awesome-ocap
Awesome Object Capabilities and Capability Security
https://github.com/dckc/awesome-ocap
Last synced: 19 days ago
JSON representation
-
Applications and Services
- Cloudflare Workers
- Sandstorm - hosted web
- App Market
- Announcing the release of vagrant\-spk 1\.0
- Reviving Sandstorm \- Sandstorm Blog
- connecting to external HTTP APIs via the Powerbox
- v1.19.0 released
- Why Workers environment variables contain live objects
- Dynamic Process Isolation: Research by Cloudflare and TU Graz
- Durable Objects: Easy, Fast, Correct — Choose three
- Mitigating Spectre and Other Security Threats: The Cloudflare Workers Security Model
- Sandstorm - hosted web
- Sandstorm now belongs to Sandstorm.org
- Sandstorm, Tempest, and the Future
- Tahoe-LAFS
- new work on a Haskell client implementation
- Tahoe-LAFS Summit at PyCon2020
-
Operating Systems
- Capsicum
- seL4 enforces integrity
- genode
- Genode \- Sculpt OS release 23.10
- Genode OS Framework release 21.08 - Reform"
- Genode OS Framework 20.05 - based security using seccomp on Linux](https://genode.org/documentation/release-notes/20.05#Capability-based_security_using_seccomp_on_Linux), ...
- MNT Reform \- The Campaign is Live
- Sculpt OS release 20.02
- Genode OS Framework release 20.02
- Road Map for 2020
- Genode OS Framework Foundations - foundations-19-05.pdf))
- Fuchsia
- Zircon
- cr0 blog: A few thoughts on Fuchsia security
- Playing Around With The Fuchsia Operating System - [Quarkslab's blog](https://blog.quarkslab.com/index.html)
- Google’s “Fuchsia” smartphone OS dumps Linux, has a wild new UI
- seL4
- seL4 Summit 2022 - 13 Oct 2022
- 2022-10: 4th seL4 Summit
- demo video
- Ghost Raises $100M for Breakthrough in Autonomous Driving Safety
- The seL4® Microkernel An Introduction
- seL4 developers create open source foundation to enable safer, more secure and more reliable computing systems \- CSIRO
- Getting started with seL4, CAmkES, and L4v: Dependencies
- seL4 on the Raspberry Pi 3
- FreeBSD Journal: Security
- Capsicum Go support
- Capsicum for FreeBSD
- Capsicum for Linux
- 2013 Capsicum year in review
- Announcing KataOS and Sparrow \| Google Open Source Blog
- seL4 protects world's most secure drone from DEFCON hackers
- seL4 Summit 2022 - 13 Oct 2022
- FreeBSD Journal: Security
-
Libraries and Frameworks
- Higher\-order Smart Contracts across Chains - Mark Miller
- SES - party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. SES runs atop an ES6-compliant platform, enabling safe interaction of mutually-suspicious code, using object-capability-style programming. See https://github.com/Agoric/Jessie to see how SES fits into the various flavors of confined JavaScript execution. And visit https://ses-demo.agoric.app/demos/ for a demo. "
- SF Cryptocurrency Devs: Agoric \- Programming Secure Smart Contracts
- Agoric Releases SES: Secure JavaScript
- Distributed Resilient Secure ECMAScript (Dr. SES)
- Waterken
- fun with Capper and OFX financial transaction fetching - talk
- The Attacker is Inside: Javascript Supplychain Security and LavaMoat
- Cap'n Proto: Cap'n Proto 0\.8: Streaming flow control, HTTP\-over\-RPC, fibers, etc\.
- Spritely
- NLnet grant bootstraps OCapN protocol standardization effort
- Content Addressed Descriptors and Interfaces with Spritely Goblins paper
- Spritely's NLNet grant: Interface Discovery for Distributed Systems \-\- DustyCloud Brainstorms
- COAST
- Motile: Reflecting an Architectural Style in a Mobile Code Language.
- Shill
- guide to capabilities
- Presentation at Scaladays
- Using Capabilities to Design Safer, More Expressive APIs
- Release v2\.18\.0 · capnproto/go\-capnproto2
- Capper
- Making 'npm install' Safe \- QCon New York - chain risks.
- Making 'npm install' Safe \- QCon New York - chain risks.
- Higher\-order Smart Contracts across Chains - Mark Miller
- The Attacker is Inside: Javascript Supplychain Security and LavaMoat
- Speakeasy JS – Lavamoat: Securing your dependency graph \(Kumavis\)
- Cap’n Proto
- Release v1\.0\.0 · bytecodealliance/cap\-std
- Release capnpc\-v0\.15\.0 · capnproto/capnproto\-rust
- Introducing workerd: the Open Source Workers runtime
- COASTmed: software architectures for delivering customizable, policy-based differential web services.
