Explore security in a malleable environment

[jryans]

Malleable systems will have interesting security challenges compared to more traditional approaches, since the default assumption today is to secure by locking down and preventing modification. Allowing "safe" modification and striking the right balance on what safe means, how it's conveyed to users, etc. will require some experimentation and exploration. It would be interesting to see work that heads towards best practices for security in a malleable world that could perhaps be shared across many systems and designs. (That might be too lofty a goal, so just experimenting with specific systems on security design would be great as well!)

As a starting point, let's use this issue to collect thoughts and articles related to security in a malleable world. At the very least, it should lead to more resources for the catalog. It may also inspire one or more posts on possible approaches.

[jryans]

As one example, browser extensions with their permission prompts where the user grants specific types of access would be one way to introduce some safety.

[jryans]

In the Matrix room, @dannyob suggested:

For security in a malleable environment I think it’s worth looking at the recent renaissance in Mark S. Miller’s capability-based systems. I know Chris Lemmer Webber has been working on a prototype in Racket, and MSM himself is leading the work on a JavaScript-based capability system: https://agoric.com/ https://dustycloud.org/blog/state-of-spritely-2020-02/

[themightychris]

I think that a big piece of security when novices are free to change things at will is making environments easy / low cost. Often people are stuck only being able to build in prod, so it's important that systems be designed from the ground-up to make practice environments with less sensitive data cheap and plentiful for novices