Tradeoffs in Retrofitting Security: An Experience Report
Abstract
In 1973, John Reynold’s and James Morris’ Gedanken language retrofit object-capability
security into an Algol-like base. Today, there are active projects retrofitting Java,
Javascript, Python, Mozart/Oz, OCaml, Perl, and Pict. These represent a variety of
approaches, with different tradeoffs regarding legacy compatibility, safety, and
expressivity. In this talk I propose a taxonomy of these approaches, and discuss some of the
lessons learned to date.
security into an Algol-like base. Today, there are active projects retrofitting Java,
Javascript, Python, Mozart/Oz, OCaml, Perl, and Pict. These represent a variety of
approaches, with different tradeoffs regarding legacy compatibility, safety, and
expressivity. In this talk I propose a taxonomy of these approaches, and discuss some of the
lessons learned to date.