[cap-talk] Capabilities and Freedom vs. Safety
Jonathan S. Shapiro
shap at eros-os.com
Thu Jul 26 12:39:04 EDT 2007
On Thu, 2007-07-26 at 16:39 +0100, Toby Murray wrote:
> This of course depends on one's definition of "adequate". However, my
> definition of adequate includes the ability to discover when
> (subject/object) Alice has the authority to invoke Bob but can't acquire
> the permission to do so. This requires (counterfactual) causal reasoning
> in order to make this determination. (I know you know, but for the
> benefit of anyone else reading) we've discussed this somewhat recently
> on the list. My own work with CSP is trying to do exactly this.
Toby:
Just to confirm that I understand you, your goal here is to reduce the
degree of conservatism that is inherent in equating statically
determined authority with feasible actions, yes?
I can see that CSP might be appropriate here, but I am curious about
something. It seems to me that no analysis of the form you contemplate
is feasible without reasoning about program behavior. One can simplify
the problem by reasoning about a *model* of the program (that is: about
an alleged program).
Is this a fair understanding of where you are trying to go?
shap
More information about the cap-talk
mailing list