Cap-talk Bibliography

This page holds links to documents cited on the cap-talk mailing-list since 01/01/2006.

Notice: I don't list documents that I can't access.


Total links in archive: 13368

This is a publication ad-interim of current, incomplete work.





GNOSIS Objects

GNOSIS The Factory

To Confine an Application

Space Bank Nexus

Keykos Mach Aegis


Roots of Keykos

An Early Keykos Paper

Gnosis Meters


Scavenging Caches

Allocation and Deallocation of Space in Keykos

Synthetic Kernel Objects

Paying for Shared Goods


Continuous Offsite Checkpoints

Protection, Butler W. Lampson, Xerox Corporation, Palo Alto, California

Checkpoint Restart

PDF phd-proposal.pdf

PDF svy-pm.pdf

Key Indexed Directories

The KeyKOS/KeySAFE System Design (PDF

KeyKOS Principles of Operation - Keys

The Checkpoint Mechanism in KeyKOS

The Confused Deputy

KeyKOS - A Secure, High-Performance Environment for S/370

A Security Analysis of the Combex DarpaBrowser Architecure, by David Wagner & Dean Tribble, March 4, 2002


The Coyotos Build System

RAID sucks

Communicating Conspirators

EOR: LogAppend




PDF storedesign2002.pdf

Kevin Elphinstone, Future Directions in the Evolution of the L4 Microkernel

Gligor V. D., J. C. Huskamp, S. R. Welke, C. J. Linn, W. T. Mayfield, Traditional Capability-Based Systems: An Analysis of their Ability to Meet the Trusted Computer Security Evaluation Criteria, Institute for Defense Analyses, IDA Paper PI 935, February 1987.

Estimated impact of publication venues in Computer Science (higher is better) - May 2003 (CiteSeer)

Thede Loder University Of Michigan Electrical Engineering and Computer..., An Economic Answer to Unsolicited Communication (2004)


E and CapDesk, POLA for the Distributed Desktop

A Password-Capability System -- Anderson et al. 29 (1): 1 -- The Computer Journal

Welcome to the wiki. E is a secure, distributed, pure-object platform and P2P scripting language for writing Capability-based Smart Contracts.

The Power of Irrelevance: Designing notations to support adversarial reviews

PDF horton/document.pdf

Introducing Remote Objects

What's Updoc?

Communicating Conspirators

Where Capabilities Do Fall Short

Distributed Capability Confinement An observation of Norm Hardy's, written up by Mark S. Miller and Melora Svoboda

Delegating Responsibility in Digital Systems: Horton's "Who Done It?"

Horton with Rights Amplification

Testing Simplified Horton

Eventual Horton

Mailkeys as a Horton-like protocol

How Horton Hears a Who

PDF horton-frames.pdf

From Functions To Objects

From Objects To Capabilities

Perimeter Security

Reference Mechanics

Fat Pointers

PDF morris73.pdf

What's New with E?

Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control by Mark Samuel Miller

Safe Serialization Under Mutual Suspicion

Three Types of Causality. Moral, Physical, Explanatory

Horton's "Who Done It?"

Causeway Message-oriented distributed debugging by Terry Stanley & Mark Miller, from an idea by E. Dean Tribble supported by the Critical Infrastructure Protection Project at George Mason University

Unibus Sketch A Single-Key Cryptographic Capability Protocol

The Unum a form of distributed object

The Grant Matcher Puzzle

E's History

Overview: E's History

PDF SecurityPictureBook.pdf

Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control by Mark Samuel Miller

Re: A stab at the sealer in E, Ka-Ping Yee ( Tue, 2 Nov 1999 19:44:55 -0800 (PST)

CapDesk Features

The E Language in a Walnut by Marc Stiegler

An Introduction to Petname Systems by Marc Stiegler, Feb 2005

PDF 20070104-walfield-access-decomposition-policy-refinement.pdf

PDF 20070111-walfield-critique-of-the-GNU-Hurd.pdf

Waterken Server

ref_send API 1.14 defensive programming in Java


PDF Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. by Mark Samuel Miller

PDF Paradigm Regained: Abstraction Mechanisms for Access Control. Mark S. Miller, Hewlett Packard LAboratories, Jonathan S. Shapiro, Johns Hopkins University

PDF Capability Myths Demolished. Mark S. Miller, Combex, Inc., Ka-Ping Yee, University of California, Berkeley, Jonatham Shapiro, Johns Hopkins University

