[cap-talk] On revocation and the use of wrappers and In Defenseof Identities
Karp, Alan H
alan.karp at hp.com
Wed Dec 6 23:17:12 CST 2006
Marcus Brinkmann wrote:
>
> There is also the further consideration that unwanted or unnecessary
> information leakage, even if harmless, seems to indicate a design
> flaw. Often, such fine points generate a lot of traction if they are
> viewed under a system design perspective. Or in other words: Who am I
> to compromise? :)
>
This information leakage is under the control of the delegator. The
delegator can always assume responsibility by directly handing off the
capability or chosing to proxy requests.
>
> The problem is that it is easily exploitable, because the amount of
> memory used to store the bookkeeping data is not bound by the number
> of objects, but by the number of delegations that take place.
> Depending on the design, either a user alone or at least two
> conspiring users can probably exhaust these resources by delegating
> the same object many times.
>
The server can always refuse if a given capability has been delegated
too many times.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list