[cap-talk] least authority -why flames (was: leastauthority getssome press)
John McCabe-Dansted
gmatht at gmail.com
Tue Jan 23 00:30:32 CST 2007
On 1/23/07, Karp, Alan H <alan.karp at hp.com> wrote:
> David Wagner wrote:
> >
> > But, if I understand correctly, Polaris does not restrict
> > applications'
> > access to the network. (Please tell me if I got that one
> > wrong.) This is
> > a non-trivial deviation from full-fledged POLA. This should
> > give pause
> > for thought to anyone who wants to argue, without qualifications, that
> > we can have POLA at no cost.
Like-wise with Plash.
> We would if we could figure out how to do it.
On windows many commercial firewalls already have this functionality,
likewise systrace on Linux. What if you recommended that users also
installed one of these other security applications in conjunction with
Polaris. Or am I misinterpreting what you mean?
> Whether to do it for a
> particular application would involve a decision, so it would not be
> completely free.
I am not sure what you mean by completely free. Clearly just writing
Polaris cost you something. If these decisions are made by your
"solutions provider", these decisions can have zero marginal cost per
additional user, and a small fixed cost per additional application
that is be integrated by the solutions provider.
Also you could decide that users delegate access to the network when
they launch an app from the Internet sub-folder of the applications
menu. On my linux box there aren't any applications that really need
net access that do not place themselves in the Internet folder.
--
John C. McCabe-Dansted
PhD Student
University of Western Australia
More information about the cap-talk
mailing list