2003 | OriginalPaper | Chapter
Built-in Object Security
Author : Martín Abadi
Published in: ECOOP 2003 – Object-Oriented Programming
Publisher: Springer Berlin Heidelberg
Included in: Professional Book Archive
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
Modern programming languages and systems provide much support for security. Through strong typing, they can substantially reduce the opportunities for low-level coding errors that could result in buffer overflows and other vulnerabilities. They also allow protection by encapsulation and the treatment of objects as unforgeable capabilities. In addition, they sometimes include rich security infrastructures, for example libraries for authentication and authorization.Although common programming languages are not primarily concerned with security, language definitions can be the basis for security guarantees. A language specification may imply, for instance, that object references are unguessable. An implementation may resort to cryptography in order to enforce this property and others built into the language.Conversely, for better or for worse, security machinery can have a significant effect on language semantics and implementations, even when it is regarded as an add-on. For instance, access-control techniques that depend on the contents of the execution stack give an observable role to the stack, affecting program equivalences. A language perspective can help in understanding such security mechanisms and sometimes in developing new ones.