[cap-talk] disputing the slam against network
capabilities, esp. confinement/auditing
devbox at selnet.org
Sun Oct 17 11:14:52 EDT 2004
On 16/10/2004, at 23.23, David Wagner wrote:
>Jonathan Shapiro writes:
>>Actually, I believe that you meant "enforced as an exogenously imposed
>Not to be nitpicky, but how else could you enforce something?
>In computer security, in every case I can think of, the entity
>doing the enforcing is different than ("exogenous to"?) the entity
>upon which the constraint is enforced. Can you give an example
>of a constraint that is enforced in a non-exogenous manner?
I guess the best example is an agent-based system. Each agent will
autoimpose to himself a set of constraints. In a very advanced system, the
constraints enforced locally will be "negotiated" between agents in order
to find the best global policy for the group. The negotiation is driven by
a common "objective function" for all agents within a group.
The "objective function" governs the life of each agent, independently of
the other agents, but there is a certain degree of collaboration between
agents within a group, in order to "reach" the common objective function.
>>And subject to this small rewording, the definitions you have given
>>correspond precisely to what the terms "discretionary" and "mandatory"
>>are currently understood to mean.
>Hmm. I guess I need to update my mental dictionary. I always thought
>"mandatory access control" referred to global enforcement of a global
>policy set by a single sysadmin, though I'd be hard-pressed to explain
>why I think that.
>cap-talk mailing list
>cap-talk at mail.eros-os.org
More information about the cap-talk