[cap-talk] Selling capabilities programming
Karp, Alan H
alan.karp at hp.com
Thu Jul 26 00:22:58 EDT 2007
Sandro Magi wrote:
>
> It is of value in the local case, when running malicious software on
> your own computer. The network case is indeed costly, and there is no
> great solution I know of at the moment.
>
Client Utility used path based capabilities. Alice on one machine
holding a capability to Carol on a second machine could not send that
capability to Bob on a third machine. She could only ask Carol to grant
the capability to Bob. Carol would almost always comply since Alice
could proxy for Bob. Under the covers, E and one of Jed's systems (I
forget which) work the same way, but they don't implement a means for
Carol to refuse the introduction. Whether or not this cost is
"substantial" is in the clock of the beholder.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list