PDF Engines from Continuations. R. Kent Dybvig and Robert Hieb, Computer Science Department, Indiana University

PDF A pact with the Devil. Mike Bond and George Danezis, University of Cambridge, Computer Laboratory

PDF Single Event Upset at Ground Level. Eugene Normand, Member, IEEE, Boeing Defense & Space Group, Seattle, WA 98124-2499

PDF Simple design pattern for implicit confinement property enforcement in POLA based design. Rob J Meijer

PDF User Interaction Design for Secure Systems. Ka-Ping Yee

PDF Protection in the Hydra Operating System. Ellis Cohen and David Jefferson, Carnegie-Mellon University

Make Least Privilege a Right (Not a Privilege)

Improving IPC by Kernel Design. Jochen Liedtke, German National Research Center for Computer Science (GMD)

PDF An Analysis of The Systemic Security Weaknesses of The U.S. Navy Fleet Broadcasting System. 1967-1974, As Exploited By Cwo John Walker, by Laura J. Heath, MAJ, USA M.S., Georgia Institute of Technology, 2001

A Note on the Confinement Problem. Butler W. Lampson, Xerox Palo Alto Research Center

PDF Private Yet Abuse Resistant Open Publishing. George Danezis, Ben Laurie

PDF Towards a manageable Linux security. Toshiharu HARADA, Takashi HORIE and Kazuo TANAKA, Open Source Software Development Center, NTT DATA CORPORATION

PDF Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Security. Toshiharu Harada, Takaaki Matsumoto, NTT DATA CORPORATION

PDF A Data Pump for Communication. Myong H.Kang, Ira S. Moskowitz, Naval Research Laboratory, Center for High Assurance Computer Systems, Information Technology Division, NRL/MR/5540--95-7771

PDF Windows Access Control Demystified. Sudhakar Govindavajhala and Andrew W. Appel, Princeton University

Actor model and process calculi

PDF Overcoming the Coordination Problem: Dynamic Formation of Networks. Jack Ochs, Department of Economics, University of Pittsburgh, In-Uck Park, Department of Economics and CMPO, University of Bristol

PDF Why Phishing Works. Rachna Dhamija, J. D. Tygar, Marti Hearst

PDF Multilevel Security and Quality of Protection. Simon N. Foley, Stefano Bistarelli, Barry O'Sullivan, John Herbert, and Garret Swart

PDF Discretionary Capability Confinement. Philip W. L. Fong, Department of Computer Science, University of Regina

PDF Non-interference, who needs it?, Peter Ryan, Carnegie Mellon, John McLean, NRL, Virgil Gligor, University of Maryland, College Park

PDF Static support for capability-based programming in Java. Vijay Saraswat, Department of Computer Science and Engineering, Penn State University, Radha Jagadeesan, School of CTI, DePaul University

On the Inability of an Unmodified Capability Machine to Enforce the *-Property. W. E. Boebert, Honeywell Systems and Research Center


PDF On Access Checking in Capability-Based Systems. Richard Y. Kain, University of Minnesota, Carl E. Landwehr, Naval Research Laboratory

PDF Processes, Spheres of Protection and Independent Computations. Earl C. Van Horn, Machine Structures Group No.9

PDF BEFORE MEMORY WAS VIRTUAL. Peter J. Denning, George Mason University

PDF AN IMPLEMENTATION OF A MULTIPROCESSING COMPUTER SYSTEM. William B. Ackerman, William W. Plummer, Department of Electrical Engineering, Massachusetts Institute of Technology

A Letter from Prof. Corbato' (10/30/00)

Introduction and Overview of the Multics System. F. J. Corbato', Massachusetts Institute of Technology, V. A. Vyssotsky, Bell Telephone Laboratories, Inc.


