[cap-talk] Confinement CC problem ??

David Hopwood david.nospam.hopwood at blueyonder.co.uk
Tue Aug 8 10:54:09 EDT 2006

Rob wrote:
>>>>In my proposed design the capabilities are being locked down
>>>>to a clearance level instead, allowing processes with capabilities on
>>>>multiple clearance levels to somewhat move between the levels during
>>>>their lifetime. [...]
> The discussion seems to have died out. However it would I think be very
> important if we could resolve the issue. If as I think we can indeed
> define a confinement subset of the CC problem in a way as described
> abouve, this could potentialy be a big step forward in getting cap design
> accepted as alternative in governmental military and law enforcement
> organisations. If on the other hand I am fundamentaly misguided in my
> assumptions, I could stop wasting any more time in attempting to do so.
> Please look at the abouve URL and try to understand what I am trying to
> do and if the definition of a confinement subset of the CC problem would
> indeed be possible in a way like this.

I think that defining confinement in terms of clearances is fundamentally
the wrong approach, whether or not it is possible.

To the extent that any governmental, military or law enforcement organisations
consider clearance levels and/or variants of the *-problem to be the right
way to model their information security requirements, I believe they are
mistaken. Developing complex extensions of capability systems to attempt to
handle security policy in those terms would be a misdirection of resources.

David Hopwood <david.nospam.hopwood at blueyonder.co.uk>

More information about the cap-talk mailing list