Abstract
I’m going to talk about putting capabilities into scripting languages. The reason that you might want to put capabilities into a scripting language is because it would be good if we could get a script from any old place and run it without being worried that it was going to do something nasty to us, and more than that, we would like the script to do things that were actually useful, to read and write files, and make network connections, and all the things that we expect programs to be able to do, but only exactly what we want it to do.
Now there are these things called capabilities, which nobody likes anymore, that let you do this. So what do I mean by a capability? It’s a word that’s used by lots of people to mean lots of different things. Linux has things it calls capabilities which are actually a kind of fine-grained access control. Java has things that it calls capabilities which are actually another kind of fine grained access control, i.e. they are things that if you hold them you can do something, like open this particular file, or send to the printer, or whatever. In order to distinguish these capabilities, people who talk about them these days have started calling them object capabilities, which means that you can think about them as standard object oriented gadgets which are objects in an object oriented language that you cannot look inside, so they’re opaque, and that you can’t get a reference to unless you’re given it, and the general way in which you use them is that you pass them around as parameters, any function can only use the capabilities which it has been passed, or which are within data structures it already owns, functions and models as functions on objects in general, so they usually have a single capability which they can look inside, and they’re the only people who can look inside that capability. And if you write your program right, capabilities correspond to things like read a particular file, write to a particular socket, give me money, that kind of thing. Give me money obviously would be a more general distributed kind of capability, not just within a particular program, so would be represented by bits on the wire as well as a capability in the program.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Laurie, B. (2007). Safer Scripting Through Precompilation. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2005. Lecture Notes in Computer Science, vol 4631. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77156-2_36
Download citation
DOI: https://doi.org/10.1007/978-3-540-77156-2_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77155-5
Online ISBN: 978-3-540-77156-2
eBook Packages: Computer ScienceComputer Science (R0)