[cap-talk] Mandatory Access Control (was: What's "Discretionary Security")

Jonathan S. Shapiro shap at eros-os.com
Wed Jan 3 14:41:53 CST 2007

On Wed, 2007-01-03 at 10:02 -0800, Jed Donnelley wrote:

> Let me just feed a bit off what's now on the "discretionary access 
> control" page:
> http://en.wikipedia.org/wiki/Discretionary_access_control
> Namely where it says, "A system is said to provide discretionary 
> access control if the owner of an object has the ability to control 
> how others can access it.

This definition is flatly wrong. Discretionary control isn't about what
the owner of an object can do. It's about what a process can do. The
definition above would lead to the conclusion that capability systems
cannot be discretionary because they have no notion of owner. This
conclusion is clearly inconsistent with the literature.

Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100

More information about the cap-talk mailing list