Toby Murray

I am interested in the formal analysis of security models and architectures. In particular I'm interested in models and architectures that support the Principle of Least Authority (POLA). In order to support POLA in any meaningful way, a model must support the construction of abstractions as well as allowing the delegation of permissions. The Object-Capability Model has both of these properties. Perhaps the best source of information on the Object-Capability Model is Part I of Mark Miller's PhD dissertation.

My work (for the moment) is concerned with the formal analysis and modelling of the object-capability model and the real-world systems that embody it. Examples of real-world object-capability systems include programming languages such as E, W7, Jo-E, and Emily, and operating systems such as CapROS (formerly EROS) and Coyotos. Plash also implements an object-capability system to bring POLA to the Unix desktop.

Toby Murray holds a Bachelor of Computer Science (Hons.) from the University of Adelaide. Before coming to Oxford, he worked on Research and Development in Computer Security for the Defence Science and Technology Organisation (DSTO), an organisation of the Australian Government devoted to Defence R&D. While working at DSTO, his research focused on Security Architectures for Pervasive Computing Environments and, in particular, the use of the Object-Capability Model as such an architecture.