Presenting Robust Composition

Transcript

1. Robust Composition Continuing Efforts Mark S Miller reprise by Clive

   Boulton 12/17 @PWL Seattle, WA

2. Multi-party computation Distributed systems Doing business with strangers! Doing business

   with friends... * Necessary Paranoia * Who has access?

3. Apple Root Password Vulnerability The bug meant anyone with physical

   access to a Mac running High Sierra could get admin access to the machine. https://twitter.com/lemiorh an/status/935581020774 117381

4. Allow access to what...

5. 90% Researchers find current online applications maybe vulnerable to hackers.

   Ransomware...

6. 143 million impacted… Equifax appears to have 618 domains, spread

   across 493 perimeter hosts on ipv4

7. Object-capabilities at Splash 2017

8. Mark S Miller Mark S. Miller is the main designer

   of the E and Dr. SES distributed object-capability programming languages, inventor of Miller Columns, a pioneer of agoric (market-based secure distributed) computing, an architect of the Xanadu hypertext publishing system, a representative to the EcmaScript committee, and a senior fellow of the Foresight Institute. https://research.google.com/pubs/author35958.html

9. Introduction to robust composition... Objects, References, Messages Object-capabilities (OCaps) Access

   Abstractions and Compositions Patterns of Safe Cooperation Dimensions & Taxonomy of Electronic Rights Smart Contacts [cheap machines not expensive lawyers] Composing Networks of contracts

10. How do I designate thee - The pointer --> count

    the ways - Two objects Bob points to Carol : By designation Bob Carol

11. How do I designate thee - The pointer --> count

    the ways - By introduction Bob Carol Alice FOO

12. How do I designate thee - The pointer --> count

    the ways - By endowment: Bob already exists, Bobs creates carol, Bob holds interface Bob Carol

13. How do I designate thee - The pointer --> count

    the ways - By endowment: Carol already exists, Alice creates Bob already endowed Bob Carol Alice

14. How do I designate thee - The pointer --> count

    the ways - Nothing exists: Bob comes into existence already points to Carol by initial conditions. Bob Carol

15. OCaps: Small step from pure objects 3 restrictions... + Memory

    safety and encapsulation + Effects only by using held references + No powerful references by default -------------------------------------------------------- Reference Graph === Access Graph Only connectivity begets connectivity OO expressiveness for security patterns (normally thought complex)

16. Objects as closures Examples of Dr. SES a variant of

    JavaScript Function makeCounter ( ) { var count = 0 return { incr: function ( ) { return ++ count:}. decr: function ( ) {return - count:} }); }

17. ECMAScript 5 Strict Mode Use strict Objects who can defend

    their integrity Properly defensive 7 steps of initialization is strict JS === Dr. SES

18. strict mode: ECMAScript 2015, ES6 https://devfestseattle.org/ https://github.com/GDGSeattle/h overboard

19. None

20. Dr. SES - Distributed Resilient Secure EcmaScript Talk presented at

    the July 2017 TC39 (EcmaScript committee) meeting. https://www.youtube.com/watch?v=YQFPAyCgOlI ES2015 ES6 ES7 lands... OCap
21. None
22. None
23. None
24. None

25. Frozen Realms API TC39 https://github.com/tc39/proposal-frozen-realms Maximum modularity / least coupling

    (as close as practical, remove destructive behavior)

26. Capabilities-based crypto-commerce...

27. What are capabilities? A capability is single thing that both

    designates a resource and authorizes some kind of access to it. Capabilities solve “The Confused Deputy” problem in Windows, MacOS, and Unix derived OS Linux, Android, etc. A first class move from ACL (access control lists) by closing the loopholes bad actors are exploiting in e-commerce. CB posits smart contract moves to POLA (principle of least authority) . Object capability: Smart contact blockchain capability-based.

28. Object-capabilities can provide specific access instead of access control lists.

    Example: Passport vs Car key. Assume my identity vs grant you access to my car.

29. Permission (ACL) or Object-capability (token)

30. Pull request

31. Doing business with strangers Hard to hold strangers accountable, capabilities-based

    helps crypto-commerce. http://ward.bay.wiki.org/view/agreeing-with-strangers

32. On scaling throughput during an ICO Blockchain meets Object-capability event

    at Berkeley, CAL via @ecsa_team pic @iC

33. Federated Wiki... Ward, does wiki deliberately avoid global locks by

    design? page Clive, yes, wiki enables collective behavior without any synchronization at the application level" page

34. Summary Cryptocurrencies boom makes sense when computer security in operating

    systems and programming languages were designed for private networks. Yet commerce now operates over public networks. Work scaling blockchain technologies perhaps is proxy for securing crypto-commerce. By addressing process, trust and access. • Smart contracts can enforce procedures within the company. For example, say, ‘user A can only access X document with approval from user B and C’. • In respect to trust, it allows companies to ensure that procedures are being executed in compliance with regulation. • Web developers can implement JavaScript strict-mode now to improve current apps (more object-capabilities slated for ES7).

35. More Mark Miller’s thesis and researched links http://clive.tries.fed.wiki/view/presenting-robust-composition Clive Boulton

    is fostering crypto-commerce… https://www.linkedin.com/in/cliveboulton/ Tweet me at twitter.com/iC