[cap-talk] A question on capabilities
Norman Hardy
norm at cap-lore.com
Thu Jun 15 16:21:50 EDT 2006
On Jun 11, 2006, at 9:22 PM, David Wagner wrote:
> ....
> I got one question afterwards that I didn't have a great answer to,
> and I'm curious what others response might be. The question: Suppose
> Alice has a powerful capability, and Alice and Bob have a
> communication
> channel over which they can talk to each other. Ok, granted, we can't
> prevent Alice from sharing her authority with Bob, if she really wants
> to, since she can always proxy for Bob. But what about the risk of
> Alice
> unintentionally leaking her capability to Bob? Do capability
> systems have
> a good story about how to deal with that?
I wrote up some notes at <http://cap-lore.com/CapTheory/Wagner.html>
describing where Keykos arranges communications which limit messages
in order to solve specific security problems.
In particular the factory and fort.
The factory in particular was useful in solving certain formal
military requirements.
.....
More information about the cap-talk
mailing list