Delegating Responsibility in Digital Systems: Horton's "Who Done It?"

Programs do good things, but also do bad, making software security more than a fad. The authority of programs, we do need to tame. But bad things still happen. Who do we blame? From the very beginnings of access control: Should we be safe by construction, or should we patrol? Horton shows how, in an elegant way, we can simply do both, and so save the day.

[1]  Alan H. Karp,et al.  The Client Utility Architecture: The Precursor to E-speak , 2001 .

[2]  Martín Abadi,et al.  Secure network objects , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[3]  Paul A. Karger,et al.  An Augmented Capability Architecture to Support Lattice Security and Traceability of Access , 1984, 1984 IEEE Symposium on Security and Privacy.

[4]  David A. Wagner,et al.  A Security Analysis of the Combex DarpaBrowser Architecture , 2002 .

[5]  David D. Redell,et al.  NAMING AND PROTECTION IN EXTENDABLE OPERATING SYSTEMS , 1974 .

[6]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[7]  Alan H. Karp,et al.  Polaris: virus-safe computing for Windows XP , 2006, CACM.

[8]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[9]  James E. Donnelley A Distributed Capability Computing System (DCCS) , 1976, ICCC.

[10]  Mark S. Miller,et al.  Robust composition: towards a unified approach to access control and concurrency control , 2006 .

[11]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[12]  Ka-Ping Yee Firefighters and engineers , 2006, INTR.

[13]  Martín Abadi Protection in Programming-Language Translations: Mobile Object Systems (Abstract) , 1998, ECOOP Workshops.

[14]  Sam Weber,et al.  Verifying the EROS confinement mechanism , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[15]  Fred Spiessens,et al.  Patterns of safe collaboration , 2007 .

[16]  Mark S. Miller,et al.  Capability Myths Demolished , 2003 .

[17]  Richard F. Rashid,et al.  Extending a capability based system into a network environment , 1986, SIGCOMM '86.

[18]  Shirley Dex,et al.  JR 旅客販売総合システム(マルス)における運用及び管理について , 1991 .