Cap-talk Bibliography
This page holds links to documents cited on the cap-talk
mailing-list since 01/01/2006.
Notice: I don't list documents that I can't access.
2007
Total links in archive: 13368
This is a publication ad-interim of current, incomplete
work.
GrandUnifiedCapabilities
transitive_access.pdf
ZebraCopy.pdf
GNOSIS/KeyKOS/EROS
GNOSIS
Objects
GNOSIS The
Factory
To Confine an
Application
Space
Bank Nexus
Keykos Mach
Aegis
Derwent
Roots of
Keykos
An Early
Keykos Paper
Gnosis
Meters
KERNEL
DESIGN PRINCIPLES
Scavenging
Caches
Allocation
and Deallocation of Space in Keykos
Synthetic Kernel
Objects
Paying for
Shared Goods
Glossary
Continuous
Offsite Checkpoints
Protection,
Butler W. Lampson, Xerox Corporation, Palo Alto, California
Checkpoint
Restart
phd-proposal.pdf
svy-pm.pdf
Key
Indexed Directories
The KeyKOS/KeySAFE System Design ( Keysafe.ps)
KeyKOS Principles of Operation - Keys
The
Checkpoint Mechanism in KeyKOS
The Confused
Deputy
KeyKOS - A
Secure, High-Performance Environment for S/370
A Security
Analysis of the Combex DarpaBrowser Architecure, by David Wagner
& Dean Tribble, March 4, 2002
Coyotos-CapROS-L4
The
Coyotos Build System
RAID sucks
Communicating
Conspirators
EOR:
LogAppend
IPC-Assurance.ps
oakland2000.ps
shap-thesis.ps
storedesign2002.pdf
Kevin
Elphinstone, Future Directions in the Evolution of the L4
Microkernel
Gligor V.
D., J. C. Huskamp, S. R. Welke, C. J. Linn, W. T. Mayfield,
Traditional Capability-Based Systems: An Analysis of their Ability
to Meet the Trusted Computer Security Evaluation Criteria,
Institute for Defense Analyses, IDA Paper PI 935, February
1987.
Estimated
impact of publication venues in Computer Science (higher is better)
- May 2003 (CiteSeer)
Thede
Loder University Of Michigan Electrical Engineering and
Computer..., An Economic Answer to Unsolicited Communication
(2004)
google-caja
E and CapDesk, POLA
for the Distributed Desktop
A
Password-Capability System -- Anderson et al. 29 (1): 1 -- The
Computer Journal
erights.org
Welcome to the ERights.org
wiki. E is a secure, distributed, pure-object platform and P2P
scripting language for writing Capability-based Smart
Contracts.
The Power
of Irrelevance: Designing notations to support adversarial
reviews
horton/document.pdf
Introducing
Remote Objects
What's
Updoc?
Communicating
Conspirators
Where Capabilities Do Fall Short
Distributed
Capability Confinement An observation of Norm Hardy's, written up
by Mark S. Miller and Melora Svoboda
Delegating
Responsibility in Digital Systems: Horton's "Who Done It?"
Horton
with Rights Amplification
Testing
Simplified Horton
Eventual
Horton
Mailkeys
as a Horton-like protocol
How
Horton Hears a Who
horton-frames.pdf
From
Functions To Objects
From
Objects To Capabilities
Perimeter
Security
Reference
Mechanics
Fat
Pointers
morris73.pdf
What's New with
E?
Robust
Composition: Towards a Unified Approach to Access Control and
Concurrency Control by Mark Samuel Miller
Safe
Serialization Under Mutual Suspicion
Three
Types of Causality. Moral, Physical, Explanatory
Horton's
"Who Done It?"
Causeway
Message-oriented distributed debugging by Terry Stanley & Mark
Miller, from an idea by E. Dean Tribble supported by the Critical
Infrastructure Protection Project at George Mason
University
Unibus Sketch A
Single-Key Cryptographic Capability Protocol
The Unum a form
of distributed object
The
Grant Matcher Puzzle
E's
History
Overview: E's
History
SecurityPictureBook.pdf
Robust Composition:
Towards a Unified Approach to Access Control and Concurrency
Control by Mark Samuel Miller
Re: A
stab at the sealer in E, Ka-Ping Yee (ping@lfw.org) Tue, 2 Nov 1999
19:44:55 -0800 (PST)
CapDesk
Features
The E
Language in a Walnut by Marc Stiegler
An
Introduction to Petname Systems by Marc Stiegler, Feb 2005
20070104-walfield-access-decomposition-policy-refinement.pdf
20070111-walfield-critique-of-the-GNU-Hurd.pdf
Waterken
Server
ref_send API
1.14 defensive programming in Java
2006
Robust
Composition: Towards a Unified Approach to Access Control and
Concurrency Control. by Mark Samuel Miller
Paradigm
Regained: Abstraction Mechanisms for Access Control. Mark S.
