Built-in Object Security

Modern programming languages and systems provide much support for security. Through strong typing, they can substantially reduce the opportunities for low-level coding errors that could result in buffer overflows and other vulnerabilities. They also allow protection by encapsulation and the treatment of objects as unforgeable capabilities. In addition, they sometimes include rich security infrastructures, for example libraries for authentication and authorization. Although common programming languages are not primarily concerned with security, language definitions can be the basis for security guarantees. A language specification may imply, for instance, that object references are unguessable. An implementation may resort to cryptography in order to enforce this property and others built into the language. Conversely, for better or for worse, security machinery can have a significant effect on language semantics and implementations, even when it is regarded as an add-on. For instance, access-control techniques that depend on the contents of the execution stack give an observable role to the stack, affecting program equivalences. A language perspective can help in understanding such security mechanisms and sometimes in developing new ones.