[cap-talk] How many of these absurdities would caps fix?

Ian G iang at systemics.com
Tue Jun 20 07:18:42 EDT 2006 

Hi Mark,

Mark Miller wrote:
> <http://www.securityabsurdity.com/failure.php> is
> "Security Absurdity: The Complete, Unquestionable, And Total Failure
> of Information Security."
> 
> It seems to be getting a lot of attention. I've only skimmed it, but
> it looks good to me so far.
> How many of the problems that he enumerates are POLA violations?
> Ignoring legacy-compatibility issues, how many of these problems would
> caps fix? Without ignoring legacy issues, how many of these issues
> could still be effectively addressed by combining caps with approaches
> like Polaris and/or authority-limited virtual machines?
> 

I wrote an article for JIBC last year which speculated
that Capabilities had something to add to the wider issues
that the paper above raised.  FTR, the few (brief) words
are at the bottom.

I think the brevity of the comments suggests (IMO) that
caps only adds to the solutions, but by itself I suspect
it will not succeed.  That is, in another 30 years, caps
will still be where it is today.

Its as much the responsibility of the caps community to
"evangelise" and improve the caps concept -- for which
good work is being done -- as it is to also integrate in
other ideas and frameworks.  That latter is one thing
that I feel intiutively will continue to hold it back.

(I realise I didn't actually answer your question - consider
this "topic drift.")

iang

=====================
  Capabilities

Researchers are working through the ramifications of Usability and discovering it's hard work. One group that has recently achieved successes here is the Capabilities School. In this engineering approach to the creation of Rights in an insecure world, capabilities are used as the hooks to just about everything. Capabilities might be described as references to objects (similar to Java) that follow the the founding principle of POLA - the principle of least authority.

In order to demonstrate this, researchers at HP Labs have recently announced a safe environment for Microsoft tools [ 13 ]. By taking on a totally unsafe application such as a browser in Microsoft environment and wrapping a POLA layer around it, they've shown just how far we can go with sound engineering and rights designs.

The big challenge for the school is to take the advanced concepts of capabilities and graft enough of them into the production world to deliver security benefit. Picking on Microsoft is a good idea, as Microsoft promotes the reverse in the way its operating system and applications work - principle of maximal authority.

http://www.arraydev.com/commerce/JIBC/2006-04/Grigg.asp
======================

More information about the cap-talk mailing list