Overview
Explore a 24-minute IEEE conference talk that delves into mitigating language-based security (LangSec) problems using capability-based systems. Learn how the Sandstorm system, a capability-based, private-by-default environment for running web applications, addresses LangSec vulnerabilities through robust isolation and proactive security measures. Discover how capability systems can transform complex authorization decisions into syntactic constraints on requests, potentially simplifying security implementations. Examine the impact of Sandstorm's systematic protection across multiple system levels in reducing the severity of LangSec bugs in hosted applications. Gain insights into the characterization of addressed vulnerabilities using MITRE's Common Weakness Enumeration (CWE) scheme, and understand the potential benefits of capability-based systems for the LangSec community.
Syllabus
Mitigating LangSec Problems With Capabilities
Taught by
IEEE Symposium on Security and Privacy