[cap-talk] Communicating conspirators (Re: Second ABAC Google talk is now up)
Mark S. Miller
markm at cs.jhu.edu
Sun Jul 16 22:58:31 EDT 2006
John Carlson wrote:
> It seems to me that communicating conspirators is kind of like this:
> "If I told you, I would have to kill you." I can see the case where
> you might tell one of the conspirators and lock them up in Pelican
> Bay until they die, but then why tell them at all? They would
> be of no use to you locked up.
> I guess I am thinking of a case where I have insured that the object
> can only talk to me, that the implementation of the object is
> transparent,
> and I can see no way for the object to affect the state of an object
> besides me.
Within a computational system, such a locked up conspirator may indeed do you
a lot of good. But if it's locked up, it's not communicating; it's confined. I
believe you've just described the confinement problem, whose overt subset is
quite solvable.
> Perhaps this is a stateless object with no information
> to transmit?
E's approach to the confinement problem, essentially a simplification of
KeyKOS's, is exactly along the lines you suggest: A transitively immutable
object (in E, a DeepFrozen object) cannot be a communications channel.
> Which makes the object useless? Would a mathematical
> function
> which only had parameters and no side effects qualify? I am talking
> about a function, not something implemented in the computer. This
> is pure thought, not something practical.
Actually, DeepFrozen is a perfectly practical way to solve confinement.
KeyKOS's solution is more complex but more flexible. If the extra flexibility
justifies the extra complexity (which I think is plausible), then it is also
more practical.
> Maybe security will change
> when we get quantum computers. We need to be prepared. Is there
> such a thing as private state that can only be shared with one particle/
> wave in physics? Entangled particles?
Interesting questions, but quite beyond me.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list