Abstract. The possession of secrets is a recurrent theme in security literature and practice. We present a refinement type system, based on indexed intuitonist S4 necessity, for an object calculus with explicit locations (corresponding to prin-cipals) to control the principals that may possess a secret. Type safety ensures that if the execution of a well-typed program leads to a configuration with an object p located at principal a, then a possesses the capability to p. We illustrate the type system with simple examples drawn from web applications, including an illus-tration of how Cross-Site Request Forgery (CSRF) vulnerabilities may manifest themselves as absurd refinements on object declarations during type checking. A fuller version of the paper is available at fpl.cs.depaul.edu/jriely/papers/ 2012-aplas.pdf. 1

This paper appeared in nearly this form in the Oct. 1988 issue of Operating Systems Review, pp 36:38 Bold face stuff should be changed for greater correspondence to Unix. This is a nearly true story (unessential details have been changed). The events happened about 1977 at Tymshare, a company which provided commercial timesharing services. Before this happened I had heard of capabilities and thought that they were neat and tidy, but was not yet convinced that they were necessary. This occasion convinced me that they were necessary. It is an intricate scenario but such is the nature of computers. Our operating system was much like Unix (Ô of AT&T) in its protection structures. A compiler was installed in a directory called SYSX. A user would use the compiler by saying "RUN /SYSX/FORT", and could provide the name of a file to receive some optional debugging output. We had instrumented the compiler to collect statistics about l

This is a nearly true story (inessential details have been changed). The events happened about eleven years ago at Tymshare, a company which provided commercial timesharing services. Be-fore this happened I had heard of capabilities and thought that they Were neat and tidy, but was not yet convinced that they were necessary. This occasion convinced me that they were necessary. Our operating system was much like Unix (aM of AT&T) in its protection structures. A compiler was installed in a directory called SYSX. A user would use the compiler by saying "RUN (SYSX)FORT", and could provide the name of a file to receive some optional debugging output. We had instrumented the compiler to collect statistics about language feature usage. The statistics file was called (SYSX)STAT, a name which was assembled into the compiler. To enable the compiler to write the (SYSX)STAT file, we marked the file holding the compiler { (9YSX)FORT} with homefiles license. The operating system allowed a program with such license to write files in its home directory, SYSX in our case. The billing information file (SYSX)BILL was also stored in SYSX. Some user came to know the name (9YSX)BILL and supplied it to the compiler as the name of the file to receive the debugging information. The compiler passed the name to the operating system in a request to open that file for

understood. To relate feedback directly to behavior is very confusing. Results are contradictory and seldom straight-forward. (Ilgen, Fisher, & Taylor, 1979, p. 368) The effects of manipulation of KR [knowledge of results] on motor learning...reveal... some violent contradictions to earlier beliefs about

Last literature review for version 16.2: mayo 31, 2008 | This topic last

A penetrating analysis of our technical civilization and of the effect of an increasingly standardized culture on the future of man

Android’s security framework has been an appealing sub-ject of research in the last few years. Android has been shown to be vulnerable to application-level privilege esca-lation attacks, such as confused deputy attacks, and more recently, attacks by colluding applications. While most

This is the time set aside for members of the public to speak to the City Council about any issues of concern. If you wish to speak, please consider the following points: 1. speak audibly into the podium microphone, 2. state your name and address for the record, and 3. limit your comments to three minutes.

a corporation,

The objective of this study is to investigate awareness and use of Online Public Access Catalogue (OPAC) by users of SVS College Library, Bantwala. The study adopted a questionnaire-based survey research design, 120 questionnaires were distributed to the students, out of which 116 filled questionnaires were received after duly filled for analysis. The present study examines various aspects of OPAC such as frequency of use, purpose, benefits of use, etc. The result of the revealed that 66 (56.89%) of respondents used OPAC facility daily, 40(34.48%) stated that they aware how to use the OPAC from shelf/friends/colleagues, 43(37.07%) of the respondents used OPAC search by author. The results of the study indicated that a majority of users search information concerning the library resources through OPAC.