- The Syndicated Actor Model
- ocaps
- capnproto/capnproto\-rust: Cap'n Proto for Rust
- The Syndicated Actor Model
- cloudflare/workerd: The JavaScript / Wasm runtime that powers Cloudflare Workers
- Release v1\.20250108\.0 · cloudflare/workerd
- Hardened JavaScript
- SES 1.9.0 introduces immutable ArrayBuffers
- Decentralizing the wallet experience with MetaMask Snaps
- LavaMoat/LavaMoat: tools for sandboxing your dependency graph
- Release lavamoat: v9.0.5
- The Syndicated Actor Model
- Moddable SDK - "Tools for developers to create truly open IoT products using standard JavaScript on low cost microcontrollers."
- Release Moddable SDK 5.3.3
- Spritely Goblins - "distributed object programming environment. Goblins provides an intuitive security model, automatic local transactions for locally synchronous operations, and an easy to use and efficient asynchronous programming interface for encapsulated objects which can live anywhere on the network. Its networking model abstracts away these details so the programmer can focus on object programming rather than protocol architecture."
- Our first office hours: A recap (and how to join the next one) — Spritely Institute
- Announcing the Pre-Scheme Restoration — Pre-Scheme
- Spritely Goblins v0\.14\.0: libp2p and Improved Persistence — Spritely Institute
- Distributed System Daemons: More Than a Twinkle in Goblins' Eye — Spritely Institute - capability operating system!"
- Shill
-
Programming Languages
- ponylang
- Austral - a systems language with linear types and capability security
- Release 0\.1\.0: Core language complete
- Newspeak - capability programming platform that lets you develop code in your web browser. Like Self, Newspeak is message-based; all names are dynamically bound. However, like Smalltalk, Newspeak uses classes rather than prototypes.
- Gilad Bracha: Newspeak on the Web
- Live IDEs in the Web Browser: What's Holding Us Back
- Monte
- montelang
- Monte: A Spiritual Successor to E
- Cadence
-
CPUs
- CHERI
- An Introduction to CHERI
- Arm releases experimental CHERI-enabled Morello board as part of £187M UKRI Digital Security by Design programme - grained memory protection and scalable software compartmentalisation — both important software vulnerability mitigation techniques that are not well supported on current processor architectures. ... memory-safe C compilation and linkage ...
- The Arm Morello Board - extended, multicore, superscalar ARMv8-A processor, System-on-Chip (SoC), and prototype board to be available from late 2021. Morello is a part of the UKRI £187M Digital Security by Design Challenge (DSbD) supported by the UK Industrial Strategy Challenge Fund, including a commitment of over £50M commitment by Arm.
-
Presentations, Talks, Slides, and Videos
- Attested TEEs for Transactional Workloads - cases in finance, healthcare, and government. Gapfruit TEE embodies a microkernel operating system with capability-based security._
- Delegation: The Missing Piece of Authorization
- CloudABI - Pure capability-based security for UNIX
- Secure Distributed Programming with Object-capabilities in JavaScript
- Oct 2011 video
- Bringing Object-orientation to Security Programming
- Nov 2011 video
- Belay Demo
- Passwords or Webkeys: Which is More Secure?
- Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense.
- Security in Scala: Refined Types and Object Capabilities
- The Lazy Programmer's Guide to Secure Computing
- From Desktops to Donuts: Object\-Caps Across Scales
- A PictureBook of Secure Cooperation
- Immunity from Viruses, Safety from Geeks Bearing Gifts
- Designing with Capabilities - Scott Wlaschin at Domain-Driven Design Europe Conference
- Learn Object Capabilities - parts-javascript-web/). _Using the principle of least authority, Doug explains how the “actor model” can be applied to object oriented programming to create more secure software. He calls this application Object Capabilities._
-
Articles
-
Peer-reviewed Articles
- Usable Security and Capabilities
- Reasoning about Object Capabilities with Logical Relations and Effect Parametricity
- Object capabilities and isolation of untrusted web applications.
- slide presentation
- Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense.
- Web-key: Mashing with permission
- Concurrency among strangers.
-
- POLA Would Have Prevented the Event-Stream Incident
- What Are Capabilities?
- Hacker News discussion Jan 7, 2018
- Objects as Secure Capabilities
- Blogging about Midori
- Not One Click for Security - 2009-53 _Conventional wisdom holds that security must negatively affect usability. We have developed SCoopFS (Simple Cooperative File Sharing) as a demonstration that need not be so. SCoopFS addresses the problem of sharing files, both with others and with ourselves across machines. Although SCoopFS provides server authentication, client authorization, and end-to-end encryption, the user never sees any of that. The user interface and underlying infrastructure are designed so that normal user acts of designation provide all the information needed to make the desired security decisions. While SCoopFS is a useful tool, it may be more important as a demonstration of the usability that comes from designing the infrastructure and user interaction together._
- ACLs don't
- DarpaBrowser: Final Report
-
-
Uncategorized
Programming Languages
Categories
Sub Categories