Miller, Hewlett Packard LAboratories, Jonathan S. Shapiro, Johns
Hopkins University
Capability Myths
Demolished. Mark S. Miller, Combex, Inc., Ka-Ping Yee,
University of California, Berkeley, Jonatham Shapiro, Johns Hopkins
University
Engines from
Continuations. R. Kent Dybvig and Robert Hieb, Computer Science
Department, Indiana University
A pact
with the Devil. Mike Bond and George Danezis, University of
Cambridge, Computer Laboratory
Single
Event Upset at Ground Level. Eugene Normand, Member, IEEE,
Boeing Defense & Space Group, Seattle, WA
98124-2499
Simple design
pattern for implicit confinement property enforcement in POLA based
design. Rob J Meijer
User
Interaction Design for Secure Systems. Ka-Ping Yee
Protection
in the Hydra Operating System. Ellis Cohen and David Jefferson,
Carnegie-Mellon University
Make
Least Privilege a Right (Not a Privilege)
Improving IPC
by Kernel Design. Jochen Liedtke, German National Research
Center for Computer Science (GMD)
An Analysis of The
Systemic Security Weaknesses of The U.S. Navy Fleet Broadcasting
System. 1967-1974, As Exploited By Cwo John Walker, by Laura J.
Heath, MAJ, USA M.S., Georgia Institute of Technology,
2001
A Note
on the Confinement Problem. Butler W. Lampson, Xerox Palo Alto
Research Center
Private Yet
Abuse Resistant Open Publishing. George Danezis, Ben
Laurie
Towards
a manageable Linux security. Toshiharu HARADA, Takashi HORIE
and Kazuo TANAKA, Open Source Software Development Center, NTT DATA
CORPORATION
Chained
Enforceable Re-authentication Barrier Ensures Really Unbreakable
Security. Toshiharu Harada, Takaaki Matsumoto, NTT DATA
CORPORATION
A
Data Pump for Communication. Myong H.Kang, Ira S. Moskowitz,
Naval Research Laboratory, Center for High Assurance Computer
Systems, Information Technology Division,
NRL/MR/5540--95-7771
Windows
Access Control Demystified. Sudhakar Govindavajhala and Andrew
W. Appel, Princeton University
Actor
model and process calculi
Overcoming
the Coordination Problem: Dynamic Formation of Networks. Jack
Ochs, Department of Economics, University of Pittsburgh, In-Uck
Park, Department of Economics and CMPO, University of
Bristol
Why
Phishing Works. Rachna Dhamija, J. D. Tygar, Marti
Hearst
Multilevel Security
and Quality of Protection. Simon N. Foley, Stefano Bistarelli,
Barry O'Sullivan, John Herbert, and Garret Swart
Discretionary
Capability Confinement. Philip W. L. Fong, Department of
Computer Science, University of Regina
Non-interference,
who needs it?, Peter Ryan, Carnegie Mellon, John McLean, NRL,
Virgil Gligor, University of Maryland, College Park
Static
support for capability-based programming in Java. Vijay
Saraswat, Department of Computer Science and Engineering, Penn
State University, Radha Jagadeesan, School of CTI, DePaul
University
On the
Inability of an Unmodified Capability Machine to Enforce the
*-Property. W. E. Boebert, Honeywell Systems and Research
Center
KeySAFE
On
Access Checking in Capability-Based Systems. Richard Y. Kain,
University of Minnesota, Carl E. Landwehr, Naval Research
Laboratory
Processes,
Spheres of Protection and Independent Computations. Earl C. Van
Horn, Machine Structures Group No.9
BEFORE MEMORY WAS VIRTUAL.
Peter J. Denning, George Mason University
AN
IMPLEMENTATION OF A MULTIPROCESSING COMPUTER SYSTEM. William B.
Ackerman, William W. Plummer, Department of Electrical Engineering,
Massachusetts Institute of Technology
A Letter
from Prof. Corbato' (10/30/00)
Introduction and
Overview of the Multics System. F. J. Corbato', Massachusetts
Institute of Technology, V. A. Vyssotsky, Bell Telephone
Laboratories, Inc.
COOPERATION
OF MUTUALLY SUSPICIOUS SUBSYSTEMS IN A COMPUTER UTILITY.
Michael D. Schroeder, Massachusetts Institute of
Technology
Cal TSS Archives.
