Marc Stiegler's Interests

Capability Security, Present & Future



KrugmanLand
This is the story of what happens in Atlantea after the government follows the advice offered in Dr. Paul Krugman's economics blog. The story has numerous pointers to the actual writings of Krugman, Keynes, and others to show that the craziest parts of the story are only mild exaggerations. Yes, there are real economists, prestigious and widely lauded, who believe this. Also available on the Kindle. Buy the Kindle version if you'd like more works like this.
No Phishing Here
Well, the real title of this paper is "Phishing Prevention with Hybrid Authentication/Authorization", but that is a mouthful. Here is the abstract:

Phishing is now widely recognized as the number one threat to the enterprise.Two Factor Authentication, the supposed solution to this among other problems, has been shown to be less effective than anticipated. Here we present Two Factor Access Control, blending an authentication factor with an authorization factor, to render phishing attacks ineffective.

The JavaScript source for a demo implementation on Node.js is available here.

Rich Sharing and Crowd Sourced Access Control
A potpourri of links to videos, podcasts, technical papers, and live demos, on how to move beyond the password-based login system of today's web, and enable people to collaborate securely.
from Marc Stiegler

Available from
Amazon.com
(listed at the top with capability security because it is all about the future of the Web; the first scene revolves around a capability-based secure rights exchange in a dark alley)


E in a Walnut
Partial Draft of a concise guide to E programming. A very partial, very rough draft, but nonetheless a useful resource

This draft is synchronized with the 0.8.10 version of E, and is the first version in which all the example code has been tested with an E system, so it is much better than previous versions.

Intro to Capability Based Security An introduction to the concepts of Capability Based Security, the architecture for professional-grade computation that we will all eventually move to after enough hackers break into enough computers, and we finally decide to just fix the problem.
PictureBook of Secure Cooperation
No one really wants security for their computers. If you want security, disconnect your computer from the Internet. What we really need is secure cooperation. This is an easy introduction to secure cooperation, which really is quite different from old fashioned security.
Emily: A High Performance Langue for Secure Cooperation Emily is an object-capability language derived from OCaml. Like OCaml, Emily has performance characteristics similar to those of C++. Like E and Joe-E, it enforces strict confinement by default on every individual object and function, allowing the conference of authority only via the handoff of a reference to an authority-bearing object.
Granma's Rules of POLA The 6 simple rules your grandmother can follow and be safe from trojan horses and computer viruses, once she has a capability secure desktop.
O'Reilly Peer To Peer Conference, Feb. 14-16, 2001. "Governance in Coercionless Societies", in which we explore the technologies for making the Web a coercionless society, its consequences, and the techniques employed for maintaining the advantages of an organized society in the presence of total personal liberty. This presentation is available in PowerPoint format at the O'Reilly Conference Site. (O'Reilly seems to have stopped offering that actual presentations. If you can't get it from O'Reilly, email me).
Other key capability based security sites
  • Erights.org: Home of the E programming language
  • Combex: Capability secure solutions based on E.
  • EROS-OS: The open source capability secure operating system
  • Waterken: Capability based security for the WWW
  • Caplore: Home of numerous items of wisdom from the fountainhead of modern capabilities, Norm Hardy


Other Software


Reversi in Java Play the game, read about the design principles, download the source
Decision Analysis: DecideRight DecideRight was selected as a Byte Best Of Comdex Finalist in 1996, and was selected as Best New Business Software of the Year by the Software Publisher's Association in January, 1997. You can read what PC Magazine said about it here. You can now buy DecideWrite off our home page.


Science Fiction and Other Writings


EarthWeb My latest effort  hit the bookstores in April, 1999.  A story of liberty, wrapped in a story of the Web, cloaked in a story of evil alien battleships and cataclysmic combat.
The Gentle Seduction
One of the first sf stories about nanotechnology, and still considered by some of the founders of the nanotech field to be one of the best stories about it. 17 years after publication, I still get the occasional email from someone, somewhere, about how, in a time of despair, they were introduced to this story, and its optimistic message gave them a renewed sense of hope and purpose.
The B-2 Lottery A modest proposal for a better way to run huge, expensive government programs, published when  funding of the phenomenally expensive B-2 bomber was a major topic of conversation a decade ago.
Earth Day in Las Vegas Another modest proposal, this one published in April, 2002, in The American Enterprise Magazine Online. A discussion of idea futures and their application in making Earth Day a real Festival.
Hypermedia Publishing A description of the possibilities of hypertext, published before the term "World Wide Web" was invented. Someday, the Web will enable all the functionality described herein.
Final Exam Yes, this is a final exam for a college course--a course I taught on "The Future Of Computing". Several friends suggested that this Final Exam should be taken by anyone who thinks the way to make the Web a "safe place" is to pass thousands of new government regulations. In this Exam, the student must use advanced Web-tools (currently under development by many different parties) to solve problems without saying, "there ought to be a law." No, there ought to be a choice. 

This item stimulated a 300-comment conference on slashdot shortly after its publication.

Back To SkyHunter Home Page