&CFID=16630833&CFTOKEN=92363674# ACM link])<br />
<br />
[http://www.linuxjournal.com/article/10199 MinorFs] by Rob Meijer. The MinorFs user-space filesystems works with AppArmor to provide a flexible form of discretionary access control.<br />
<br />
[http://www.links.org/files/capabilities.pdf Access Control] by Ben Laurie.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/pure-ccs08.pdf Verifiable Functional Purity in Java] by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/joe-e-ndss10.pdf Joe-E: A Security-Oriented Subset of Java] by Adrian Mettler, David Wagner, and Tyler Close.<br />
<br />
[http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf Fine-Grained Privilege Separation for Web Applications] by Akshay Krishnamurthy, Adrian Mettler, and David Wagner.<br />
<br />
[http://www.cs.berkeley.edu/~amettler/joeetypes-plas10.pdf Class Properties for Security Review in an Object-Capability Subset of Java] (Short Paper) by Adrian Mettler and David Wagner.<br />
<br />
[https://www.researchgate.net/publication/309293105_LaCasa_Lightweight_Affinity_and_Object_Capabilities_in_Scala LaCasa: Lightweight Affinity and Object Capabilities in Scala] by Philipp Haller and Alex Loiko<br />
<br />
[https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/key-exchange-as-capability-system.md Secret Handshake : Key Exchange as a Capability System] by Dominic Tarr<br />
<br />
<br />
=== Concurrency Control ===<br />
<br />
[http://www.erights.org/talks/promises/paper/tgc05.pdf Concurrency Among Strangers: Programming in '''''E''''' as Plan Coordination] - by Mark S. Miller, E. Dean Tribble, Jonathan Shapiro. Explains '''''E''''''s concurrency control & distributed computing model.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-78.html Causeway: A message-oriented distributed debugger] by Terry Stanley, Tyler Close, and Mark S. Miller.<br />
<br />
<br />
<br />
=== User Interface ===<br />
<br />
[http://people.ischool.berkeley.edu/~ping/sid/ User Interaction Design for Secure Systems] by Ka-Ping Yee.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-169.html Rich Sharing for the Web] by Marc Stiegler. What properties must computer-based human-to-human sharing mechanisms need to support, so that people don't just send email attachments instead?<br />
<br />
[http://www.hpl.hp.com/techreports/2011/HPL-2011-96.html Are you sure? Yes. Oops!] by Marc Stiegler and Alan Karp. Even a yes-no approval choice can be less hazardous.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html Making Policy Decisions Disappear into the User's Workflow] by Alan Karp, Marc Stiegler. Structure user interactions so useful actions also express the access they would seem to.<br />
<br />
[http://www.hpl.hp.com/techreports/2009/HPL-2009-53.html Not One Click for Security] by Alan Karp, Marc Stiegler, and Tyler Close. Describes how the ScoopFS (secure cooperative file sharing) UI design avoids ever presenting the user any interaction whose only purpose is security.<br />
<br />
[http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Polaris: Virus Safe Computing for Windows XP] by Marc Stiegler, Alan Karp, Ka-Ping Yee, Mark Miller. Abusing the access control of legacy ACL OSes to implement less authority.<br />
<br />
[https://sites.google.com/site/belayresearchproject/ Belay Research] by Mark Lentczner. Secure ui principles for apps within the browser.<br />
<br />
== Talks and Presentations ==<br />
<br />
[https://www.youtube.com/watch?v=wQHjITxQX0g&t=4s Verify What? Navigating the Attack Surface] - talk by Mark S. Miller at workshop Formal Methods meets JavaScript (Imperial College March 2018)<br />
<br />
[https://www.youtube.com/watch?v=9WdbTucMaRo Extremely Modular Distributed JavaScript] - vision talk by Mark S. Miller at July 2017 TC39 (EcmaScript committee) meeting.<br />
<br />
[http://isr.uci.edu/content/mark-s-miller The Elements of Decision Alignment: Large programs as complex organizations] - talk by Mark S. Miller at UCI in 2017.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMeFRjenpFb0dYNnM/view?usp=sharing Frozen Realms: Draft standard support for safer JavaScript plugins] - talk by Mark S. Miller at the IWACO workshop of ECOOP 2016.<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing Computer Security as the Future of Law] - talk by Mark S. Miller at the 1997 Extro 3 Conference.<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark S. Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.youtube.com/watch?v=eL5o4PFuxTY The Lazy Programmer's Guide to Secure Computing] by Marc Stiegler<br />
