[cap-talk] A better reference for the"capabilitiespropagatetooeasily" argument
Karp, Alan H
alan.karp at hp.com
Thu Aug 2 16:44:59 EDT 2007
I wrote:
>
> The security community at that time assumed a special class of user
> responsible for maintaining the integrity of the system. If Alice
> wasn't in that class, they would call it discretionary because Carol
> could ask Alice to transfer the right to Bob. However, once you get
> away from the idea of an all powerful Oz, you need to introduce the
> "point of view" piece. It makes sense. To Oz, everything is at his
> discretion.
>
I should have mentioned that the Information Flow work (Asbestos, Flume,
JIF, ...) aims to distribute control throughout the system by assigning
labels to subjects and objects and restricting access based on those
labels. According to my definition, the controls are mandatory to those
who cannot change the labels, discretionary to those who can.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list