Paul R. McJones, 4 May 2003
Capability Computing at LLNL, by Jed Donnelley, May 4
2005
Network
Livermore Time Sharing System (NLTSS). S Terry Brugger, Madhavi
Gandhi, Greg Streletz, Department of Computer Science, University
of California, Davis
SubVirt:
Implementing malware with virtual machines. Samuel T. King,
Peter M. Chen, University of Michigan, Yi-Min Wang, Chad Verbowski,
Helen J. Wang, Jacob R. Lorch, Microsoft Research
Linux on the IBM
ESA/390 Mainframe Architecture. by Linas VEPSTAS
A Strategic
Point Of View For VM. by Jeffrey Savit
SCOLL and SCOLLAR -
Safe Collaboration based on Partial Trust. Fred Spiessens, Yves
Jaradin, and Peter Van Roy, Universite' Catholique de Louvain,
Louvain-la-Neuve, Belgium
Components of a
Network Operating System. James E. (Jed) Donnelley, Lawrence
Livermore National Laboratory, Livermore, California,
USA
EWD 196: The
Structure of the 'THE'-multiprogramming system,
Dijkstra
Drawing the
Red Line in Java, Godmar Back and Wilson Hsieh, Department of
Computer Science, University of Utah
Task
Communication in DEMOS, Forest Baskett, John H. Howard and John
T. Montague, Los Alamos Scientific Laboratory, Los Alamos, New
Mexico 87545
The Oz-E Project: Design
Guidelines for a Secure Multiparadigm Programming Language,
Fred Spiessens and Peter Van Roy, Universite' Catholique de
Louvain, Louvain-la-Neuve, Belgium
Distributed
Capability Confinement, An Observation of Norm Hardy's, written
up by Mark S. Miller and Melora Svoboda
CapTP
Ops: DeliverOnlyOp
AN INTRODUCTION
TO RATS (RISOS/ARPA TERMINAL SYSTEM): AN OPERATING SYSTEM FOR THE
DEC PDP-11/45, Charles Landau, Ms. Date: March 1, 1974,
Lawrence Livermore Laboratory, University of
California
The Price of
Safety in an Active Network, D. Scott Alexander, Paul B.
Menage, Angelos D. Keromytis, William A. Arbaugh, Kostas G
Anagnostakis, and Jonathan M. Smith
Active
networking: one view of the past, present, and future, Jonathan M.
Smith, Scott M. Nettles, Department of Computer & Information
Science
The
SwitchWare Active Network Implementation, D. Scott Alexander,
Michael W. Hicks, Pankaj Kakkar, Angelos D. Keromytis, Marianne
Shaw, Jonathan T. Moore, Carl A. Gunter, Trevor Jim, Scott M.
Nettles, and Jonathan Smith, University of
Pennsylvania
POLARIS: VIRUS-SAFE
COMPUTING for Windows XP, by Marc Stiegler, Alan H. Karp,
Ka-Ping Yee, Tyler Close, and Mark S. Miller
Communicating
Conspirators
What is a
Capability, Anyway?, by Jonathan Shapiro
D-GateFS, Rob J
Meijer; Oct 27 2006
Capabilities
by Example (in C#)
Least
Privilege and More, Fred B. Schneider, Cornell University,
Ithaca, New York, USA
Computer
Security in the Real World, Butler Lampson, August
2005
Traditional
Capability-Based Systems: An Analysis of Their Ability to Meet the
Trusted Computer Security Evaluation Criteria
A
Taxonomy of Computer Program Security Flaws, with Examples,
Carl E. Landwehr, Alan R. Bull, John P. McDermott, and William
S. Choi, Information Technology Division, Code 5542, Naval Research
Laboratory, Washington, D.C. 20375-5337
IMPROVING
SECURITY AND PERFORMANCE FOR CAPABILITY SYSTEMS, by Paul Ashley
Karger, October 1988, University of Cambridge, Computer
Laboratory
A
Critique of the GNU Hurd Multi-server Operating System, Neal H.
Walfield, Marcus Brinkmann
Design
and implementation of the Recursive Virtual Address Space Model for
Small Scale Multiprocessor Systems, Marcus Voelp, University of
Karlsruhe, September 2002
L4.sec
Implementation: Kernel Memory Management, Bernhard Kauer, May
19 2005, TU-Dresden
Principles of
Design in the Octopus Computer Network, John G. Fletcher,
University of California, Lawrence Livermore Laboratory, California
94550, USA
E
Fundamentals
Synchronous
IPC over Transparent Monitors, Trent Jaeger, Jonathon E.
Tidswell, Alain Gefflaut, Yoonho Park, Jochen Liedtke, Kevin
Elphinstone. IBM T.J. Watson Research Center, Hawthorne, NY
10532
An Operational
System for Computer Resource Sharing, B. P. Cosell, P. R.
