[cap-talk] Newbie questions about security
Karp, Alan H
alan.karp at hp.com
Fri Dec 21 11:26:23 EST 2007
Indeed, security is a big word with lots of meanings. Here are 11 that I refer to.
Authentication Who am I talking to?
Authorization What should I be able to do?
Audit Who did that?
Access control Should this request be honored?
Non-repudiation Can I pretend I never said that?
Confidentiality Can others see what I'm seeing?
Privacy Can others see that I'm seeing it?
Integrity Can this data be changed?
Anonymity Can others find out who I am?
Denial of service Can I be assured of access?
Physical security Who can touch it?
Every security architecture must include all of them, but one person can be expert in no more than a couple of them.
The problem you described is most closely related to access control, but it touches on some of the others. The real issue is whose authorizations to use when a resource access is attempted, the user's or the creator of the program being run. Today's systems use the former, which is why a virus can do so much harm. A better approach is to start all programs with access to none of the user's resources and add access based on user acts of designation, which is a lesson we learned from CapDesk . Two systems based on these ideas are Polaris  and Plash .
 http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html (CACM, September 2006)
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk