[cap-talk] What's "Discretionary Security" (was: Another "core" principle, capability communication)
Karp, Alan H
alan.karp at hp.com
Mon Jan 1 23:15:55 CST 2007
MarkM wrote:
> >
> > Also, VOC is non-discretionary.
>
>
> Do you claim these answers are consistent with Shap's stated
> definitions for
> these terms? If instead, as I suspect, you have a different
> meaning in mind,
> could you state your proposed meaning for these terms?
>
The distinction I make depends on three parties. Alice makes a request
of Bob. If Bob decides whether or not to honor the request, I call it
discretionary. If the request is blocked from reaching Bob, or the
reply from Bob is blocked from reaching Alice, then the access is
non-discretionary. The blocking must be done by some third party, which
could be the TCB, but could be some entity that doesn't have access to
the requested resource. VOC must be non-discretionary according to this
definition.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list