[cap-talk] What's "Discretionary Security" (was: Another "core" principle, capability communication)
Karp, Alan H
alan.karp at hp.com
Tue Jan 2 19:13:42 CST 2007
Jed wrote:
>
> The way I would describe the above is that two permissions
> are required
> for resource access, permission to communicate and permission
> to access
> the resource.
Correct, under the simplifying assumption that whether or not the
message gets through is independent of the message contents. Not all
systems work that way. For example, the declassifier (which may be a
person) in an MLS system must decide based on the message contents.
_________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 423 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20070102/38210372/attachment.vcf
More information about the cap-talk
mailing list