[cap-talk] Capabilities and Freedom vs. Safety
david.hopwood at industrial-designers.co.uk
Sun Jul 22 12:54:55 EDT 2007
Pierre THIERRY wrote:
> Scribit James A. Donald dies 22/07/2007 hora 10:31:
>>> 2. The system-wide installation utility should be able to install
>>> programs in such a way that (a) they are confined when run, but (b)
>>> the user cannot inspect their code or data.
>> This makes it likely that such programs will not necessarily be
>> written to act in the best interests of the user - that they will, in
>> some sense, be Trojans or malware.
> Could you detail how a Trojan or malware could be designed as to
> effective when run confined?
> And why should an uninspectable code be more malicious than one
> inspectable? Isn't it partly because code inspection isn't effective as
> a practical security measure that we are designing capability systems?
A design goal of many capability systems is to make code inspection more
effective (in addition to constraining uninspected code).
David Hopwood <david.hopwood at industrial-designers.co.uk>
More information about the cap-talk