<br />
Part 1: [http://www.youtube.com/watch?v=w9hHHvhZ_HY Secure Distributed Programming with Object-capabilities in JavaScript] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf slides])<br />
<br />
Part 2: [http://www.youtube.com/watch?v=oBqeDYETXME Bringing Object-orientation to Security Programming] by Mark S. Miller ([http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf slides])<br />
<br />
[http://www.youtube.com/watch?v=EGX2I31OhBE Object-Capabilities for Security] by David Wagner<br />
([http://www.cs.berkeley.edu/~daw/talks/TRUST07.pdf slides from an earlier version of this talk])<br />
<br />
[http://www.youtube.com/watch?v=8aedCggam4s Core Patterns for Web Permissions] by Tyler Close<br />
<br />
Object Capabilities and Isolation of Untrusted Web Applications ([http://www.youtube.com/watch?v=WBIVqOu5Atg Part 1]) ([http://www.youtube.com/watch?v=P8vy_Oxq-hI Part 2]) ([http://www.youtube.com/watch?v=-1D3AIlAe2o Part 3]) by Sergio Maffeis<br />
<br />
[http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid Secure Collaboration - How Web Applications can Share and Still Be Paranoid] by Mike Samuel<br />
<br />
[http://youtube.com/watch?v=apVt7vhBqj0 Google TechTalk: Caja] by Mike Samuel<br />
<br />
[http://www.youtube.com/watch?v=gGw09RZjQf8 The Lively Kernel] by Dan Ingalls<br />
<br />
[http://www.youtube.com/watch?v=V13wmj88Zx8 Gears and the Mashup Problem] by Douglas Crockford<br />
<br />
[http://www.youtube.com/watch?v=vrbmMPlCp3U Desktops to Donuts: Object-Caps Across Scales] by Marc Stiegler<br />
<br />
[http://www.youtube.com/watch?v=UH66YrzT-_M The Virus Safe Computing Initiative at HP Labs] by Alan Karp<br />
<br />
== Important emails ==<br />
<br />
[http://wiki.erights.org/wiki/OnTheSpreadOfTheCapabilityApproach On the Spread of the Capability Approach] by Bill Tulloh<br />
<br />
<br />
== Other collections ==<br />
<br />
[https://github.com/dckc/awesome-ocap Awesome Object Capabilities and Capability-based Security] by Dan Connolly<br />
<br />
[https://github.com/GravityNetwork/Gravity/wiki/Reading-List Gravity Reading List]</div>Markmhttp://50.77.162.165/wiki/Erights:Community_PortalErights:Community Portal2018-04-21T16:44:38Z<p>Markm: </p>
<hr />
<div>[https://groups.google.com/forum/#!forum/e-lang/ e-lang mailing list] - discussion of {{E}} and other capability languages. [https://marc.info/?l=e-lang historical]<br />
<br />
[https://groups.google.com/forum/#!forum/cap-talk/ cap-talk mailing list] - discussion of general issues regarding capability security. [https://marc.info/?l=cap-talk historical]<br />
<br />
[https://groups.google.com/forum/#!forum/friam/ friam mailing list] - coordinates the week capability meetings<br />
<br />
[[Whiteboards]] - Discussion of ideas and other works in progress.</div>Markmhttp://50.77.162.165/wiki/Main_PageMain Page2018-04-21T16:42:42Z<p>Markm: /* Community */</p>
<hr />
<div><big>'''Welcome to the ERights.org wiki.'''</big><br />
<br />
{{E}} is an [[wikipedia:Object-capability model|object-capability]] programming language and platform for writing [[wikipedia:Distributed computing|distributed]], secure, and robust software. This wiki is about E and the larger subject of [[wikipedia:Capability-based security|capability-based security]].<br />
<br />
== [[Getting Started]] ==<br />
<br />
[[Getting Started]] - Tips for {{E}} newbies<br />
<br />
== What's New? ==<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing "Computer Security as the Future of Law"] - talk by Mark Miller at the 1997 Extro 3 Conference.<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.erights.org/talks/index.html#google-abac Google Techtalk series on ABAC] - Authorization Based Access Control.<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote.<br />
<br />
[[Future research topics]]<br />
<br />
== [[Documentation]] ==<br />
<br />
* [[Documentation#Books|Books]]<br />
** [[Walnut|{{E}} in a Walnut]]<br />
* [[Documentation#Tutorials|Tutorials]]<br />
* [[FAQ]]<br />
* [[Documentation#Papers|Papers]]<br />
* [[Documentation#Talks and Presentations|Talks and Presentations]]<br />
<br />
== [[Downloads]] ==<br />
<br />
* [[Downloads#Releases|Releases]] - ready-to-install versions of {{E}}.<br />
<br />
==[[:Category:Applications|Applications]]==<br />
<br />
