[cap-talk] 'IX/Windows API problem for POLA? Polaris

Karp, Alan H alan.karp at hp.com
Thu Nov 17 17:19:20 EST 2005 

Jed wrote:
> 
> I hope my comments about Plash clarified what I meant when I 
> suggested that mechanisms like Plash and Polaris "fight" the native 
> access control mechanisms.  Specifically they are not integrated into 
> the UID owner,group,other and rwxs sorts of access control.  They are 
> separated from it, thankfully.  The native access controls are 
> ambient authority and the Polaris/Plash access controls are fine 
> grained and suitable for "less authority."  They are also not 
> permanent in surviving across system restarts (I know for Plash - I'm 
> not so sure for Polaris).
> 
Polaris works by launching the application in a restricted user account
then adding the authorities to the file the user has designated.  It
makes full use of "UID owner,group,other and rwxs sorts of access
control."  That means the application is still working with ambient
authorities and is still subject to confused deputy.  It's just that the
set of authorities is so small that the ambient set is close to what you
want anyway, and there's little to be confused about.  Polaris is very
definitely NOT a capability system.

> Let me ask you Alan what I asked about Plash.  Do you see any path 
> toward the kind of growth needed for relevancy for Polaris?  Given 
> it's state as an HP product (I assume) it seems to me even more 
> difficult for it to transition to a relevant growth curve.  
> How do you see it?
> 
We are in the business development process now.  Actually, we're in it
again.  I had built up a set of contacts interested in pursuing
productizing Polaris.  They all took the latest early retirement
package.  I've had to start over, but I'm beginning to make progress.
If I succeed, there's a chance there will be a polarized browser on
every consumer PC HP ships and that many of our enterprise machines
would have that and more apps polarized.  That should meet your
definition of a "relevant growth curve."  Unfortunately, although
Polaris supports POLA, where L is "Less" not "Least", it isn't
capabilities.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://eros.cs.jhu.edu/pipermail/cap-talk/attachments/20051117/d24de873/KarpAlanH.vcf

More information about the cap-talk mailing list