Secure Distributed Programming with Object-Capabilities in JavaScript

This is talk 1/2 in a Lecture Series on Web Security by Google Research Scientist Mark S. Miller. It took place on October 6th at the Vrije Universiteit Brussel in Brussels, Belgium. Full details at: http://mobicrant-talks.eventbrite.com

Abstract:
Until now, browser-based security has been hell. The object-capability (ocap) model provides a simple and expressive alternative. Google's Caja project uses the latest JavaScript standard, EcmaScript 5, to support fine-grained safe mobile code, solving the secure mashup problem. Dr. SES -- Distributed Resilient Secure EcmaScript -- extends the ocap model cryptographically over the network, enabling RESTful composition of mutually suspicious web services. We show how to apply the expressiveness of object programming to the expression of security patterns, solving security problems normally thought to be difficult with simple elegant programs.

Slides:
http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf