Mitigating LangSec Problems With Capabilities

Explore a 24-minute IEEE conference talk that delves into mitigating language-based security (LangSec) problems using capability-based systems. Learn how the Sandstorm system, a capability-based, private-by-default environment for running web applications, addresses LangSec vulnerabilities through robust isolation and proactive security measures. Discover how capability systems can transform complex authorization decisions into syntactic constraints on requests, potentially simplifying security implementations. Examine the impact of Sandstorm's systematic protection across multiple system levels in reducing the severity of LangSec bugs in hosted applications. Gain insights into the characterization of addressed vulnerabilities using MITRE's Common Weakness Enumeration (CWE) scheme, and understand the potential benefits of capability-based systems for the LangSec community.

Mitigating LangSec Problems With Capabilities