Google Research

Tradeoffs in Retrofitting Security: An Experience Report

  • Mark S. Miller
Dynamic Languages Symposium, ACM (2007)


In 1973, John Reynold’s and James Morris’ Gedanken language retrofit object-capability security into an Algol-like base. Today, there are active projects retrofitting Java, Javascript, Python, Mozart/Oz, OCaml, Perl, and Pict. These represent a variety of approaches, with different tradeoffs regarding legacy compatibility, safety, and expressivity. In this talk I propose a taxonomy of these approaches, and discuss some of the lessons learned to date.

Learn more about how we do research

We maintain a portfolio of research projects, providing individuals and teams the freedom to emphasize specific types of work