== [[Erights:Community Portal|Community]] ==<br />
<br />
[https://groups.google.com/forum/#!forum/e-lang/ e-lang mailing list] - discussion of {{E}} and other capability languages. [https://marc.info/?l=e-lang historical]<br />
<br />
[https://groups.google.com/forum/#!forum/cap-talk/ cap-talk mailing list] - discussion of general issues regarding capability security. [https://marc.info/?l=cap-talk historical]<br />
<br />
[https://groups.google.com/forum/#!forum/friam/ friam mailing list] - coordinates the week capability meetings<br />
<br />
[[Whiteboards]] - Discussion of ideas and other works in progress.<br />
<br />
==[[Development]]==<br />
* [[Downloads#Subversion|Subversion Repository]] — development branch<br />
* [[:Category:Unresolved design issues|Unresolved design issues]] — things that need thinking about<br />
<br />
== Related Sites ==<br />
<br />
* [http://www.erights.org Main Erights.org site]<br />
* [[wikipedia:E_(programming_language)|{{E}} on Wikipedia]]<br />
* [http://rosettacode.org/wiki/Category:E {{E}} on Rosetta Code]<br />
* [[Object-capability languages]]<br />
* [[Object-capability systems]]<br />
* [[Related Sites|...more...]]</div>Markmhttp://50.77.162.165/wiki/Main_PageMain Page2018-04-21T16:40:54Z<p>Markm: /* Community */</p>
<hr />
<div><big>'''Welcome to the ERights.org wiki.'''</big><br />
<br />
{{E}} is an [[wikipedia:Object-capability model|object-capability]] programming language and platform for writing [[wikipedia:Distributed computing|distributed]], secure, and robust software. This wiki is about E and the larger subject of [[wikipedia:Capability-based security|capability-based security]].<br />
<br />
== [[Getting Started]] ==<br />
<br />
[[Getting Started]] - Tips for {{E}} newbies<br />
<br />
== What's New? ==<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing "Computer Security as the Future of Law"] - talk by Mark Miller at the 1997 Extro 3 Conference.<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.erights.org/talks/index.html#google-abac Google Techtalk series on ABAC] - Authorization Based Access Control.<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote.<br />
<br />
[[Future research topics]]<br />
<br />
== [[Documentation]] ==<br />
<br />
* [[Documentation#Books|Books]]<br />
** [[Walnut|{{E}} in a Walnut]]<br />
* [[Documentation#Tutorials|Tutorials]]<br />
* [[FAQ]]<br />
* [[Documentation#Papers|Papers]]<br />
* [[Documentation#Talks and Presentations|Talks and Presentations]]<br />
<br />
== [[Downloads]] ==<br />
<br />
* [[Downloads#Releases|Releases]] - ready-to-install versions of {{E}}.<br />
<br />
==[[:Category:Applications|Applications]]==<br />
<br />
== [[Erights:Community Portal|Community]] ==<br />
<br />
[https://groups.google.com/forum/#!forum/e-lang/ e-lang mailing list] - discussion of {{E}} and other capability languages. [https://marc.info/?l=e-lang historical]<br />
<br />
[https://groups.google.com/forum/#!forum/cap-talk/ cap-talk mailing list] - discussion of general issues regarding capability security. [https://marc.info/?l=cap-talk historical]<br />
<br />
[https://groups.google.com/forum/#!topic/friam/ friam mailing list] - coordinates the week capability meetings<br />
<br />
[[Whiteboards]] - Discussion of ideas and other works in progress.<br />
<br />
==[[Development]]==<br />
* [[Downloads#Subversion|Subversion Repository]] — development branch<br />
* [[:Category:Unresolved design issues|Unresolved design issues]] — things that need thinking about<br />
<br />
== Related Sites ==<br />
<br />
* [http://www.erights.org Main Erights.org site]<br />
* [[wikipedia:E_(programming_language)|{{E}} on Wikipedia]]<br />
* [http://rosettacode.org/wiki/Category:E {{E}} on Rosetta Code]<br />
* [[Object-capability languages]]<br />
* [[Object-capability systems]]<br />
* [[Related Sites|...more...]]</div>Markmhttp://50.77.162.165/wiki/Main_PageMain Page2018-04-21T16:40:18Z<p>Markm: /* Community */</p>
<hr />
<div><big>'''Welcome to the ERights.org wiki.'''</big><br />
<br />
{{E}} is an [[wikipedia:Object-capability model|object-capability]] programming language and platform for writing [[wikipedia:Distributed computing|distributed]], secure, and robust software. This wiki is about E and the larger subject of [[wikipedia:Capability-based security|capability-based security]].<br />
<br />
== [[Getting Started]] ==<br />
<br />
[[Getting Started]] - Tips for {{E}} newbies<br />
