[cap-talk] the prize
iang at systemics.com
Thu Oct 21 09:33:07 EDT 2004
Karp, Alan H wrote:
> Ian Grigg wrote:
>>Jed, if the prize is
>> _secure resource sharing within computers and across the network_
>>then it should be writ large and loud. Is that it?
>>Are there other opinions?
> I don't know what the prize is unless you tell me what you mean by
> "secure". I think the best that we can do is balance the benefits
> against the risk. Would you accept the following?
> _limiting risk when sharing resources within computers and
> across the network_
> The problem with this definition is that today's computers limit the
> risk, just not very much.
I think there are two things there: Firstly, I think
we can ask the same question about almost all the terms
in that statement. For example, what is a resource?
Or, see Shap's comments on caps-on-the-node v. caps-
Personally, I'd strive to stick to the most general and
accesible terms when setting a big prize, and maybe add
a definitional section later. (That's what we do in the
army - the mission is to capture that hill, soldier, and
you'd better have learnt the definition of "capture" by
Secondly, having said that, I'd agree with your definition
of secure. Secure I would define like this:
A system is secure if it provides an acceptable
cost/benefit defence against the threats listed in
the threat model.
So "secure" is not an absolute definition; it depends
on further definition of the costs and benefits, and
also, it depends on what is in the threat model.
For caps, say, Erights, we could say (and I'm speaking
off the top of my head here) that the threat of
eavesdropping is adequately covered by crypto, but the
threat of box theft is not covered.
More information about the cap-talk