Agoric / Talks

An introduction to hardened JavaScript, which makes eval safe.

No description provided.

This is a recorded reprise of the presentation Kris Kowal gave at ECMA TC39 on July 19, 2022, revealing a new layering of the Compartments proposal (stage 1) that aligns each of those layers with different motivating cases and provides a coherent framework for module proposals going forward.

This is the inaugural talk in F5 Public Tech Talk series.

Abstract

Complexity is the enemy of security. The conventional approach takes systems that are already too complicated and "secures" them by adding even more mechanisms. Rather than provide a model of secure computation, these "security" mechanisms are bolted on to computation that occurs by other means, requiring programmers to program in two unrelated paradigms simultaneously. The resulting "security" has failures of excess authority, ambient authority, co-mingled authority, and insufficient expressiveness. There is a better way.

In 2007 we started with JavaScript, a famously complicated, messy, and irregular language, and added "subtractive" enablers --- like Object.freeze and strict mode --- for turning off some of JavaScript's worst mis-features. We use these enablers to create Hardened JavaScript (aka SES), an enforced object-capability secure subset of JavaScript, supporting flexible, expressive, compositional, and fine-grain security. Hardened JavaScript turns off so little of JavaScript that a tremendous amount of existing JavaScript code, not written to run under Hardened JavaScript, nevertheless does so successfully.

If you are uninterested in JavaScript, consider it merely an example. Learn from our success. The lessons generalize well to other systems.

Speaker Bio

Mark S. Miller is a pioneer of agoric (market-based secure distributed) computing and smart contracts, the main designer of the E and Dr. SES distributed persistent object-capability programming languages, inventor of Miller Columns, an architect of the Xanadu hypertext publishing system, a representative to the EcmaScript committee, a former Google research scientist and member of the WebAssembly (Wasm) group, and a senior fellow of the Foresight Institute.

Learn more about the DeFi ecosystem

No description provided.

This is the “Kris Cut” of his presentation to “Web Directions: Safe”

Jazear Brooks of Sifchain + Mark S. Miller of Agoric.
Original Crowdcast at https://www.crowdcast.io/e/sifchain--agoric-seminar with crowd chat comments.

Rowland Graus of Agoric walks you through setting up your wallet to interact with the Agoric beta. These steps will use Docker Compose and Visual Studio Code to get you started.

On 15/03/2021, Mark S. Miller gave a lecture about SES (Secure EcmaScript) during a JavaScript Israel virtual Meetup.

Abstract:
Use SES (Secure EcmaScript) to run third-party JavaScript code safely inside featherweight compartments.
SES is a TC39 proposal, a shim used in production, a standalone implementation for embedded systems as specified by TC53, and a language for writing blockchain-based smart contracts.
SES enforces that subsequent code stays within object-capability security rules. Reduce supply chain risk by giving each package the least authority it needs to do its legitimate job.
Experience at Google, Salesforce, Agoric, MetaMask, Cosmos, Moddable, and Node confirm that much existing JavaScript code, not written to run under SES, nevertheless runs compatibly under SES within these security constraints.

Event Page: https://www.meetup.com/JavaScript-Israel/events/276415412/

Thanks to our Gold sponsors : Trax

Join the group:
http://www.meetup.com/JavaScript-Israel

Inter-Blockchain Communication (IBC) has launched with the Cosmos Stargate upgrade on February 18th at 7AM UTC. This is exciting news for the Agoric economy, which is built on Agoric’s Layer-1 chain and connected to Cosmos zones and other networks like Ethereum via the same IBC protocol.

For developers leveraging Agoric’s fast building environment, the launch of IBC is one of many powerful tools to use in your lending dapp, automated market maker, or project of choice. Here’s to building the future of DeFI 🍻

Agoric's Dean Tribble (CEO) and Rowland Graus (Product Lead) met with Gavin Birch and Clayton Menzel of Figment Networks to discuss Agoric's fast, familiar, and secure smart contract platform for DeFi.

At Agoric we believe that current DeFi systems are limited in their functionality. Poor performance, developer experience, and economic design hinder the ultimate growth of the burgeoning blockchain ecosystem.

Join us as we discuss how we're working on those critical issues!

No description provided.

Rowland Graus from Agoric shows how developers can quickly bring wrapped Ethereum (WETH) to the Agoric ecosystem to create a vault, mint the stable local currency, and utilize that new currency in Agoric's AMM.

