Declarative policies for capability control

Christos Dimoulas, Scott Moore, Aslan Askarov, Stephen Chong

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Scopus citations


In capability-safe languages, components can access a resource only if they possess a capability for that resource. As a result, a programmer can prevent an untrusted component from accessing a sensitive resource by ensuring that the component never acquires the corresponding capability. In order to reason about which components may use a sensitive resource it is necessary to reason about how capabilities propagate through a system. This may be difficult, or, in the case of dynamically composed code, impossible to do before running the system. To counter this situation, we propose extensions to capability-safe languages that restrict the use of capabilities according to declarative policies. We introduce two independently useful semantic security policies to regulate capabilities and describe language-based mechanisms that enforce them. Access control policies restrict which components may use a capability and are enforced using higher-order contracts. Integrity policies restrict which components may influence (directly or indirectly) the use of a capability and are enforced using an information-flow type system. Finally, we describe how programmers can dynamically and soundly combine components that enforce access control or integrity policies with components that enforce different policies or even no policy at all.

Original languageEnglish (US)
Title of host publicationProceedings - 2014 IEEE 27th Computer Security Foundations Symposium, CSF 2014
PublisherIEEE Computer Society
Number of pages15
ISBN (Electronic)9781479942909
StatePublished - Nov 13 2014
Event27th IEEE Computer Security Foundations Symposium, CSF 2014 - Vienna, Austria
Duration: Jul 19 2014Jul 22 2014

Publication series

NameProceedings of the Computer Security Foundations Workshop
ISSN (Print)1063-6900


Other27th IEEE Computer Security Foundations Symposium, CSF 2014


  • Capabilities
  • Capability policies
  • Information-flow control
  • Language-based security

ASJC Scopus subject areas

  • Software


Dive into the research topics of 'Declarative policies for capability control'. Together they form a unique fingerprint.

Cite this