Johnson, J. H. Malman, R. E. Schantz, J. Hussman, R. H. Thomas, and
D. C. Walden, Bolt Beranek and Newman Inc., Cambridge,
Massachusetts
Protection in
Programming Languages, James H. Morris Jr., University of
California
Making
Information Flow Explicit in HiStar, Nickolai Zeldovich, Silas
Boyd-Wickizer, Eddie Kohler, and David Mazieres, Stanford and
UCLA
Labels and
Event Processes in the Asbestos Operating System, Petros
Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David
Ziegler, Eddie Kohler, David Mazieres, Frans Kaashoek, Robert
Morris, UCLA, MIT, Stanford/NYU
The Horton
Protocol, Meng Weng Wong, Mark S. Miller
Improving
Usability via Access Decomposition and Policy Refinement, Neal
H. Walfield and Marcus Brinkmann
Unmodified
Device Driver Reuse and Improved System Dependability via Virtual
Machines, Joshua LeVasseur, Volkmar Uhlig, Jan Stoess, Stefan
Gotz, University of Karlsruhe, Germany
Cross-Referencing
Linux, Linux/drivers/net/e1000/
Nooks: An
Architecture for Reliable Device Drivers, Michael M. Swift,
Steven Martin, Henry M. Levy, and Susan J. Eggers, Department of
Computer Science and Engineering, University of Washington,
Seattle, WA 98195, USA
Zest: Discussion Mapping
for Mailing Lists, Ka-Ping Yee, Group for User Interface
Research, University of California, Berkeley
The
Checkpoint Mechanism in KeyKOS, Charles R. Landau
Design
Evolution of the EROS Single-Level Store, Jonathan S. Shapiro,
Systems Research Laboratory, Johns Hopkins University, Jonatham
Adams, Distributed Systems Laboratory, University of
Pennsylvania
Typing
Confluence, Uwe Nestmann, Martin Steffen
Polarized
Name Passing, Martin Odersky, Department of Computer Science,
University of Karlsruhe
Harmless
Pict Library, Matej Kosik, January 8 2007
Password-Capabilities:
Their Evolution from the Password-Capability System into Walnut and
Beyond, Ronald Pose, School of Computer Science and Software
Engineering, Monash University, Clayton, Victoria 3168,
Australia
Perimeter
Security
An Early
Keykos Paper, Dale E. Jordan, March 20, 1972
Structure
and Interpretation of Computer Programs
Introduction to KeySAFE, Key Logic
Managing
Domains in a Network Operating System. James E. (Jed)
Donnelley, Lawrence Livermore National Laboratory, Livermore,
California, USA
Internet
creation myths, by Les Earnest
GNOSIS
Roots of
Keykos
An
Introduction to Role-Based Access Control, NIST/ITL Bulletin,
December 1995
Access
Control in a World of Software Diversity. Martin Abadi, Andrew
Birrell, and Ted Wobber, University of California, Santa Cruz,
Microsoft Research, Silicon Valley
BackH2O.
Matej Kosik, January 25 2007
Assessing
security threats of looping constructs. Pasquale Malacaria,
Dept of Computer Science, Queen Mary, University of
London
FragToken:
Secure Web Authentication using the Fragment Identifier. Ben
Adida, Harvard, 33 Oxford Street, Cambridge, MA 02118, 3 February
2007
Patterns of Safe
Collaboration. Alfred Spiessens, February 2007, Faculte' des
Sciences Appliquees, Departement d'Ingegnerie Informatique,
Universite' catholique de Louvain, Louvain-la-Neuve,
Belgium
RECORD
HANDLING. C. A. R. Hoare, 29 July 1965.
INTRODUCTION TO
OOP IN SIMULA. J. Sklenar, 1997
Dr. Alan Kay on the Meaning of Object-Oriented Programming.
E-mail 2003-07-23 and 2003-07-26.
KeyKOS - A
Secure, High-Performance Environment for S/370. Key Logic, Inc.
1988.
The
Early History of Smalltalk. Alan C. Kay, Apple
Computer.
The Birth of
Object Orientation: the Simula Languages*. Ole-Johan Dahl, June
2001.
Specification
and Design of Component-based Coordination Systems by Integrating
Coordination Patterns. Pedro L. Perez-Serrano, Marisol
Sanchez-Alonso, QUERCUS Software Engineering Group, Computer
Science Department, University of Extremadura, Escuela
Politecnica.
Garbage
Collection Can Be Faster Than Stack Allocation. Andrew W.
Appel, Department of Computer Science, Princeton University,
Princeton, NJ 08544. June 30, 1986, Revised Jan 15, 1987.
Information Processing Letters 25(4):275-279, 17 June
1987.
|