awesome-ocap
Capability security resource
A curated list of resources and examples for building secure software using object capabilities
Awesome Object Capabilities and Capability Security
347 stars
33 watching
25 forks
last commit: 8 months ago
Linked from 3 awesome lists
awesomeawesome-listcapabilitiescapability-basedjavascriptocapocapssecurityweb-security
Awesome Object Capabilities and Capability-based Security | |||
| Opening Statement on SOSP 50th Anniversary Panel | Mark Miller | ||
| Navigating the Attack Surface to achieve a multiplicative reduction in risk | |||
Awesome Object Capabilities and Capability-based Security / Applications and Services | |||
| Cloudflare Workers | |||
Awesome Object Capabilities and Capability-based Security / Applications and Services / Cloudflare Workers | |||
| Why Workers environment variables contain live objects | 2024-04: | ||
| Dynamic Process Isolation: Research by Cloudflare and TU Graz | 2021-10: | ||
| Durable Objects: Easy, Fast, Correct — Choose three | 2021-08: | ||
| Mitigating Spectre and Other Security Threats: The Cloudflare Workers Security Model | 2020-07: | ||
Awesome Object Capabilities and Capability-based Security / Applications and Services | |||
| Sandstorm | is a self-hosted web productivity suite and with WordPress, Rocket.Chat, IPython Notebook and many more. protects you and your data against application bugs | ||
Awesome Object Capabilities and Capability-based Security / Applications and Services / Sandstorm | |||
| Announcing the release of vagrant-spk 1.0 | 2020-02-22: | ||
| Reviving Sandstorm - Sandstorm Blog | 2020-02-03: | ||
| connecting to external HTTP APIs via the Powerbox | 6,747 | 6 days ago | 2017-03-02: and related powerbox enhancements v0.200 (2017-01-28), v0.203 |
| One click to try an open source web application | 2015-02-06: | ||
Awesome Object Capabilities and Capability-based Security / Applications and Services | |||
| Tahoe-LAFS | is a highly available decentralized cloud storage system. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security | ||
Awesome Object Capabilities and Capability-based Security / Applications and Services / Tahoe-LAFS | |||
| v1.19.0 released | 2024-01-01 | ||
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / JavaScript | |||
| Making 'npm install' Safe - QCon New York | 2019-12: "Kate Sills on security issues using NPM packages, the EventStream incident, and SES" as possible solutions to npm supply-chain risks | ||
| Higher-order Smart Contracts across Chains | 2019-06: Agoric + Protocol Labs // - Mark Miller | ||
| SF Cryptocurrency Devs: Agoric - Programming Secure Smart Contracts | 2018-10-15: | ||
| Agoric Releases SES: Secure JavaScript | 2018-07-28: f4d3d5a | ||
| Distributed Resilient Secure ECMAScript (Dr. SES) | ESOP 2013 | ||
| fun with Capper and OFX financial transaction fetching | Jan 2016 to cap-talk | ||
| The Attacker is Inside: Javascript Supplychain Security and LavaMoat | 2022-11: by kumavis at Ethereum Devcon Bogota | ||
| Speakeasy JS – Lavamoat: Securing your dependency graph (Kumavis) | 2021-01: | ||
| Introducing workerd: the Open Source Workers runtime | 2022-09: | ||
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / C++ | |||
| Cap’n Proto | is a high performance serialization and RPC protocol with distributed and persistent capabilities and promise pipelining. Bindings to python, JavaScript (in node.js), Go, Rust, etc. are available | ||
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / C++ / Cap’n Proto | |||
| Cap'n Proto: Cap'n Proto 0.8: Streaming flow control, HTTP-over-RPC, fibers, etc. | 2020-04-23: | ||
| Cap'n Proto 0.5, and how it is central to Sandstorm | 2014-12-15: by Kenton Varda | ||
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / Scheme (racket) | |||
| NLnet grant bootstraps OCapN protocol standardization effort | 2022-10 | ||
| Content Addressed Descriptors and Interfaces with Spritely Goblins paper | 2021-07 "how to perform "conversational" programming in Spritely Goblins, or any other system which assumes a mutually suspicious network. ... The reason this system is able to be elegantly embedded in a network environment is its use of Spritely's implementation of CapTP." | ||
