[cap-talk] Capabilities vs. Classifications
Karp, Alan H
alan.karp at hp.com
Wed Dec 21 12:14:00 EST 2005
Anthony Hannan wrote:
> You can give your classified objects out
> without worrying, knowing that only authorized subjects will
> be able to
> invoke them (assuming you trust the kernel/middleware).
This property was built into the Client Utility (e-speak Beta) using a
concept that Ping labeled "Voluntary Oblivious Compliance." Voluntary,
because you can't stop proxying between communicating properties.
Oblivious, because you can give them out without needing to know if the
recipient is authorized to have them. Compliant, because the rules will
still be enforced by the kernel or middleware. Client Utility did VOC
with "split capabilities" ("Using Split Capabilities for Access
Control", IEEE Software, vol. 20, #1, pp 42-49, January 2003, also
http://www.hpl.hp.com/techreports/2001/HPL-2001-164R1.html). MarkM has
figured out how to enforce VOC with object capabilities. VOC has wider
applicability than just multilevel security.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://eros.cs.jhu.edu/pipermail/cap-talk/attachments/20051221/e6947ddb/KarpAlanH.vcf
More information about the cap-talk
mailing list