Connections between Memory Safety and Privacy Confidentiality
Research presented by Clive Boulton based on Mark S. Miller’s original work to Hyperledger Architecture Working Group. We attempted to show how memory safety impacts privacy/confidentiality in Hyperledger Blockchains.
Connections between memory safety and privacy/confidentiality… Hyperledger Blockchains: Architecture Working
Group Clive Boulton Research at CertifiedTrue
Agoric Papers Author of the E object capabilities programming language. PhD: Robust Composition [reprised at PWL] TC39 EcmaScript / Google Research Staff / Caja Author of Dr. SES (distributed resilient secure ecmascript) 2018: TC39 / Agoric: secure smart contracts (https://agoric.com/) Inset diagrams unless noted all Mark S. Miller (generally open source via TC39).
with friends… * Necessary Paranoia * Who has access? http://ward.bay.wiki.org/view/agreeing-with-strangers
triggers a malicious advertisement in Tab 3. When encrypted email is decrypted, Tab 3 learns information about user’s secret key (from cache)
with least authority Memory safe Ocap based languages
(least authority). Extreme modularity (put capabilities into small boxes). Approach taken by mobile apps (iOS / Android). Also package management approach taken by Node (Hyperledger Composer). Miller’s Caja (js sanitizer).
designates a resource and authorizes some kind of access to it. A first class move from ACL (access control lists) by closing the loopholes bad actors are exploiting in e-commerce. Capabilities solve “The Confused Deputy” problem in Windows, MacOS, and Unix derived OS Linux, Android, etc.
access to Carol, as needed for foo ➢ Memory-safe encapsulated objects Protect objects from their outside world ➢ OCaps: Causality only by references No powerful references by default Protect world from objects ➢ Reference graph === Access graph Deny authority by withholding connectivity
‘strict mode’ Objects who can defend their integrity Properly defensive 7 steps of initialization is strict JS === Dr. SES SES: runs atop an ES6-compliant platform, enabling safe interaction of mutually-suspicious code, using object-capability -style programming. https://github.com/Agoric/SES
safe Ocap based languages