Desktops to Donuts: Object Caps Across Scales
description
Transcript of Desktops to Donuts: Object Caps Across Scales
![Page 1: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/1.jpg)
© 2004 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
Desktops to Donuts: Object Caps Across Scales
Marc StieglerVisiting Scholar, HP
![Page 2: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/2.jpg)
April 22, 2023 2
Object Caps Crossing Scales• Bundle Authority with Designation to
achieve easy to use secure systems, from the object to the ecosystem:
• Programming Objects: Sash in Emily−Security is an emergent property of OO design
• Desktop: Polaris, CapDesk• DarpaBrowser: Across the network• DonutLab: Full ecosystem• 2 Views:−User View−Powerbox
![Page 3: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/3.jpg)
April 22, 2023 3
Safe Bash Commands in Emily: Sash• Safe Bash Commands powerbox− “-filepath” ->readOnly file reference− “+filename” -> read/write file reference− “*auth” -> special power
• *time -> read clock− Stdin conveyed by default− Forgery-resistant stdout conveyed by default (limits phishing)
• User View− sashcp -f1.txt +f2.txt− sashls -dir1− sashdeck 4000 *time
![Page 4: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/4.jpg)
April 22, 2023 4
Sash Powerboxopen SashInterfacelet authsCount = Array.length Sys.argv - 1 inlet auths = Array.make authsCount (Str "") infor i = 1 to authsCount do
let arg = Sys.argv.(i) in let argUnprefixed = String.sub arg 1 (String.length arg - 1) in auths.(i-1) <- (match arg.[0] with
'-' -> FileArg (SysFile.make argUnprefixed File.ReadOnly)
| '+' -> FileArg (SysFile.make argUnprefixed File.Editable)| '*' -> if argUnprefixed = "time" then
Auth Unix.time else raise (Invalid_argument "bad * request")
| _ -> Str arg)done;let commandName = Sys.argv.( 0) inlet userOut message =
print_string ("Command " ^ commandName ^ ": " ^ message ^ "\n") inCapMain.start stdin userOut (Array.to_list auths);
![Page 5: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/5.jpg)
April 22, 2023 5
Sashcp
open SashInterface let start userIn userOut authlist =
match authlist with | FileArg fromFile :: FileArg outFile :: [] ->
outFile.File.setText(fromFile.File.getText())| _ -> userOut "To use sashcp, an input file is required"
![Page 6: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/6.jpg)
April 22, 2023 6
SashDeck Layout
Powerbox(Full User Auth)
CapMain(Stdin,
userOut,read-clock)
Deck(No Auth)
PseudoRandGen(NoAuth)
•The beginnings of defense in depth•Rapid authority attenuation•Fractal Authority Delegation
![Page 7: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/7.jpg)
April 22, 2023 7
Mini-Benchmark
Language Time (sec)
MSVS C++ 52Emily* 54GCJ Java 98
Card Deck Table Shuffle: 5000 decks, 5000 shuffles per deck, 2Ghz Pentium, WinXP, 1GB RAM
*Emily using the MSVS C++ compiler as backend
![Page 8: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/8.jpg)
April 22, 2023 8
CapDesk Demo• User View
![Page 9: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/9.jpg)
April 22, 2023 9
CapDesk Powerbox
CapDeskKernel
CapDeskFile
Explorer
CapDeskPowerbox 1 User
DocClick
CapDeskPowerbox 2
InitialFileAuthsRequestForOpenDialogRequestForSaveAsmakeDropTargetmakeDragSourceRequestToLaunchSeparatelyReadAppResourcesEndowmentsPetWindowMaker
CapEdit
![Page 10: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/10.jpg)
April 22, 2023 10
DarpaBrowser Demo• User View
![Page 11: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/11.jpg)
April 22, 2023 11
DarpaBrowser Powerbox
BrowserFrame User
LinkClick
RendererPowerbox
RenderPanelDOMTreeRequestPageJumpListEmbededs InStreams
Renderer
![Page 12: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/12.jpg)
April 22, 2023 12
DarpaBrowser Part 2
![Page 13: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/13.jpg)
April 22, 2023 13
DarpaBrowser + Object Cap Lang• More powerful than AJAX• In demo, launch Browser from File Explorer• With POLA modularity, just as easy and secure
to launch File Explorer from Browser−Browser as desktop−Desktop as file browser app
• A new twist on desktop metaphor variations:−Emacs: text editor as desktop−Smalltalk: IDE as desktop−Mac: File Explorer as desktop−Has the time finally come for the browser as
desktop?
![Page 14: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/14.jpg)
April 22, 2023 14
Why Has the Browser Not Taken Over?• The Impossible Choice of Full Authority or
Puny Authority• Like Users faced with a Security Dialog Box
(surrender all control, or do not get work done), programmers have had no good choices
• The tradeoff is obsolete• Do not fight with one hand tied behind your
back• Break forth!
![Page 15: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/15.jpg)
April 22, 2023 15
Conclusions• Object-caps enable easy to use, easy to
understand, secure cooperation at many scales
• The ability to cooperate securely is the ability to cooperate on more projects with more people−Cooperation without security fails tragically at
large scale (wikipedia)• What can object-caps do for you?
![Page 16: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/16.jpg)
April 22, 2023 16
Backup Slides
![Page 17: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/17.jpg)
April 22, 2023 17
DonutLab
![Page 18: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/18.jpg)
April 22, 2023 18
Basic Layout and Operation
Kiosk
KioskDoughBot
Server
Server
ServerServer
Mint
DoughBitDoughBit
DoughBit
DoughBit
DoughChanger
“Membership”
FirewallSensitive
AssetsSensitive
Assets SensitiveAssets
SensitiveAssets
![Page 19: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/19.jpg)
April 22, 2023 19
Interesting Features• Full Decentralization−No PlanetLab Central−No DNS “Root Server”
• Agoric Resource allocation−No Sustainable DDOS attacks
• Persistence−What goes down must come up
• Secure Cooperation−Servers Behind Firewalls
• Ease of Use−No passwords or certificates, 1 hour HelloWorld
(MSRP, PlanetLab SpamBot Account: $21,600)
![Page 20: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/20.jpg)
April 22, 2023 20
SliverServer Powerbox
SliverServer
AppOwner
DonutAppPowerbox selfPersistRevocableForwarders
DonutApp
Other Authorities
![Page 21: Desktops to Donuts: Object Caps Across Scales](https://reader036.fdocuments.in/reader036/viewer/2022062814/56816837550346895dddfc1c/html5/thumbnails/21.jpg)
April 22, 2023 21
Object-Cap Security Review, A Taste