Mark S. Miller invited mystery talk, December 10, 2020

https://www.youtube.com/watch?v=g28yRvHKIgc&list=PLzDw4TTug5O0ywHrOz4VevVTYr6Kj_KtW is an extended form of this talk presented at UC Santa Cruz.

Our civilization today rests on infrastructure that is not only insecure, but insecurable.We cannot eliminate risk, but we can be vastly safer. Qualitative arguments have been made for various security architectures, but without any overall framework for comparing them as alternatives or as complements. We present a visualization of the attack surface as a way to reason about aggregate risk, and show how the composition of several techniques --- blockchains, object-capability languages, patterns, protocols, user interfaces, and smart contracts --- can produce a multiplicative decrease in risk without loss of functionality.

Dive into DeFi on the Agoric smart contract platform. We will walk you through building an “over-the-counter” market maker. The example introduces the key concepts of safe smart contracts on Agoric, and shows how to combine DeFi legos to rapidly produce a new DeFi dapp.

HOST
Kate Sills – Software Engineer, Agoric

ABOUT COSMOS
Cosmos is an open, distributed network of interoperable blockchains powered by the Tendermint consensus algorithm.

LINKS
https://cosmos.network/
https://tendermint.com/
https://interchain.io/

Subscribe to the channel to learn more about Cosmos. Join the newsletter by visiting https://cosmos.network and hitting the subscribe button. Finally, read what it's all about at https://blog.cosmos.network/

Dean Tribble, Co-Founder of Agoric explains how Agoric's safer smart contracts secure more value for blockchain and DeFi for the long term. Dean's delightful presentation segways into an AMA.

Chainlink’s Smart Contract Summit (#SmartCon) featured 70+ talks, panels, workshops, and AMAs with CEOs, CTOs, founders, and builders. Over 8,000 attendees from 100+ countries and all 7 continents watched 130+ speakers come together to discuss cutting edge research, current market trends, and the issues driving decentralized technology adoption.

SmartCon #0 ran August 28-29, 2020.

Chainlink is a decentralized oracle network that enables on-chain smart contracts to securely access off-chain data feeds, web APIs, traditional bank payment data, and more. Chainlink provides highly secure and reliable oracles to large enterprises (Google, Oracle, and SWIFT) and leading smart contract development teams working on Bitcoin, Polkadot/Substrate, Synthetix, Aave, and many others.

Learn more about Chainlink:
Website https://chain.link
Twitter https://twitter.com/chainlink
Telegram https://t.me/chainlinkofficial

If you’re a developer, make use of our documentation https://docs.chain.link and join the technical discussion on Discord https://discordapp.com/invite/aSK4zew

This demo shows using two separate blockchains connected via Agoric's dynamic #IBC to convey #ocap object messages between them.

https://agoric.com for more context.

See https://github.com/Agoric/agoric-sdk/issues/259 for the demo script we followed.

Dean Tribble, CEO of Agoric, presents "Innovations for Interoperability Using Agoric Tools" to the Blockchain in Transporation Alliance (BiTA) membership.

Transferring digital assets cross-chain is a challenge that is difficult to navigate. Agoric is working to address this challenge and provide tools for developers to build dApps that transact and interact cross-chain. To BiTA membership, Dean poses the question, "What will interoperability help you build?"

Learn more in this talk, visit our docs, and feel free to share what you want to build.

https://agoric.com/documentation/
https://twitter.com/agoric

ABOUT
Build Fast, Earn Fast - Agoric enables developers to rapidly deploy dapps and DeFi markets on-chain using composable JavaScript smart contracts. Safely get your project from vision to global market.

LINKS
https://agoric.com
https://agoric.com/twitter
https://agoric.com/discord
https://agoric.com/telegram
https://agoric.com/newsletter

Click the 'SUBSCRIBE' button to follow our Youtube channel!

Learn about how the proposed IBC standard provides the foundation for a new token economy, permitting anyone around the world to accomplish quick and secure exchanges.

Dean Tribble and Jack Zampolin introduced the concepts of Inter-Blockchain Communication protocol (IBC) and Dynamic IBC, and showed how to use them. They demoed how simple modification to a smart contract in JavaScript could let clients reach it from other chains with the IBC relayer. The contract was further modified and redeployed, showing how dIBC could help with rapid innovation for cross-chain collaboration.

*There will be an updated version of this video which will include the chat from Ready Layer One live stream.