| Spritely's NLNet grant: Interface Discovery for Distributed Systems -- DustyCloud Brainstorms | 2020-05-13 | ||
| Motile: Reflecting an Architectural Style in a Mobile Code Language. | Gorlick, Michael M., and Richard N. Taylor. (2013) | ||
| COASTmed: software architectures for delivering customizable, policy-based differential web services. | Baquero, Alegria. Companion Proceedings of the 36th International Conference on Software Engineering. ACM, 2014 | ||
| Shill: A Secure Shell Scripting Language | . Scott Moore, Christos Dimoulas, Dan King, and Stephen Chong. 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 2014 | ||
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / Scala | |||
| ocaps | is a library for working with object capabilities in Scala | ||
| guide to capabilities | Comes with a | ||
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / Scala / guide to capabilities | |||
| Presentation at Scaladays | 2018-09-22 | ||
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / rust | |||
| cap-std | 660 | 16 days ago | Capability-oriented version of the Rust standard library |
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / rust / cap-std | |||
| Release v1.0.0 · bytecodealliance/cap-std | 660 | 16 days ago | 2022-11: |
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / rust | |||
| capnproto/capnproto-rust: Cap'n Proto for Rust | 2,057 | 6 days ago | |
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / rust / capnproto/capnproto-rust: Cap'n Proto for Rust | |||
| Release capnpc-v0.15.0 · capnproto/capnproto-rust | 2,057 | 6 days ago | 2022-11: |
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / rust | |||
| Using Capabilities to Design Safer, More Expressive APIs | Zack Mullaly Jan 19, 2018 | ||
| The Syndicated Actor Model | |||
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / go | |||
| capnproto/go-capnproto2: Cap'n Proto library and code generator for Go | 1,221 | 3 months ago | |
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / go / capnproto/go-capnproto2: Cap'n Proto library and code generator for Go | |||
| Release v2.18.0 · capnproto/go-capnproto2 | 1,221 | 3 months ago | 2019-12: |
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / python | |||
| Network protocols, sans I/O | supports object capability discipline by letting the caller handle network access | ||
| The Syndicated Actor Model | |||
Awesome Object Capabilities and Capability-based Security / Libraries and Frameworks / nim | |||
| The Syndicated Actor Model | |||
Awesome Object Capabilities and Capability-based Security / Programming Languages | |||
| ponylang | docker images: | ||
| Fully concurrent garbage collection of actors on many-core machines | S. Clebsch and S. Drossopoulou OOPSLA 2013 | ||
| Release 0.1.0: Core language complete | 1,123 | 5 months ago | 2022-09: |
| Gilad Bracha: Newspeak on the Web | 2021-09: at California Smalltalkers | ||
| Live IDEs in the Web Browser: What's Holding Us Back | 2021-03: Includes a brief demo of the WASM based Newspeak IDE | ||
| montelang | Docker images: | ||
| Monte: A Spiritual Successor to E | 2017-03: presented by Corbin Simpson at OCAP 2017 | ||
Awesome Object Capabilities and Capability-based Security / Operating Systems | |||
| genode | is a novel OS architecture that is able to master the complexity of code and policy -- the most fundamental security problem shared by modern general-purpose operating systems -- by applying a strict organizational structure to all software components including device drivers, system services, and applications | ||
Awesome Object Capabilities and Capability-based Security / Operating Systems / genode | |||
| Genode - Sculpt OS release 23.10 | 2023-10 with power management | ||
| Genode OS Framework release 21.08 | 2021-08 "revamped GPU support as well as new drivers for the Pinephone and MNT-Reform" | ||
| Genode OS Framework 20.05 | 2020-05-28 with , | ||
| MNT Reform - The Campaign is Live | 2020-05-07: | ||
| Sculpt OS release 20.02 | 2020-03-10: Version 20.02 of the Sculpt operating system revisits the administrative user interface for a more intuitive and logical user experience | ||
