Presenting Robust Composition

Papers We Love.

Clive Boulton presents "Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control" at Papers We Love Seattle 12/7 event

I plan to build on Caitie McCaffrey‏'s Distributed Programming in Argus talk to show how Miller's work ties to smart contracts via triple entry accounting. page

Here's links to more of what I got out of Mark Miller's thesis page

Speakerdeck presented by Clive at PWL 12/7 page

# Organization of this Dissertation. # Approach and Contribution - Unattenuated Composition - Attenuating Authority - Distributed Access Control - Distributed Concurrency Control - Promise Pipelining - Delivering Messages in E-ORDER - Emergent Robustness

# The Software Composition Problem Fragile Composition - Excess Authority: The Gateway to Abuse - How Much Authority is Adequate? - Shared-State Concurrency is Difficult - Why a Unified Approach? - Notes on Related Work on Designation # Triple Entry Accounting by Ian Grigg page Programs as Plans - Using Objects to Organize Assumptions - Decomposition - Encapsulation - Abstraction - Composition - Notes on Related Work

# Forms of Robustness - Vulnerability Relationships - Platform Risk - Conventional Correctness - Cooperative Correctness - Defensive Correctness - Defensive Consistency - A Practical Standard for Defensive Programming - Notes on Related Work # The Locker Problem page

# A Taste of E - From Functions to Objects - Lambda Abstraction - Adding Message Dispatch - Adding Side Effects - Composites and Facets - Soft Type Checking - Notes on Related Work # Computer Security As Future Of Law page

# A Taste of Pluribus - Pointer Safety - Distributed Objects - Distributed Pointer Safety - Bootstrapping Initial Connectivity - No Central Points of Failure - Notes on Related Work

# II Access Control - Bounding Access Rights - Permission and Authority - Notes on Related Work # The Object-Capability Paradigm - The Object-Capability Model - Reference Graph Dynamics - Connectivity by Initial Conditions - Connectivity by Parenthood - Connectivity by Endowment - Connectivity by Introduction - Only Connectivity Begets Connectivity - Selective Revocation: Redell's Caretaker Pattern - Analysis and Blind Spots - Access Abstraction - Notes on Related Work # Caja page

The Loader: Turning Code Into Behavior - Closed Creation is Adequate - Open Creation is Adequate - Loader Isolation - Notes on Related Work # Introduction to capability-based security by Marc Stiegler page Confinement - A Non-Discretionary Model - The *-Properties - The Arena and Terms of Entry - Composing Access Policies - The Limits of Decentralized Access Control. - Implications for Confinement - Implications for the *-Properties - Implications for Revocation - Notes on Related Work Summary of Access Control

# III Concurrency Control Interleaving Hazards - Sequential Interleaving Hazards - Why Not Shared-State Concurrency? - Preserving Consistency - Race Conditions - Notes on Related Work # How money is a factorial of secure coding page

# Two Ways to Postpone Plans The Vat - Communicating Event-Loops - Issues with Event-loops - Notes on Related Work Protection from Misbehavior - Can't Just Avoid Threads by Convention - Reify Distinctions in Authority as Distinct Objects - Notes on Related Work Promise Pipelining - Promises - Pipelining - Datalock - Explicit Promises - Broken Promise Contagion - Notes on Related Work Partial Failure - Handling Loss of a Provider - Handling Loss of a Client - Offline Capabilities - Persistence - Notes on Related Work The When-Catch Expression - Eventual Control Flow - Manual Continuation-Passing Style - Notes on Related Work - Delivering Messages in E-ORDER - E-ORDER Includes Fail-Stop FIFO - FIFO is Too Weak - Forks in E-ORDER - CAUSAL Order is Too Strong - Joins in E-ORDER - Fairness - Notes on Related Work

# IV Emergent Robustness Composing Complex Systems - The Fractal Locality of Knowledge The Fractal Nature of Authority - Human-Granularity POLA in an Organization. - Application-Granularity POLA on the Desktop - Module-Granularity POLA Within a Caplet - Object-Granularity POLA - Object-Capability Discipline - Notes on Related Work # POLA by Marc Stiegler page Macro Patterns of Robustness - Nested Platforms Follow the Spawning Tree. - Subcontracting Forms Dynamic Networks of Authority - Legacy Limits POLA, But Can be Managed Incrementally - Nested POLA Multiplicatively Reduces Attack Surface - Let \Knows About" Shape \Access To" - Notes on Related Work

# V Related Work From Objects to Actors and Back Again - Objects - Actors - Vulcan - Joule - Promise Pipelining in Udanax Gold - Original-E - From Original-E to E Related Languages - Gedanken - Erlang - Argus - W7 - J-Kernel - Emerald - Secure Network Objects # Frozen Realms API page Other Related Work - Group Membership - Croquette and TeaTime - DCCS - Amoeba - Secure Distributed Mach - Client Utility - Work Influenced by E - The Web-Calculus - Twisted Python - Oz-E - SCOLL - Joe-E - Emily - Subjects - Tweak Islands # Talk at TC-39 on ECMAScript (JS) page

# Conclusions and Future Work - Contributions - Future Work - Continuing Efforts # Dr. SES page - Bibliography - Vita # PhD Defense PPT page

.