🛠Learn more about IBC: https://cosmos.network/ibc
📚Agoric blog post on dIBC: https://medium.com/agoric/the-road-to-dynamic-ibc-4a43bc964bca

ABOUT
Build Fast, Earn Fast - Agoric enables developers to rapidly deploy dapps and DeFi markets on-chain using composable JavaScript smart contracts. Safely get your project from vision to global market.

LINKS
https://agoric.com
https://agoric.com/twitter
https://agoric.com/discord
https://agoric.com/telegram
https://agoric.com/newsletter

Click the 'SUBSCRIBE' button to follow our Youtube channel!

No description provided.

No description provided.

Kate Sills from Agoric presented Zoe, Agoric's framework for building smart contracts, including building mechanisms such as auctions, swaps, and decentralized exchanges. Zoe guarantees that users of a smart contract will either get what they said they wanted or get a full refund, even if the smart contract is buggy or malicious.

https://agoric.com/documentation/zoe/guide/

ABOUT
Build Fast, Earn Fast - Agoric enables developers to rapidly deploy dapps and DeFi markets on-chain using composable JavaScript smart contracts. Safely get your project from vision to global market.

LINKS
https://agoric.com
https://agoric.com/twitter
https://agoric.com/discord
https://agoric.com/telegram
https://agoric.com/newsletter

Click the 'SUBSCRIBE' button to follow our Youtube channel!

As part of Agoric + Protocol Labs Speaker Series, Agoric co-founder Dean Tribble gave a talk about the Zoe smart-contracts platform and ERTP (electronic rights transfer protocol). Zoe is a framework for building smart contracts like auctions, swaps, decentralized exchanges, and more. Zoe itself is a smart contract written in JavaScript and running on the Agoric platform.

https://agoric.com/documentation/zoe/guide/

SES is a JavaScript runtime library for running such third-party code safely inside a featherweight compartment. SES stands for Secure ECMAScript, where ECMAScript is the standards name for JavaScript. SES addresses JavaScript’s lack of security. SES supports practicing of the Principle of Least Authority (or POLA) so that the risk from most third-party code can be substantially reduced.

https://medium.com/agoric/ses-securing-javascript-in-the-real-world-4f309e6b66a6
https://github.com/Agoric/SES/

ABOUT
Build Fast, Earn Fast - Agoric enables developers to rapidly deploy dapps and DeFi markets on-chain using composable JavaScript smart contracts. Safely get your project from vision to global market.

LINKS
https://agoric.com
https://agoric.com/twitter
https://agoric.com/discord
https://agoric.com/telegram
https://agoric.com/newsletter

Click the 'SUBSCRIBE' button to follow our Youtube channel!

AD:
Level-up on the software skills most in-demand at QCon San Francisco Software Development Conference on Oct 24-28, 2022.

Uncover emerging software trends and practices to solve your complex engineering challenges, without the product pitches.
QCon San Francisco brings together the world's most innovative senior software engineers, architects and team leads across multiple domains to share their real-world implementation of emerging trends and practices.

Save your spot now: https://bit.ly/3MA2tgN
-------------------------------------------------------------------------------------------------------
Video with transcript included: http://bit.ly/2YZNEMp

Kate Sills talks about some of the security issues using NPM packages, the EventStream incident that created a security breach in a package, and Realms and SES (Secure ECMAScript) as possible solutions to NPM package security vulnerabilities.

This presentation was recorded at QCon New York 2019: http://bit.ly/2KFk7SO

The next QCon is QCon London 2020 – March 2-4, 2020: http://bit.ly/2VfRldq

For more awesome presentations on innovator and early adopter topics check InfoQ’s selection of talks from conferences worldwide https://bit.ly/2tm9loz

#JavaScript #Security #NPM

IBC is a standard that permits anyone to quickly and securely transfer money across the web. Zaki Manian is the head of research at Tendermint Inc, an implementation of BFT consensus algorithm & PoS cryptoeconomics and a core contributor to the Cosmos Network. Dean Tribble, CEO at Agoric, is working on providing a safer, simpler way to program smart contracts.

IBC overview: https://cosmos.network/ibc/

This Week in Crypto is a roundup on the latest in blockchain and cryptocurrency. Tune in for weekly news and interviews with guests from top projects in blockchain.

