Building Secure Systems using Programming Languages and Analysis

Shill questions

In addition to the paper summary, please answer these two questions:

  1. Why does Shill rely on contracts? Are capabilities not enough?

  2. Why are capability-sandboxed processes (not Shill scripts) vulnerable to the confused deputy problem?

You may find the notes from last week’s class useful when answering these questions.

Please sign up for Piazza if you haven’t done so already and use the GitHub classroom link (see relevant post on Piazza) to sign up for a private repository to which you will post your writing assignment.