Tradeoffs in Retrofitting Security: An Experience Report

Mark S. Miller, Google

In 1973, John Reynold's and James Morris' Gedanken Language retrofit object-capability security into an Algol-like base language. Today, there are active projects retrofitting Java, Javascript, Python, Mozart/Oz, OCaml, Perl, and Pict. These represent a variety of approaches, with different tradeoffs regarding legacy compatibility, safety, and expressivity. In this talk I propose a taxonomy of these approaches, and discuss some of the lessons learned to date.


Mark S. Miller is a research scientist at Google, open source coordinator for the E secure distributed programming language, co-creator of the agoric paradigm of market-based computing, and an architect of the Xanadu hypertext publishing system.

4 Dec (Tuesday) at 1630 hrs

Gates 4B (opposite 490)