[cap-talk] What are caps good for? "Encapsulation"? POLA
vs. confinement
Jed Donnelley
jed at nersc.gov
Mon May 10 22:56:20 EDT 2004
At 04:18 AM 5/8/2004, Jonathan S. Shapiro wrote:
>On Fri, 2004-05-07 at 17:00, Jed Donnelley wrote:
> > At 01:38 PM 5/7/2004, David Chizmadia (JHU) wrote:
> > >Perhaps the better term would be "Security Encapsulation".
> > >
> > >-DMC
> >
> > Would that be referring to confinement or POLA? I see them as
> > quite distinct.
>
>POLA is a principle. Confinement is a mechanism. Your question therefore
>fails to type check. :-)
Sorry. I don't know a commonly used term for the minimum mechanism
that is required to underlie POLA - namely the ability to communicate
across a boundary between mutually suspicious processes
just the appropriate (the needed) set of rights.
As seen in my other communication on related threads, I find myself
distinguishing the "right" to communicate from rights to other more
typical "object" rights, e.g. rights to a file or a directory or to another
process or an account or ...
Perhaps I'm just too enmeshed in the network world to consider the right
to communicate as something meaningfully restricted by POLA.
I don't see how the right to communicate can be effectively restricted
across a boundary of mutual suspicion.
>Enforced encapsulation boundaries are a precursor to POLA discipline in
>the real world.
Is the phrase "enforced encapsulation boundaries" what I was referring
to above to enable communication between mutually suspicious processes?
If so, then perhaps I should start using that term. As long as it doesn't
include the "confinement" notion that I believe is quite distinct and it's
commonly accepted then I'm happy with it. I'll try it for this archive
for a while and see how it goes.
--Jed http://www.nersc.gov/~jed/
More information about the cap-talk
mailing list