<br />
== What's New? ==<br />
<br />
[https://drive.google.com/file/d/0Bw0VXJKBgYPMS0J2VGIyWWlocms/edit?usp=sharing "Computer Security as the Future of Law"] - talk by Mark Miller at the 1997 Extro 3 Conference.<br />
<br />
[http://www.michaelcovel.com/2014/06/16/ep-248-mark-miller-interview-with-michael-covel-on-trend-following-radio-jun-17-2014/ Interview with Mark Miller] - about Smart Contracts, Prediction, Singularities, and more.<br />
<br />
[http://www.erights.org/talks/index.html#google-abac Google Techtalk series on ABAC] - Authorization Based Access Control.<br />
<br />
[http://research.google.com/pubs/pub40673.html Distributed Electronic Rights in JavaScript] - paper for [http://www.ccs.neu.edu/esop2013/ ESOP'13] Keynote.<br />
<br />
[[Future research topics]]<br />
<br />
== [[Documentation]] ==<br />
<br />
* [[Documentation#Books|Books]]<br />
** [[Walnut|{{E}} in a Walnut]]<br />
* [[Documentation#Tutorials|Tutorials]]<br />
* [[FAQ]]<br />
* [[Documentation#Papers|Papers]]<br />
* [[Documentation#Talks and Presentations|Talks and Presentations]]<br />
<br />
== [[Downloads]] ==<br />
<br />
* [[Downloads#Releases|Releases]] - ready-to-install versions of {{E}}.<br />
<br />
==[[:Category:Applications|Applications]]==<br />
<br />
== [[Erights:Community Portal|Community]] ==<br />
<br />
[https://groups.google.com/forum/#!forum/e-lang/ e-lang mailing list] - discussion of {{E}} and other capability languages. [https://marc.info/?l=e-lang histroical]<br />
<br />
[https://groups.google.com/forum/#!forum/cap-talk/ cap-talk mailing list] - discussion of general issues regarding capability security. [https://marc.info/?l=cap-talk historical]<br />
<br />
[https://groups.google.com/forum/#!topic/friam/ friam mailing list] - coordinates the week capability meetings<br />
<br />
[[Whiteboards]] - Discussion of ideas and other works in progress.<br />
<br />
==[[Development]]==<br />
* [[Downloads#Subversion|Subversion Repository]] — development branch<br />
* [[:Category:Unresolved design issues|Unresolved design issues]] — things that need thinking about<br />
<br />
== Related Sites ==<br />
<br />
* [http://www.erights.org Main Erights.org site]<br />
* [[wikipedia:E_(programming_language)|{{E}} on Wikipedia]]<br />
* [http://rosettacode.org/wiki/Category:E {{E}} on Rosetta Code]<br />
* [[Object-capability languages]]<br />
* [[Object-capability systems]]<br />
* [[Related Sites|...more...]]</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-17T03:17:50Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf CMNM], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], [https://pdfs.semanticscholar.org/0820/cc9b611b2655d1bec8b85375650cef877848.pdf CM*], [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], [https://homes.cs.washington.edu/~levy/capabook/Chapter7.pdf StarOS], [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], [http://www.csl.sri.com/users/neumann/psos.pdf PSOS], [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [https://github.com/genodelabs/genode Genode], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], [http://www.cap-lore.com/Agorics/Library/guardoswhitepaper.html GuardOS], [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], [http://www.emeraldprogramminglanguage.org/ Emerald], [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], [http://www.info.ucl.ac.be/~pvr/oze.pdf Oz-E], [https://www.cs.drexel.edu/~csgordon/papers/oopsla12.pdf M#] || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], [http://www.hpl.hp.com/techreports/2001/HPL-2001-136.html Client Utility], [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], [http://www.hpl.hp.com/techreports/2004/HPL-2004-150.html E-Speak], [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ ld-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-17T03:15:36Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf CMNM], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], [https://pdfs.semanticscholar.org/0820/cc9b611b2655d1bec8b85375650cef877848.pdf CM*], [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], [http://www.csl.sri.com/users/neumann/psos.pdf PSOS], [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [https://github.com/genodelabs/genode Genode], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], [http://www.cap-lore.com/Agorics/Library/guardoswhitepaper.html GuardOS], [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], [http://www.emeraldprogramminglanguage.org/ Emerald], [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], [http://www.info.ucl.ac.be/~pvr/oze.pdf Oz-E], [https://www.cs.drexel.edu/~csgordon/papers/oopsla12.pdf M#] || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], [http://www.hpl.hp.com/techreports/2001/HPL-2001-136.html Client Utility], [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], [http://www.hpl.hp.com/techreports/2004/HPL-2004-150.html E-Speak], [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ ld-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-17T03:12:19Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf CMNM], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], [http://www.csl.sri.com/users/neumann/psos.pdf PSOS], [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [https://github.com/genodelabs/genode Genode], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], [http://www.cap-lore.com/Agorics/Library/guardoswhitepaper.html GuardOS], [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], [http://www.emeraldprogramminglanguage.org/ Emerald], [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], [http://www.info.ucl.ac.be/~pvr/oze.pdf Oz-E], [https://www.cs.drexel.edu/~csgordon/papers/oopsla12.pdf M#] || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], [http://www.hpl.hp.com/techreports/2001/HPL-2001-136.html Client Utility], [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], [http://www.hpl.hp.com/techreports/2004/HPL-2004-150.html E-Speak], [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ ld-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-17T03:04:30Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf CMNM], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], [http://www.csl.sri.com/users/neumann/psos.pdf PSOS], [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [https://github.com/genodelabs/genode Genode], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], [http://www.cap-lore.com/Agorics/Library/guardoswhitepaper.html GuardOS], [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], [http://www.emeraldprogramminglanguage.org/ Emerald], [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], [http://www.info.ucl.ac.be/~pvr/oze.pdf Oz-E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], [http://www.hpl.hp.com/techreports/2001/HPL-2001-136.html Client Utility], [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], [http://www.hpl.hp.com/techreports/2004/HPL-2004-150.html E-Speak], [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ ld-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-17T03:01:51Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf CMNM], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], [http://www.csl.sri.com/users/neumann/psos.pdf PSOS], [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [https://github.com/genodelabs/genode Genode], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], [http://www.cap-lore.com/Agorics/Library/guardoswhitepaper.html GuardOS], [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], [http://www.emeraldprogramminglanguage.org/ Emerald], [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], [http://www.info.ucl.ac.be/~pvr/oze.pdf Oz-E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ ld-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-17T03:01:13Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf CMNM], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], [https://www.csl.sri.com/users/neumann/psos.pdf PSOS], [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [https://github.com/genodelabs/genode Genode], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], [http://www.cap-lore.com/Agorics/Library/guardoswhitepaper.html GuardOS], [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], [http://www.emeraldprogramminglanguage.org/ Emerald], [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], [http://www.info.ucl.ac.be/~pvr/oze.pdf Oz-E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ ld-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-17T03:00:41Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf CMNM], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], [www.csl.sri.com/users/neumann/psos.pdf PSOS], [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [https://github.com/genodelabs/genode Genode], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], [http://www.cap-lore.com/Agorics/Library/guardoswhitepaper.html