The principle of least authority states that each component of a software system must have only the authority necessary for its execution and nothing else. This principle is a cornerstone of the security of software applications, but it is difficult to enforce in practice. Current programming languages, as well as non-linguistic approaches, do not provide adequate control over the authority of untrusted modules [1, 5]. To fill this gap, we designed and implemented a capability-based module system that facilitates controlling the security capabilities of software modules [2]. Furthermore, we are currently working on augmenting our module system with an effect system to make our design authority-safe. Our approach simplifies the process of ensuring that a software system maintains the principle of least authority, and also allows for attenuation of module authority [3]. Our design is implemented as part of the Wyvern programming language [4].
[1]
Jonathan Aldrich,et al.
A Capability-Based Module System for Authority Control
,
2017,
ECOOP.
[2]
Michael Maass,et al.
A Theory and Tools for Applying Sandboxes Effectively
,
2016
.
[3]
Mark S. Miller,et al.
Robust composition: towards a unified approach to access control and concurrency control
,
2006
.
[4]
Benjamin Chung,et al.
Wyvern: a simple, typed, and pure object-oriented language
,
2013
.
[5]
Christian Payne,et al.
The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls
,
2013,
Comput. Secur..