[cap-talk] A better reference for the "capabilities propagate too easily" argument
toby.murray at comlab.ox.ac.uk
Thu Aug 2 09:45:38 EDT 2007
On Thu, 2007-08-02 at 06:37 -0700, Mark Miller wrote:
> On 8/2/07, Toby Murray <toby.murray at comlab.ox.ac.uk> wrote:
> > I agree that the S&S definition has the advantage that it distinguishes
> > capabilities from ACLs. But I think there are better ways to phrase the
> > superiority of caps over ACLs than via this definition.
> That's a nice side benefit of S&S, but wasn't my point. My point is
> that the categories, to be at all relevant to historical usage, must
> categorize conventional ACLs as discretionary and MLS as mandatory.
> S&S succeeds at this. Alan's might; we'll see. The definition that you
> propose implies that any security mechanism whatsoever that ever
> enforces anything, including conventional ACLs, implements mandatory
> security (on the enforced party). History aside, I like your
> definition. But history isn't aside.
Ah. I see your point.
More information about the cap-talk