Listen on iTunes: https://apple.co/34inUMj

#IBC #Agoric #Cosmos

SFBW19 - VM Design: The EVM Isn't the Only Game in Town

Panelists:
Zaki Manian, Tendermint
Mark Miller, Agoric
Daryl Hok, CertiK
Jan Xie, Nervos

San Francisco Blockchain Week: https://sfblockchainweek.io/

Join Dean Tribble from Agoric and Zaki Manian from Tendermint to learn more about Inter-blockchain Communication (IBC), what it is, the teams behind building it and what you can anticipate over the next few months.

Ongoing work on the Github repository: https://github.com/cosmos/ics
IBC Ecosystem: https://github.com/cosmos/ics/blob/ma...

ABOUT

Orbital Communications is a bi-weekly Cosmos community update that gives token holders, validators, and all levels of stakeholders a look inside what's being developed for the Cosmos Network.

The Cosmos Network is a secure and scalable blockchain ecosystem where thousands of decentralized applications interoperate to create the foundation for a new token economy.

Cosmos solves some of the hardest blockchain problems - scalability, usability and interoperability, allowing blockchain application developers to focus on business logic. The Cosmos SDK is a user-friendly, modular framework that allow developers to fully customize their dApp to best suit their needs, powered by Tendermint Core's BFT Proof of Stake protocol.

At Cosmos, we're building the "Internet of Blockchains." Join our growing network and plug into the growing world of connected blockchains.

Start here: https://cosmos.network/community

Subscribe to this channel to learn more about Cosmos. Join the newsletter by visiting https://cosmos.network and hitting the subscribe button at the bottom of the page. Finally, read what it's all about at https://blog.cosmos.network.

About Agoric

The Agoric team includes world-class technologists, economists, business leaders and community builders on a quest to bring smart contracts into the future. Members of the Agoric team have been professional collaborators for over 30 years, since the inception of smart contracts technology, and now have reunited to enact Agoric’s mission. Agoric partners with Cosmos and other well-known projects, and is backed by Outlier Ventures, , Xpring, Rockaway Blockchain and the Interchain Foundation, as well as additional funding from Naval Ravikant and Polychain. https://agoric.com/

Bitcoin was truly revolutionary. It was revolutionary because it enforced rules about the transfer of assets without the use of a trusted third party. In other words, it enforced property rights in an entirely new way.

Features such as property rights and contract enforcement are typically bundled together under the term “Rule of Law.” If Bitcoin could enforce property rights for bitcoin, and general smart contract frameworks can enforce some types of arrangements, can blockchains provide rule of law? How do we define the rule of law? Are there aspects of the rule of law that blockchains excel at providing? Are there aspects that they fail to provide?

The idea of smart contracts has roots that go back to work in the 1980s and crystalizing as a concept with Nick Szabo in the 1990s. This talk traces the history of smart contracts and draws lessons from this to suggest where they are headed.

As social systems grow, we need patterns to allow us to grow social connections while maintaining safety and trust. Ocaps (object capabilities) fill this void by allowing consensual connections between parties, and even allows participants to intentionally share those connections with others. But how can we allow for the establishing of new connections without opening us up to runaway abuse?

This talk discusses Horton, a "whodunnit" layer built on top of object capabilities, allowing us to establish connections while preserving accountability and the ability to reason about trust with a reduction of fear.

No description provided.

Part 1: Distributed Programming for a Decentralized World

To reach our goal of bringing the world economy into the decentralized world, we need to improve the developer experience. Current approaches to smart contract and dApp development are too hazardous, non-composable, use unfamiliar languages, and are subject to single-chain lock-in. We introduce the Agoric stack for creating safe, composable and interoperable smart contracts.

Part 2: Object-capability Programming in JavaScript

At first blush, JavaScript might seem a strange candidate for a secure programming language. But initial impressions can be deceiving. We show how JavaScript can be used as a secure, object-capability language. With SES, our secure JavaScript runtime, developers can write robust and reliable smart contracts.

Part 3: Distributed Secure Cross-chain Messages

We are rapidly moving into a world of many chains. So how do we turn JavaScript into a distributed secure programming language, where an object on one chain can asynchronously send a message to an object to another chain. We show how our vat model, through the IBC and CapTP protocols, can turn SES into a distributed, cross-chain, secure programming language.

Part 4: Writing Composable Smart Contracts

The Agoric stack is designed to support one main goal: to make it easy to write smart contracts that are more reliable, more understandable, and, especially, more composable. We introduce the Agoric contract layer as a distinct layer of abstraction that makes defining and exchanging digital assets (erights) as simple as standard programming.

Professor Jason Potts and Doctor Chris Berg discuss the economics of blockchain and the blockchain economy.

