Robust Composition Continuing Efforts Mark S Miller reprise by Clive Boulton 12/17 @PWL Seattle, WA 

Multi-party computation Distributed systems Doing business with strangers! Doing business with friends... * Necessary Paranoia * Who has access? 

Apple Root Password Vulnerability The bug meant anyone with physical access to a Mac running High Sierra could get admin access to the machine. https://twitter.com/lemiorh an/status/935581020774 117381 

Allow access to what... 

90% Researchers find current online applications maybe vulnerable to hackers. Ransomware... 

143 million impacted… Equifax appears to have 618 domains, spread across 493 perimeter hosts on ipv4 

Object-capabilities at Splash 2017 

Mark S Miller Mark S. Miller is the main designer of the E and Dr. SES distributed object-capability programming languages, inventor of Miller Columns, a pioneer of agoric (market-based secure distributed) computing, an architect of the Xanadu hypertext publishing system, a representative to the EcmaScript committee, and a senior fellow of the Foresight Institute. https://research.google.com/pubs/author35958.html 

Introduction to robust composition... Objects, References, Messages Object-capabilities (OCaps) Access Abstractions and Compositions Patterns of Safe Cooperation Dimensions & Taxonomy of Electronic Rights Smart Contacts [cheap machines not expensive lawyers] Composing Networks of contracts 

How do I designate thee - The pointer --> count the ways - Two objects Bob points to Carol : By designation Bob Carol 

How do I designate thee - The pointer --> count the ways - By introduction Bob Carol Alice FOO 

How do I designate thee - The pointer --> count the ways - By endowment: Bob already exists, Bobs creates carol, Bob holds interface Bob Carol 

How do I designate thee - The pointer --> count the ways - By endowment: Carol already exists, Alice creates Bob already endowed Bob Carol Alice 

How do I designate thee - The pointer --> count the ways - Nothing exists: Bob comes into existence already points to Carol by initial conditions. Bob Carol 

OCaps: Small step from pure objects 3 restrictions... + Memory safety and encapsulation + Effects only by using held references + No powerful references by default -------------------------------------------------------- Reference Graph === Access Graph Only connectivity begets connectivity OO expressiveness for security patterns (normally thought complex) 

Objects as closures Examples of Dr. SES a variant of JavaScript Function makeCounter ( ) { var count = 0 return { incr: function ( ) { return ++ count:}. decr: function ( ) {return - count:} }); } 

ECMAScript 5 Strict Mode Use strict Objects who can defend their integrity Properly defensive 7 steps of initialization is strict JS === Dr. SES 

strict mode: ECMAScript 2015, ES6 https://devfestseattle.org/ https://github.com/GDGSeattle/h overboard 

No content

Dr. SES - Distributed Resilient Secure EcmaScript Talk presented at the July 2017 TC39 (EcmaScript committee) meeting. https://www.youtube.com/watch?v=YQFPAyCgOlI ES2015 ES6 ES7 lands... OCap 

No content

No content

No content

No content

Frozen Realms API TC39 https://github.com/tc39/proposal-frozen-realms Maximum modularity / least coupling (as close as practical, remove destructive behavior) 

Capabilities-based crypto-commerce... 

What are capabilities? A capability is single thing that both designates a resource and authorizes some kind of access to it. Capabilities solve “The Confused Deputy” problem in Windows, MacOS, and Unix derived OS Linux, Android, etc. A first class move from ACL (access control lists) by closing the loopholes bad actors are exploiting in e-commerce. CB posits smart contract moves to POLA (principle of least authority) . Object capability: Smart contact blockchain capability-based. 

Object-capabilities can provide specific access instead of access control lists. Example: Passport vs Car key. Assume my identity vs grant you access to my car. 

Permission (ACL) or Object-capability (token) 

Pull request 

Doing business with strangers Hard to hold strangers accountable, capabilities-based helps crypto-commerce. http://ward.bay.wiki.org/view/agreeing-with-strangers 

On scaling throughput during an ICO Blockchain meets Object-capability event at Berkeley, CAL via @ecsa_team pic @iC 

Federated Wiki... Ward, does wiki deliberately avoid global locks by design? page Clive, yes, wiki enables collective behavior without any synchronization at the application level" page 

Summary Cryptocurrencies boom makes sense when computer security in operating systems and programming languages were designed for private networks. Yet commerce now operates over public networks. Work scaling blockchain technologies perhaps is proxy for securing crypto-commerce. By addressing process, trust and access. ● Smart contracts can enforce procedures within the company. For example, say, ‘user A can only access X document with approval from user B and C’. ● In respect to trust, it allows companies to ensure that procedures are being executed in compliance with regulation. ● Web developers can implement JavaScript strict-mode now to improve current apps (more object-capabilities slated for ES7). 

More Mark Miller’s thesis and researched links http://clive.tries.fed.wiki/view/presenting-robust-composition Clive Boulton is fostering crypto-commerce… https://www.linkedin.com/in/cliveboulton/ Tweet me at twitter.com/iC