[cap-talk] POLP v. POLA

Karp, Alan H alan.karp at hp.com
Mon Oct 31 12:06:32 EST 2005

> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org 
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of Charles Landau
> Sent: Monday, October 31, 2005 8:48 AM
> To: David Wagner; General discussions concerning capability systems.
> Subject: Re: [cap-talk] POLP v. POLA
> At 8:40 PM -0800 10/30/05, David Wagner wrote:
> >Tyler Close writes:
> >>You delegate authority A to service Bob. You later determine that
> >>authority A was used in an abusive way. It is irrelevant to you
> >>whether Bob is a self-sufficient service, or whether it is 
> implemented
> >>through further delegation to service Carol. You are still going to
> >>blame Bob.
> >
> >Could this be a distinction between systems for cooperation between
> >humans and systems for cooperation between software?  If "I" 
> and "Bob"
> >are humans, then yup, what you write makes sense.  In that 
> context, it is
> >useful to know who to blame, because then I can take that 
> into account
> >in my future interactions with Bob.  But if "I" and "Bob" 
> are pieces of
> >software from a single system, then I'm having trouble 
> seeing what good
> >it does to be able to blame Bob.  In that case, the system 
> is insecure,
> >and blaming one line of code vs another line of code seems a 
> little odd.
> Your code delegates authority A to an object whose code was written 
> and installed by Bob. If it is misused, you will blame Bob and adjust 
> your code to take that into account in its future interations with 
> Bob's object. Viewing it as a single system is the wrong perspective 
> because it contains parts from people with various allegiances.

Or you could have written the code yourself and found either an error or
an exploited vulnerability.  In every case, from people to exploits,
knowing the entity that violated your policy is the key to addressing
the problem.

> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk

Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://eros.cs.jhu.edu/pipermail/cap-talk/attachments/20051031/d96f4632/KarpAlanH.vcf

More information about the cap-talk mailing list