Swift Sheng

Publication Date

Spring 2025

Degree Type

Master's Project

Degree Name

Master of Science in Computer Science (MSCS)

Department

Computer Science

First Advisor

Thomas Austin

Second Advisor

Genya Ishigaki

Third Advisor

Katerina Potika

Keywords

Object Capability, Security, Lua, Sandbox

Abstract

Inspired by the object capability model and sandbox, this project, Proxy Cap, introduces a new Lua access control model that improves the language’s security without sacrificing usability. Object capability is an unconventional but powerful security model. The security model closely observes the principle of least authority. Ambient authority, the omnipresent global environment, does not exist in the object capability computation world, and no resource is accessible unless explicitly assigned. Only connectivity begets connectivity. Lua is an extensible and high-performing scripting language based on ANSI C. The language is popular in many fields but faces security challenges. Lua has a non-traditional global environment architecture that relies on a sandboxing mechanisom for its security guarantees. Sandbox is Lua’s native security tool. It offers security through isolation, but fails at being dynamic because a customized sandbox environment is static and single-use only. Proxy Cap supplements the existing sanbox by creating a new object that replaces the original object without hazardous resource access. The new object behaves like the original object but cannot perform unauthorized tasks unless explicitly given authority. This design is made possible by Lua’s C API. Real-world usecases are included in verification section to showcase the result.

Download

Share

COinS