youtube image
From YouTube: Don't Add Security, Remove Insecurity


This is the inaugural talk in F5 Public Tech Talk series.


Complexity is the enemy of security. The conventional approach takes systems that are already too complicated and "secures" them by adding even more mechanisms. Rather than provide a model of secure computation, these "security" mechanisms are bolted on to computation that occurs by other means, requiring programmers to program in two unrelated paradigms simultaneously. The resulting "security" has failures of excess authority, ambient authority, co-mingled authority, and insufficient expressiveness. There is a better way.

In 2007 we started with JavaScript, a famously complicated, messy, and irregular language, and added "subtractive" enablers --- like Object.freeze and strict mode --- for turning off some of JavaScript's worst mis-features. We use these enablers to create Hardened JavaScript (aka SES), an enforced object-capability secure subset of JavaScript, supporting flexible, expressive, compositional, and fine-grain security. Hardened JavaScript turns off so little of JavaScript that a tremendous amount of existing JavaScript code, not written to run under Hardened JavaScript, nevertheless does so successfully.

If you are uninterested in JavaScript, consider it merely an example. Learn from our success. The lessons generalize well to other systems.

Speaker Bio

Mark S. Miller is a pioneer of agoric (market-based secure distributed) computing and smart contracts, the main designer of the E and Dr. SES distributed persistent object-capability programming languages, inventor of Miller Columns, an architect of the Xanadu hypertext publishing system, a representative to the EcmaScript committee, a former Google research scientist and member of the WebAssembly (Wasm) group, and a senior fellow of the Foresight Institute.