Property rights started simple. Real world agreements (contracts and institutions) evolved to facilitate their trade. Many agreements became generic --- independent of the particulars of the rights they manipulate. Participation in such an agreement is valuable. By reifying such participation as a tradable right, markets reuse the power of generic agreements, producing a deep composition of networks of rights and agreements.

We explain how ERTP, the Electronic Rights Transfer Protocol, supports such rich composition for electronic rights (erights) and smart contracts. Generic smart contracts --- escrow, derivatives, auctions, etc --- are independent of the kinds of erights they manipulate. We reify the ability to participate in each contract as tradable erights that such generic contracts manipulate. We can understand the resulting power as an extension of the higher-order programming of functional and object-oriented programming, but applied to the richer domain of tradable erights.

https://agoric.com/
https://twitter.com/agoric

ABOUT
Build Fast, Earn Fast - Agoric enables developers to rapidly deploy dapps and DeFi markets on-chain using composable JavaScript smart contracts. Safely get your project from vision to global market.

LINKS
https://agoric.com
https://agoric.com/twitter
https://agoric.com/discord
https://agoric.com/telegram
https://agoric.com/newsletter

Click the 'SUBSCRIBE' button to follow our Youtube channel!

Mark Miller explains how ERTP, the Electronic Rights Transfer
Protocol, supports such rich composition for electronic rights
(erights) and smart contracts. Generic smart contracts --- escrow,
derivatives, auctions, etc --- are independent of the kinds of erights
they manipulate. We reify the ability to participate in each contract
as tradable erights that such generic contracts manipulate. We can
understand the resulting power as an extension of the higher-order
programming of functional and object-oriented programming, but applied
to the richer domain of tradable erights.

Live at Zcon1: Zero to Privacy Hero - Day 2
Presented by Zcash Foundation in Split, Croatia

Presented at IBC Working Group: Genesis
Berlin, 2019

We were joined by Mark S. Miller, Chief Scientist at Agoric. Mark is a computer scientist who has done ground-breaking work on many topics relevant to blockchain and smart contracts going back decades.

We discussed his visionary 1988 Agoric papers, which explored how markets could be applied to the world of software. We also covered how his view of smart contracts, which focused on secure bilateral agreements complements and converges with blockchain. Finally, we covered his new company Agoric and their conceptualization of higher order smart contracts.

Topics discussed in this episode:
- Mark's effort to prevent the government from suppressing the discovery of public key cryptography in the 1970s
- The legendary project Xanadu and its attempt to create censorship-resistant web publishing
- Mark's Agoric papers and the vision of markets for computation
- Why AI hasn't changed the shortcomings of central planning
- The difference between his view of smart contracts and Nick Szabo's
- Their decade-spanning work on making JavaScript the best language for smart contracts
- Agoric's work on higher order smart contracting

Links mentioned in this episode:
- The Agoric Papers: https://bit.ly/2DUo3Lr
- Computer Security as the Future of Law - YouTube: https://bit.ly/2V2xGO0
- Capability-based Financial Instruments (2000): https://bit.ly/2PSIvkX
- Distributed Electronic Rights in JavaScript – Google AI: https://bit.ly/2WvKDkO
- Agoric at SF Cryptocurrency Devs - Programming Secure Smart Contracts -
YouTube: http://bit.ly/2vI88LJ
- The Duality of Smart Contracts and Electronic Rights by Dean Tribble at
Web3 Summit 2018 - YouTube: https://bit.ly/2V39Txz

Sponsors:
- Azure: Deploy enterprise-ready consortium blockchain networks that scale in just a few clicks - http://aka.ms/epicenter
- Cosmos: Join the most interoperable ecosystem of connected blockchains - http://cosmos.network/epicenter

This episode is hosted by Brian Fabian Crain & Sunny Aggarwal. Show notes and listening options: https://epicenter.tv/286

Combine risk lowering strategies to get a *multiplicative* reduction in overall risk.

Mark S. Miller at UC Santa Cruz, April 2019

https://www.youtube.com/watch?v=wW9-KuezPp8&list=PLzDw4TTug5O0ywHrOz4VevVTYr6Kj_KtW is a quick 15 min talk on the central theme of this talk.

Our civilization today rests on infrastructure that is not only insecure, but insecurable.We cannot eliminate risk, but we can be vastly safer. Qualitative arguments have been made for various security architectures, but without any overall framework for comparing them as alternatives or as complements. We present a visualization of the attack surface as a way to reason about aggregate risk, and show how the composition of several techniques --- blockchains, object-capability languages, patterns, protocols, user interfaces, and smart contracts --- can produce a multiplicative decrease in risk without loss of functionality.

Dean Tribble presented a solution to the train-hotel problem at the Stanford Blockchain Conference. The train-hotel problem comes from Andrew Miller and demonstrates a difficulty with cross-shard communication. In the problem, we want to get a train ticket AND a hotel reservation - if we don’t get both, we want neither.

Slides can be found here: https://agoric.com/assets/slides/async-train-hotel.pptx

Slides in pdf form here: https://agoric.com/assets/slides/async-train-hotel.pdf

ABOUT
Build Fast, Earn Fast - Agoric enables developers to rapidly deploy dapps and DeFi markets on-chain using composable JavaScript smart contracts. Safely get your project from vision to global market.

LINKS
https://agoric.com
https://agoric.com/twitter
https://agoric.com/discord
https://agoric.com/telegram
https://agoric.com/newsletter

Click the 'SUBSCRIBE' button to follow our Youtube channel!

Agoric's Chief Scientist talks about creating an object-capability (ocap) secure subset of JavaScript to support simple composition with least authority.

Agoric enables application developers to write safe smart contracts and empowers individuals to securely execute transactions, establish new markets, and craft novel patterns of exchange — without centralized control.

ABOUT
Build Fast, Earn Fast - Agoric enables developers to rapidly deploy dapps and DeFi markets on-chain using composable JavaScript smart contracts. Safely get your project from vision to global market.

LINKS
https://agoric.com
https://agoric.com/twitter
https://agoric.com/discord
https://agoric.com/telegram
https://agoric.com/newsletter

Click the 'SUBSCRIBE' button to follow our Youtube channel!

JF Paradis is an Architect at Salesforce on the Lightning platform and currently focuses on Lightning Locker, a browser-level security layer integrating OCAP principles.

JF’s background include computer and network security, single-page web applications, and open-source frameworks. JF is also a contributor to the ECMAScript TC39 committee.

Ethereum and other smart contract platforms currently use identity-based access control, but this security architecture is known to create specific vulnerabilities. Is there a better security architecture for smart contracts?

San Francisco Blockchain Week: https://sfblockchainweek.io/

Dean Tribble, CEO of Agoric, presents his work with smart contracts at Web3 Summit

This video was recorded at Web3 Summit 2018 in Berlin.

Presentation to Node Security group
https://github.com/nodejs/security-wg/issues/376#issuecomment-415567888

Identical to https://www.youtube.com/watch?v=lgAnL1swyns&index=23&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&t=0s but with corrected visuals

Talk Link: http://2016.ecoop.org/event/ecoop-2016-papers-plenary-speaker-

This is talk 2/2 in a Lecture Series on Web Security by Google Research Scientist Mark S. Miller. It took place on October 7th at the Vrije Universiteit Brussel in Brussels, Belgium. Full details at: http://mobicrant-talks.eventbrite.com

Abstract:
Just as we should not expect our base programming language to provide all the data types we need, so we should not expect our security foundation to provide all the abstractions we need to express security policy. The answer to both is the same: We need foundations that provide simple abstraction mechanisms, which we use to build an open ended set of abstractions, which we then use to express policy. We show how to use EcmaScript 5 to enforce the security latent in object-oriented abstraction mechanisms: encapsulation, message-passing, polymorphism, and interposition. With these secured, we show how to build abstractions for confinement, rights amplification, transitive wrapping and revocation, and smart contracts.

Slides:
http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf

This is talk 1/2 in a Lecture Series on Web Security by Google Research Scientist Mark S. Miller. It took place on October 6th at the Vrije Universiteit Brussel in Brussels, Belgium. Full details at: http://mobicrant-talks.eventbrite.com

Abstract:
Until now, browser-based security has been hell. The object-capability (ocap) model provides a simple and expressive alternative. Google's Caja project uses the latest JavaScript standard, EcmaScript 5, to support fine-grained safe mobile code, solving the secure mashup problem. Dr. SES -- Distributed Resilient Secure EcmaScript -- extends the ocap model cryptographically over the network, enabling RESTful composition of mutually suspicious web services. We show how to apply the expressiveness of object programming to the expression of security patterns, solving security problems normally thought to be difficult with simple elegant programs.

Slides:
http://soft.vub.ac.be/events/mobicrant_talks/talk1_ocaps_js.pdf