GuardOS], [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], [http://www.emeraldprogramminglanguage.org/ Emerald], [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], [http://www.info.ucl.ac.be/~pvr/oze.pdf Oz-E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ ld-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-17T02:55:17Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf CMNM], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [https://github.com/genodelabs/genode Genode], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], [http://www.cap-lore.com/Agorics/Library/guardoswhitepaper.html GuardOS], [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], [http://www.emeraldprogramminglanguage.org/ Emerald], [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], [http://www.info.ucl.ac.be/~pvr/oze.pdf Oz-E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ ld-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-17T02:52:54Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf CMNM], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [https://github.com/genodelabs/genode Genode], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], [http://www.emeraldprogramminglanguage.org/ Emerald], [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], [http://www.info.ucl.ac.be/~pvr/oze.pdf Oz-E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ ld-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-12T22:55:14Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf CMNM], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [https://github.com/genodelabs/genode Genode], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], [http://www.emeraldprogramminglanguage.org/ Emerald], [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], [http://www.info.ucl.ac.be/~pvr/oze.pdf Oz-E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T18:58:02Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf CMNM], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], [http://www.info.ucl.ac.be/~pvr/oze.pdf Oz-E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T08:21:36Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf CMNM], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T07:58:40Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf Chicago Magic Number Machine], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || [http://world.std.com/~cme/html/spki.html SPKI/SDSI], E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T07:52:28Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf Chicago Magic Number Machine], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || [http://www.webstart.com/jed/papers/DCCS/ DCCS], [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T07:47:08Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf Chicago Magic Number Machine], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T07:45:46Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf Chicago Magic Number Machine], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://www.webstart.com/jed/papers/RATS/RATS.pdf RATS], [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T07:40:57Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf Chicago Magic Number Machine], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || [http://combex.com/papers/darpa-report/html/index.html CapDesk], [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T07:36:36Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf Chicago Magic Number Machine], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], [https://www.microsoft.com/en-us/research/publication/the-cambridge-cap-computer-and-its-operating-system/ CAP], [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T07:34:04Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || [https://homes.cs.washington.edu/~levy/capabook/Chapter3.pdf Chicago Magic Number Machine], [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T07:26:07Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Chicago Magic Numbers Machine, [https://en.wikipedia.org/wiki/Plessey_System_250 Plessey 250], CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, [http://mca-ltd.com/martin/Ten15/introduction.html Flex], [https://www-03.ibm.com/ibm/history/exhibits/rochester/rochester_4009.html IBM System/38], [https://blogs.oracle.com/bmc/revisiting-the-intel-432 Intel 432] || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T07:11:24Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], [http://www.cs.cornell.edu/slk/jk-0.91/doc/Default.html J-Kernel], [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T07:10:00Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], J-Kernel, [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, [https://dl.acm.org/citation.cfm?doid=323627.323646 Eden], Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T07:05:20Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], [https://en.wikipedia.org/wiki/Hydra_(operating_system) Hydra], StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], J-Kernel, [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, Eden, Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T07:01:36Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], Hydra, StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], [https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Coyotos.html Coyotos] || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], J-Kernel, [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, Eden, Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T06:59:37Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], Hydra, StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], Coyotos || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], J-Kernel, [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict], [https://web.archive.org/web/20111105211124/http://plash.beasts.org/wiki/ Plash] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, Eden, Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T06:56:26Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], Hydra, StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], Coyotos || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], [http://mumble.net/~jar/pubs/secureos/ W7], J-Kernel, [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, Eden, Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T06:55:32Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], Hydra, StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], Coyotos || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], W7, J-Kernel, [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, Eden, Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], [http://www.erights.org/history/joule/ Joule], [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T06:54:10Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], Hydra, StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], Coyotos || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], W7, J-Kernel, [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, Eden, Emerald, [https://dl.acm.org/citation.cfm?id=28721 Vulcan], Joule, [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T06:52:07Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], Hydra, StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], Coyotos || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], W7, J-Kernel, [https://github.com/davidwagner/joe-e Joe-E], [[Emily]], [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, Eden, Emerald, Vulcan, Joule, [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [http://wiki.erights.org/wiki/Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T06:47:08Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], Hydra, StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], Coyotos || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], W7, J-Kernel, [https://github.com/davidwagner/joe-e Joe-E], Emily, [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], [https://developers.google.com/caja/ Caja], [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, Eden, Emerald, Vulcan, Joule, [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T06:45:26Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.crash-safe.org/docs/LowFatPtrs-CCS2013.html Crash-SAFE], [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], Hydra, StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], Coyotos || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || [http://www.erights.org/history/morris73.pdf Gedanken], W7, J-Kernel, [https://github.com/davidwagner/joe-e Joe-E], Emily, [https://web.archive.org/web/20130116033811/http://caperl.links.org/ CaPerl], Caja, [http://www2.fiit.stuba.sk/~kosik/doc/sofsem2008.pdf Tamed