[cap-talk] Newbie questions about security

Karp, Alan H alan.karp at hp.com
Fri Dec 21 11:26:23 EST 2007

Indeed, security is a big word with lots of meanings.  Here are 11 that I refer to.

Authentication    Who am I talking to?
Authorization     What should I be able to do?
Audit                     Who did that?
Access control    Should this request be honored?

Non-repudiation   Can I pretend I never said that?
Confidentiality           Can others see what I'm seeing?
Privacy                   Can others see that I'm seeing it?
Integrity                 Can this data be changed?
Anonymity                 Can others find out who I am?

Denial of service         Can I be assured of access?
Physical security         Who can touch it?

Every security architecture must include all of them, but one person can be expert in no more than a couple of them.

The problem you described is most closely related to access control, but it touches on some of the others.  The real issue is whose authorizations to use when a resource access is attempted, the user's or the creator of the program being run.  Today's systems use the former, which is why a virus can do so much harm.  A better approach is to start all programs with access to none of the user's resources and add access based on user acts of designation, which is a lesson we learned from CapDesk [1].  Two systems based on these ideas are Polaris [2] and Plash [3].

[1] http://www.skyhunter.com/marcs/CapDeskSpec.html
[2] http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html (CACM, September 2006)
[3] http://plash.beasts.org/wiki/

Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029

More information about the cap-talk mailing list