[cap-talk] Need Challenge Problems

[Jed at Webstart]

At 06:22 AM 7/19/2006, David Hopwood wrote:
>Mark S. Miller wrote:
> > Toby Murray wrote:
> >
> >>Also, the "confinement" term has also been used in the context of
> >>criticising unrestricted delegation. In this instance it has been used
> >>when talking about the "capability confinement problem" in
> >>http://www2.cs.uregina.ca/~pwlfong/Pub/esorics2006.pdf
> >
> > I just skimmed that paper, "Discretionary Capability 
> Confinement", by Philip
> > Fong. It seemed like he started out standing on some of the right 
> feet, but
> > then he lost me. Do you understand this paper? Can you explain it? Anyone?
>
>It goes in the wrong direction, IMO.

I agree, and in so far as a scan can allow I also agree with the rest of
David Hopwood's analysis.

In my opinion the failure of this sort of mechanism and similarly the 
Rob Meijer
mechanism are good examples of cases where the need for what I refer
to as "network discipline" are abundantly clear.  This is partly why I put so
much hope in mechanisms at the network level (e.g. like YURLs or
widewords) as I understand Tyler will be discussing tomorrow (no pressure
Tyler).

In my opinion anything that can effectively work can work at the network
level.  At the network level it becomes quite clear what can be done and
what can't be done.  Once a scheme for communicating permissions
can be agreed to and standardized at the network level, then I believe
it's fairly straight forward to implement such a scheme at the OS and
even I expect at the language level.  Trying to go in the other direction
(start at, say, the language level or the OS level and try to extend to
the network level) I belive is a prescription for disaster - as I believe we
have seen repeated again and again.

--Jed http://www.webstart.com/jed/