Description
Most software we write has the ability to do essentially anything: open sockets, spawn processes, perform long blocking computation, read arbitrary objects in memory, et cetera. Most tools for limiting what applications can do are opt-in; many of them are complex to use. This has important security implications; software can often be tricked into abusing those privileges that it didn’t really even need to have to begin with. The object-capability model is an alternative security model that reasons about capabilities as first-class objects. In this talk, we’ll explore what object-capability security is, why we’re not all using it already, how we can leverage the ideas in it to materially improve the security of the projects we maintain today and start tomorrow.