Adding capability-based protection to the Rotor (MS Rotor RFPv1)
On the cost of securing applications - Performance of .NET CAS protection and capabilities (MS Rotor RFPv2)
One of the Pilot Projects using the Shared Source
implementation of CLI and C# (“Rotor”) selected by Microsoft Research
MS Research Rotor Projects Home
Goal
To research on (pure) capabilities as a protection mechanism for object systems
based on virtual machines, using the Rotor VM as a vehicle. Capabilities have many
merits. The focus is on the access control system. I.e. to control whether a
client object instance is allowed to call a method in a given server object
instance.
A capability is an access control mechanism that attaches a set of access
permissions (allowed/not allowed) to a reference pointing to a given object.
The mechanism stops a method invocation if the object reference does not hold
in the permission set an “allow” for the method called.
Poster and paper
You can download the Poster (560K PDF) shown
at the 2nd Annual Rotor Workshop held on Redmond, Washington in September of 2003
The paper
Alternative protection systems for OO environments: Capability-based protection and the SSCLI-Rotor.
.NET Technologies 2004, Pilsen, Czech Republic. June 2004.
Download RotorCapa
Download RotorCapa1.0 (ZIP)
You just have to substitute these files into the Rotor 1.0 source tree.
One of the projects selected by Microsoft Research for the second Shared Source
implementation of CLI and C# (“Rotor”) RFP
MS Research Rotor Projects Home
Goal
To measure the cost of different protection mechanisms (Code Access Security),
in the particular case of .NET CAS and capabilities, using Rotor and RotorCapa
as a testbed.
Presentation
For the moment, you can download the slides from the presentation (PDF) shown
at the Rotor Capstone Workshop held on Redmond, Washington, in September of 2005.
Contact
Darío Álvarez Gutiérrez
Marián Díaz Fondón
Object-Oriented Technologies Research Group
Departamento de Informática (Department of Informatics)