[cap-talk] Boebert's quote - typos?

Jed at Webstart donnelley1 at webstart.com
Thu Jul 20 20:16:41 EDT 2006 

At 03:38 PM 7/20/2006, Ka-Ping Yee wrote:
>On Thu, 20 Jul 2006, Jed at Webstart wrote:
>
> > At 05:35 PM 7/19/2006, Toby Murray wrote:
> > >...
> > >The problem is that Boebert's quote is ambiguous. Depending on how
> > >one interprets its meaning, we can draw different conclusions about
> > >its correctness and applicability.
> >
> > Why does it matter how we interpret Boebert's quote?  Isn't what
> > matters whether or not the attack applies?
>
>There are two issues being discussed, i think.  One is the question
>of how to make a correct statement about what capability systems are
>capable or incapable of.

There I argue that the attack is unrelated to what capability
systems can or cannot do.  The attack is essentially due to
a cooperating conspirator (the Trojan Horse), which, if it can
read high data and send what it reads to a low process, can
violate the requirements of MLS.

>The second is to understand the impact of
>Boebert's paper on subsequent research.

There may be a good point you make there in the Capability
Myths paper.  It would be sad indeed to think that his argument
that it was specifically targeted at capability systems lead to
limiting future research on capability systems (systems with
communicable permission tokens).  This is particularly true
given what happened to the whole MLS area shortly after his
paper was published - namely it pretty much tanked.

> > I don't agree.  Here's Boebert's attack (from
> > http://www.erights.org/elib/capability/duals/boebert.html
> > Kudo's to Ka-Ping Yee, many thanks - in spite of the minor typos...):
>
>Thanks -- and thanks for catching the typo.

If you have access to:

http://www.erights.org/elib/capability/duals/boebert.html

the one other typo I noticed is in the third line of the second paragraph:

such as a segment, and Mode is an access mode such as Read or 
Write.  Cpaabilities
                                                                                                        >>>Capabilities
>I seem to recall being very meticulous about this transcription, so
>there's a slight possibility that the misspelling of "with" at the
>bottom of page 292 is copied accurately from the original.  Does anyone
>have the actual paper or the proceedings in which it was published?

Interesting.  I can't say what the original contains.  I seem to 
remember reading
this paper when it was discussed in the middle 80s, perhaps in a discussion
with Peter Neuman?  However, I hadn't heard of it since until I saw 
the discussion
on this list.  Who knew I'd get so involved with it??  Especially 
considering how
little I think of MLS systems.  If the typos are in the original then 
I guess one
could argue that they should stay in the transcribed version.  Even 
in that case
I think it might be a service to Boebert and to others to correct those minor
typos in the transcribed version.  Of course if they aren't in the 
original then
it would be best to correct them in the transcription.

Thanks again for your help in posting this article Ka-Ping.

I am trying to contact Mr. Boebert through a colleague who coauthored
a different paper with him (Bill Franta), but I'm not very hopeful of success.
If I happen to get in contact with Mr. Boebert I'll have a few things 
to ask him ;-)

--Jed http://www.webstart.com/jed/

More information about the cap-talk mailing list