PDF Cal TSS Archives. Paul R. McJones, 4 May 2003

Capability Computing at LLNL, by Jed Donnelley, May 4 2005

PDF Network Livermore Time Sharing System (NLTSS). S Terry Brugger, Madhavi Gandhi, Greg Streletz, Department of Computer Science, University of California, Davis

PDF SubVirt: Implementing malware with virtual machines. Samuel T. King, Peter M. Chen, University of Michigan, Yi-Min Wang, Chad Verbowski, Helen J. Wang, Jacob R. Lorch, Microsoft Research

Linux on the IBM ESA/390 Mainframe Architecture. by Linas VEPSTAS

A Strategic Point Of View For VM. by Jeffrey Savit

PDF SCOLL and SCOLLAR - Safe Collaboration based on Partial Trust. Fred Spiessens, Yves Jaradin, and Peter Van Roy, Universite' Catholique de Louvain, Louvain-la-Neuve, Belgium

Components of a Network Operating System. James E. (Jed) Donnelley, Lawrence Livermore National Laboratory, Livermore, California, USA

PDF EWD 196: The Structure of the 'THE'-multiprogramming system, Dijkstra

PDF Drawing the Red Line in Java, Godmar Back and Wilson Hsieh, Department of Computer Science, University of Utah

PDF Task Communication in DEMOS, Forest Baskett, John H. Howard and John T. Montague, Los Alamos Scientific Laboratory, Los Alamos, New Mexico 87545

PDF The Oz-E Project: Design Guidelines for a Secure Multiparadigm Programming Language, Fred Spiessens and Peter Van Roy, Universite' Catholique de Louvain, Louvain-la-Neuve, Belgium

Distributed Capability Confinement, An Observation of Norm Hardy's, written up by Mark S. Miller and Melora Svoboda

CapTP Ops: DeliverOnlyOp

PDF AN INTRODUCTION TO RATS (RISOS/ARPA TERMINAL SYSTEM): AN OPERATING SYSTEM FOR THE DEC PDP-11/45, Charles Landau, Ms. Date: March 1, 1974, Lawrence Livermore Laboratory, University of California

PDF The Price of Safety in an Active Network, D. Scott Alexander, Paul B. Menage, Angelos D. Keromytis, William A. Arbaugh, Kostas G Anagnostakis, and Jonathan M. Smith

PDF Active networking: one view of the past, present, and future, Jonathan M. Smith, Scott M. Nettles, Department of Computer & Information Science

PDF The SwitchWare Active Network Implementation, D. Scott Alexander, Michael W. Hicks, Pankaj Kakkar, Angelos D. Keromytis, Marianne Shaw, Jonathan T. Moore, Carl A. Gunter, Trevor Jim, Scott M. Nettles, and Jonathan Smith, University of Pennsylvania

PDF POLARIS: VIRUS-SAFE COMPUTING for Windows XP, by Marc Stiegler, Alan H. Karp, Ka-Ping Yee, Tyler Close, and Mark S. Miller

Communicating Conspirators

What is a Capability, Anyway?, by Jonathan Shapiro

PDF D-GateFS, Rob J Meijer; Oct 27 2006

PDF Capabilities by Example (in C#)

PDF Least Privilege and More, Fred B. Schneider, Cornell University, Ithaca, New York, USA

PDF Computer Security in the Real World, Butler Lampson, August 2005

Traditional Capability-Based Systems: An Analysis of Their Ability to Meet the Trusted Computer Security Evaluation Criteria

PDF A Taxonomy of Computer Program Security Flaws, with Examples, Carl E. Landwehr, Alan R. Bull, John P. McDermott, and William S. Choi, Information Technology Division, Code 5542, Naval Research Laboratory, Washington, D.C. 20375-5337

PDF IMPROVING SECURITY AND PERFORMANCE FOR CAPABILITY SYSTEMS, by Paul Ashley Karger, October 1988, University of Cambridge, Computer Laboratory

PDF A Critique of the GNU Hurd Multi-server Operating System, Neal H. Walfield, Marcus Brinkmann

PDF Design and implementation of the Recursive Virtual Address Space Model for Small Scale Multiprocessor Systems, Marcus Voelp, University of Karlsruhe, September 2002

PDF L4.sec Implementation: Kernel Memory Management, Bernhard Kauer, May 19 2005, TU-Dresden

PDF Principles of Design in the Octopus Computer Network, John G. Fletcher, University of California, Lawrence Livermore Laboratory, California 94550, USA

E Fundamentals

PDF Synchronous IPC over Transparent Monitors, Trent Jaeger, Jonathon E. Tidswell, Alain Gefflaut, Yoonho Park, Jochen Liedtke, Kevin Elphinstone. IBM T.J. Watson Research Center, Hawthorne, NY 10532