Pict] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, Eden, Emerald, Vulcan, Joule, [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], [https://github.com/warner/foolscap/blob/latest-release/doc/using-foolscap.rst Foolscap], Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T06:35:34Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], Hydra, StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], Coyotos || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || Gedanken, W7, J-Kernel, [https://github.com/davidwagner/joe-e Joe-E], Emily, CaPerl, Caja, [http://www.dmi.unict.it/~barba/FOND-LING-PROG-DISTR/PROGRAMMI-TESTI/READING-MATERIAL/TutorialPICT.pdf Tamed Pict] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, Eden, Emerald, Vulcan, Joule, [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], Foolscap, Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, [https://dfinity.org/ Dfinity], [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markmhttp://50.77.162.165/wiki/Object-capability_systemsObject-capability systems2018-03-11T06:31:40Z<p>Markm: </p>
<hr />
<div>These are all capability systems, but not all are ocap systems.<br />
<br />
{|<br />
|-<br />
! Substrate || || Historical System || || System<br />
|-<br />
| Hardware || || Plessey 250, CAP, [http://gordonbell.azurewebsites.net/cgb%20files/cmmp%20multi-mini-processor%20comconference%201972%20c.pdf C.mmp], CM*, IBM System/38, Intel 432 || || [http://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ CHERI], [https://riscv.org/ Risc-V]<br />
|-<br />
| OS || || [https://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/ProgramSemantics_DennisvanHorn.pdf DVH], Hydra, StarOS, [http://www.mcjones.org/CalTSS/ Cal-TSS], PSOS, [https://en.wikipedia.org/wiki/NLTSS NLTSS], [https://www.usenix.org/legacy/publications/library/proceedings/cinci93/full_papers/hamilton.txt Spring] || || [https://www.cl.cam.ac.uk/research/security/capsicum/ Capsicum], [https://nuxi.nl/ CloudABI], [http://www.barrelfish.org/ Barrelfish], [https://lwn.net/Articles/718267/ Fuchsia]<br />
|-<br />
| KeyKOS family OS || || [http://cap-lore.com/Agorics/Library/KeyKos/gnosisShare.html Gnosis], [http://cap-lore.com/Agorics/Library/keykosindex.html KeyKOS], GuardOS, [https://en.wikipedia.org/wiki/EROS_(microkernel) EROS], [http://www.capros.org/ CapROS], Coyotos || || [https://sel4.systems/ seL4]<br />
|-<br />
| Distributed OS || || [https://www.cs.vu.nl/pub/amoeba/amoeba.html Ameoba], [https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html Mach], [http://joeduffyblog.com/2015/11/03/blogging-about-midori/ Midori] || ||<br />
|-<br />
| Language || || Gedanken, W7, J-Kernel, [https://github.com/davidwagner/joe-e Joe-E], Emily, CaPerl, Caja, [http://www.dmi.unict.it/~barba/FOND-LING-PROG-DISTR/PROGRAMMI-TESTI/READING-MATERIAL/TutorialPICT.pdf Tamed Pict] || || [http://monte.readthedocs.io/ Monte], [https://github.com/tc39/proposal-frozen-realms Frozen Realms], [http://shill.seas.harvard.edu/ shill], [http://wyvernlang.github.io/ Wyvern], [https://github.com/WebAssembly/gc/blob/master/proposals/gc/Overview.md wasm-gc]<br />
|-<br />
| Distributed Language || || Act-1, Eden, Emerald, Vulcan, Joule, [http://wiki.erights.org E], M# || || [https://www.ponylang.org/ Pony], [http://uu.diva-portal.org/smash/get/diva2:1164769/FULLTEXT01.pdf Kappa], [https://research.google.com/pubs/pub40673.html Dr.SES]<br />
|-<br />
| Distributed Storage || || [https://alanhkarp.com/scoopfs/index.html Scoopfs] || || [https://tahoe-lafs.org/trac/tahoe-lafs Tahoe-LAFS]<br />
|-<br />
| Crypto Protocol || || DCCS, RATS, [http://www.erights.org/elib/distrib/captp/index.html CapTP], Foolscap, Client Utility, [http://waterken.sourceforge.net/ Waterken] || || [http://isr.uci.edu/projects/coast/ COAST], [https://capnproto.org/ Cap’n Proto]<br />
|-<br />
| Offline Certs || || SPKI/SDSI, E-Speak, [Capability-based_Active_Invocation_Certificates CapCert] || || [https://research.google.com/pubs/pub41892.html Macaroons], [https://w3c-ccg.github.io/ld-ocap/ lds-ocap]<br />
|-<br />
| Blockchain || || || || Gravity, Dfinity, [http://rchain-architecture.readthedocs.io/en/latest/ RChain], [https://cosmos.network/ Cosmos], [https://w3c-ccg.github.io/didm-veres-one/ Veres One], [https://sovrin.org/ Sovrin], Agoric Systems<br />
|-<br />
| User Interface || || CapDesk, [https://alanhkarp.com/scoopfs/index.html Scoopfs], [https://sites.google.com/site/belayresearchproject/ Belay] || || [https://sandstorm.io/ Sandstorm]<br />
|}</div>Markm