[WIP] Editorial changes

Whitepaper.tex

@@ -14,19 +14,27 @@
 \usepackage[usenames,dvipsnames]{color}
 \hypersetup{breaklinks=true,
             bookmarks=true,
-            pdfauthor={},
-            pdftitle={},
+            pdfauthor={Jacob Payne, Jake O'Shannessy, and Alexey Troitskiy},
+            pdftitle={Beaker: A security protocol and framework for smart contracts},
             colorlinks=true,
             citecolor=blue,
             urlcolor=blue,
+            pdfkeywords={exokernel, OS, Operating System, security protocol,
+                permission system, smart contract platform, stored
+                procedure, Ethereum, semantic restriction, blockchain, virtual machine,
+                decentralised organisation, data access, open source, introspection,
+				system call, isolation, procedure},
             %linkcolor=magenta,
-            pdfborder={0 0 0}}
+            pdfborder={0 0 0.5 [1 3]}
+	    	pagebackref=true},
+
 \urlstyle{same}  % don't use monospace font for urls
 \usepackage{color}
 \usepackage{listings}
 
 \usepackage{longtable,booktabs}
 \usepackage{graphicx,grffile}
+
 \makeatletter
 \def\maxwidth{\ifdim\Gin@nat@width>\linewidth\linewidth\else\Gin@nat@width\fi}
 \def\maxheight{\ifdim\Gin@nat@height>\textheight\textheight\else\Gin@nat@height\fi}
@@ -120,7 +128,7 @@ \section{Introduction}\label{introduction}
 demonstrate these security guarantees to others without requiring manual-code verification.
 
 \section{Problems}\label{problems}
-Smart contracts are, by their nature, unforgiving machines that follow the their
+Smart contracts are, by their nature, unforgiving machines that follow their
 specification to the letter. This is one of the main benefits of smart
 contracts, but it can also be their downfall, as the machine will faithfully
 execute any flaw or mistake in that code. This is a well known property of smart
@@ -187,7 +195,7 @@ \subsection{Isolation}\label{isolation}
 
 \subsection{Upgrades}\label{upgrades}
 One area where the lack of isolation in smart contracts is most problematic is
-in the upgrading of smart contracts. DSLs, verification, auditing etc. are
+in the upgrading of smart contracts. DSLs, verification, auditing, etc., are
 excellent tools to ensure that a smart contract will behave as intended, but
 where they struggle to maintain their effectiveness is during upgrades. Once an
 upgrade occurs, the whole system needs to be re-audited to ensure the same
@@ -237,7 +245,7 @@ \section{Existing Work}\label{existing-work}
 
 \subsection{ZeppelinOS}
 Of the recent projects that are making an impact in this area is the
-ZeppelinOS\footnote{https://zeppelinos.org/} ZEP protocol by the Zeppelin Team.
+ZeppelinOS\footnote{\url{https://zeppelinos.org/}} ZEP protocol by the Zeppelin Team.
 Users of smart contract
 libraries that use the ZEP protocol are able to vouch or vote for
 upgrades they wish to adopt. Only code that is sufficiently vouched for
@@ -269,7 +277,7 @@ \subsection{ZeppelinOS}
 market can trust long-term.
 
 \subsection{AragonOS}
-AragonOS\footnote{https://aragon.org/} is another example of smart contract
+AragonOS\footnote{\url{https://aragon.org/}} is another example of smart contract
 framework that seeks to take a more operating system style approach. Much like
 Beaker, AragonOS features a permission system and a kernel, however, after that
 the design diverges significantly. AragonOS aims to be a featureful platform on
@@ -437,12 +445,13 @@ \subsection{System Calls}\label{system-calls}
 done
 via CALLCODE. This means that that our system, which we will call our
 ``kernel instance'', is the current storage and event space of the
-running code. It also means that the CALLER\footnote{One downside of this design
+running code. It also means that the CALLER value,
+which is a global
+read-only value, is set to the address of our kernel instance.
+\footnote{One downside of this design
 is that the original sender of the transaction must be included in the payload
 of the transaction if it is needed. As the kernel address is more security
-critical, and is needed more often, it is placed in the CALLER value.} value,
-which is a global
-read-only value, is set to the address of our kernel instance. When our
+critical, and is needed more often, it is placed in the CALLER value.} When our
 procedure does a DELEGATECALL, this address is maintained. As a
 consequence, whenever a kernel is executing a system call, it is able to
 simply check that the CALLER value is equal to its own address (it is
@@ -607,7 +616,7 @@ \subsection{Auditability and the Principle of Least
 
 By using an operating system model, Beaker is able to enforce isolation
 at runtime. The information on the isolation of the system is contained
-within the kernel and can be audited quite simply be anyone looking at
+within the kernel and can be audited quite simply by anyone looking at
 the system. This allows us to not only isolate the highest risk portion
 of our code and reduce our attack surface, but also to verifiably
 demonstrate that to others. To an outside auditor, many chunks of a
@@ -772,7 +781,7 @@ \subsection{Implementing a Capability Based Security
 The advantage of this design, where capabilities are assigned to
 procedures, is that it is simple and enforceable. Compared to some other
 capability system designs this does have a few limitations. One
-limitation it does not support dynamically chosen capabilities. For
+limitation is that it does not support dynamically chosen capabilities. For
 example this means that it is not possible to pass a capability of a
 particular storage location to a procedure. This is an often touted
 feature of capability systems that allows for the delegation of
@@ -782,7 +791,7 @@ \subsection{Implementing a Capability Based Security
 \subsection{Custom User Permissions}\label{custom-user-permissions}
 A capability-based security model allows the flexibility to define a
 procedure that can act as a custom permission system akin to an access
-control list. With a custom permission system, users are free do define
+control list. With a custom permission system, users are free to define
 their own hierarchies or groups in order to satisfy their particular
 requirements. Thus users are not forced to follow a specific permission
 model that does not fit their needs and still maintain safety through
@@ -801,7 +810,7 @@ \subsection{Custom User Permissions}\label{custom-user-permissions}
 administration system to maintain and upgrade previously defined
 components within the organization by secure vote.
 
-Another example can involve groups. Where group is assigned control over
+Another example can involve groups, where a group is assigned control over
 a procedure with designated capabilities that define how the group can
 affect the organization. This in effect can be used as an explicit
 safeguard where each group cannot compromise the other's resources.
@@ -872,17 +881,17 @@ \subsubsection{Storage}\label{storage}
 procedure can either read or write a 32 byte value. In order to provide
 the kernel a protected storage space, storage is divided into two
 spaces, with half of locations assigned to kernel-space and and the
-other half assigned to user-space storage. This provides all procedure a
+other half assigned to user-space storage. This provides all procedures a
 user-space of $2^{255}$ unique keys. The number of storage keys far outweighs
 the capacity of the storage system itself, so will not be a limiting
 factor long term.
 
 \subsubsection{Events}\label{events}
 Events are crucial for signalling verified changes to the outside world,
 accessing data asynchronously, as well as their use in establishing
-off-chain networks. In Ethereum, logs can be ascribed from 0-4 topics,
+off-chain networks. In Ethereum, logs can be ascribed from 0–4 topics,
 with each topic being a 32-byte value. These topics are handled as
-addresses or namespaces. In order to log to specific topic, the
+addresses or namespaces. In order to log to a specific topic, the
 procedure must have the capability to do so. This capability is the
 write capability included under the Log object in the table kernel
 object table above. This capability type is then refined to dictate