PDF An Operational System for Computer Resource Sharing, B. P. Cosell, P. R. Johnson, J. H. Malman, R. E. Schantz, J. Hussman, R. H. Thomas, and D. C. Walden, Bolt Beranek and Newman Inc., Cambridge, Massachusetts

PDF Protection in Programming Languages, James H. Morris Jr., University of California

PDF Making Information Flow Explicit in HiStar, Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazieres, Stanford and UCLA

PDF Labels and Event Processes in the Asbestos Operating System, Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie Kohler, David Mazieres, Frans Kaashoek, Robert Morris, UCLA, MIT, Stanford/NYU

PDF The Horton Protocol, Meng Weng Wong, Mark S. Miller

PDF Improving Usability via Access Decomposition and Policy Refinement, Neal H. Walfield and Marcus Brinkmann

PDF Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines, Joshua LeVasseur, Volkmar Uhlig, Jan Stoess, Stefan Gotz, University of Karlsruhe, Germany

Cross-Referencing Linux, Linux/drivers/net/e1000/

PDF Nooks: An Architecture for Reliable Device Drivers, Michael M. Swift, Steven Martin, Henry M. Levy, and Susan J. Eggers, Department of Computer Science and Engineering, University of Washington, Seattle, WA 98195, USA

PDF Zest: Discussion Mapping for Mailing Lists, Ka-Ping Yee, Group for User Interface Research, University of California, Berkeley

The Checkpoint Mechanism in KeyKOS, Charles R. Landau

PDF Design Evolution of the EROS Single-Level Store, Jonathan S. Shapiro, Systems Research Laboratory, Johns Hopkins University, Jonatham Adams, Distributed Systems Laboratory, University of Pennsylvania

Typing Confluence, Uwe Nestmann, Martin Steffen

PDF Polarized Name Passing, Martin Odersky, Department of Computer Science, University of Karlsruhe

PDF Harmless Pict Library, Matej Kosik, January 8 2007

PDF Password-Capabilities: Their Evolution from the Password-Capability System into Walnut and Beyond, Ronald Pose, School of Computer Science and Software Engineering, Monash University, Clayton, Victoria 3168, Australia

Perimeter Security

An Early Keykos Paper, Dale E. Jordan, March 20, 1972

Structure and Interpretation of Computer Programs

Introduction to KeySAFE, Key Logic

Managing Domains in a Network Operating System. James E. (Jed) Donnelley, Lawrence Livermore National Laboratory, Livermore, California, USA

Internet creation myths, by Les Earnest


Roots of Keykos

An Introduction to Role-Based Access Control, NIST/ITL Bulletin, December 1995

PDF Access Control in a World of Software Diversity. Martin Abadi, Andrew Birrell, and Ted Wobber, University of California, Santa Cruz, Microsoft Research, Silicon Valley

PDF BackH2O. Matej Kosik, January 25 2007

PDF Assessing security threats of looping constructs. Pasquale Malacaria, Dept of Computer Science, Queen Mary, University of London

PDF FragToken: Secure Web Authentication using the Fragment Identifier. Ben Adida, Harvard, 33 Oxford Street, Cambridge, MA 02118, 3 February 2007

PDF Patterns of Safe Collaboration. Alfred Spiessens, February 2007, Faculte' des Sciences Appliquees, Departement d'Ingegnerie Informatique, Universite' catholique de Louvain, Louvain-la-Neuve, Belgium

PDF RECORD HANDLING. C. A. R. Hoare, 29 July 1965.


Dr. Alan Kay on the Meaning of Object-Oriented Programming. E-mail 2003-07-23 and 2003-07-26.

KeyKOS - A Secure, High-Performance Environment for S/370. Key Logic, Inc. 1988.

The Early History of Smalltalk. Alan C. Kay, Apple Computer.

PDF The Birth of Object Orientation: the Simula Languages*. Ole-Johan Dahl, June 2001.

PDF Specification and Design of Component-based Coordination Systems by Integrating Coordination Patterns. Pedro L. Perez-Serrano, Marisol Sanchez-Alonso, QUERCUS Software Engineering Group, Computer Science Department, University of Extremadura, Escuela Politecnica.

PDF Garbage Collection Can Be Faster Than Stack Allocation. Andrew W. Appel, Department of Computer Science, Princeton University, Princeton, NJ 08544. June 30, 1986, Revised Jan 15, 1987. Information Processing Letters 25(4):275-279, 17 June 1987.

Revalidate HTML