| Genode OS Framework release 20.02 | 2020-02-28: With version 20.02, Genode makes Sculpt OS fit for running on i.MX 64-bit ARM hardware, optimizes the performance throughout the entire software stack, and takes the next evolutionary step of the user-facing side of Sculpt OS | ||
| Road Map for 2020 | 2020-01-20: | ||
| Genode OS Framework Foundations | 2019-05: book ( ) | ||
| Genode OS Framework release 17.11 | Nov 30, 2017 | ||
Awesome Object Capabilities and Capability-based Security / Operating Systems | |||
| cr0 blog: A few thoughts on Fuchsia security | 2021-06 Julien Tinnes | ||
| Playing Around With The Fuchsia Operating System | 2020-06-09 - | ||
| Google’s “Fuchsia” smartphone OS dumps Linux, has a wild new UI | 2017-05-08 Ars Technica | ||
| seL4 Summit 2022 | 2022-10: Munich, Germany (hybrid), 10-13 Oct 2022 | ||
Awesome Object Capabilities and Capability-based Security / Operating Systems / seL4 Summit 2022 | |||
| 2022-10: 4th seL4 Summit | video playlist | ||
Awesome Object Capabilities and Capability-based Security / Operating Systems | |||
| wasmedge-seL4 | 44 | over 2 years ago | 2021-10: Integrate WasmEdge with seL4 |
| Ghost donates to the seL4 Foundation | 2021-08: | ||
| Lotus Cars joins the seL4 Foundation | 2021-08: | ||
| seL4 protects world's most secure drone from DEFCON hackers | 2021-08: | ||
| Ghost Raises $100M for Breakthrough in Autonomous Driving Safety | 2021-07: | ||
| The seL4® Microkernel An Introduction | 2020-05-25 Gernot Heiser | ||
| seL4 developers create open source foundation to enable safer, more secure and more reliable computing systems - CSIRO | 2020-04-08: | ||
| Getting started with seL4, CAmkES, and L4v: Dependencies | MAY 19, 2017 | ||
| seL4 on the Raspberry Pi 3 | FEBRUARY 8, 2017 | ||
| Comprehensive formal verification of an OS microkernel | Gerwin Klein, June Andronick, Kevin Elphinstone, Toby Murray, Thomas Sewell, Rafal Kolanski and Gernot Heiser | ||
| seL4 enforces integrity | Thomas Sewell, Simon Winwood, Peter Gammie, Toby Murray, June Andronick and Gerwin Klein International Conference on Interactive Theorem Proving, pp. 325-340, Nijmegen, The Netherlands, August, 2011 | ||
| Announcing KataOS and Sparrow | Google Open Source Blog | 2022-10: “As the foundation for this new operating system, we chose seL4 as the microkernel because it puts security front and center; it is mathematically proven secure, with guaranteed confidentiality, integrity, and availability.” | ||
Awesome Object Capabilities and Capability-based Security / CPUs | |||
| CHERI | is an open source capability CPU design | ||
Awesome Object Capabilities and Capability-based Security / CPUs / CHERI | |||
| Arm releases experimental CHERI-enabled Morello board as part of £187M UKRI Digital Security by Design programme | 2022-01 CHERI implements architectural capabilities that directly enable software security features such as fine-grained memory protection and scalable software compartmentalisation — both important software vulnerability mitigation techniques that are not well supported on current processor architectures. ... memory-safe C compilation and linkage | ||
| The Arm Morello Board | 2019-09 Arm announced Morello, an experimental CHERI-extended, multicore, superscalar ARMv8-A processor, System-on-Chip (SoC), and prototype board to be available from late 2021. Morello is a part of the UKRI £187M Digital Security by Design Challenge (DSbD) supported by the UK Industrial Strategy Challenge Fund, including a commitment of over £50M commitment by Arm | ||
| An Introduction to CHERI | 2019-09 | ||
Awesome Object Capabilities and Capability-based Security / Presentations, Talks, Slides, and Videos | |||
| Oct 2011 video | |||
| Nov 2011 video | |||
| DarpaBrowser: Final Report | ref: | ||
Awesome Object Capabilities and Capability-based Security / Articles | |||
| ARPC: GRPC-Like RPC Library That Supports File Descriptor Passing | 18 | almost 6 years ago | |
| Flower: A Label-Based Network Backplane | 22 | almost 6 years ago | |
| Blogging about Midori | in series: | ||
Awesome Object Capabilities and Capability-based Security / Articles / Peer-reviewed Articles | |||
| slide presentation | |||
jnv/lists
kai5263499/awesome-container-security
0ex/more-awesome
fff-rs/juice
fractalide/fractalide