[cap-talk] Stack walking is capability access control?
Sandro Magi
smagi at higherlogics.com
Tue May 15 23:02:48 EDT 2007
David Wagner wrote:
> Geoffrey Alan Washburn <geoffw at cis.upenn.edu>
>> I never claimed it was equivalent to a capability system. I only was
>> claiming that it can be treated as an instance of a capability system.
>> The text in my proposal, as quoted by Sandro, does unfortunately not
>> clearly articulate this distinction.
>
> I don't follow the distinction you are making. I would say that Java is
> not a capability system, and it is not an instance of a capability system
> (whatever that would mean). Can you explain? Maybe we are using the
> same words but meaning something different by them.
In a private communication to me earlier, Geoffrey clarified:
To further clarify, I am not claiming that stack inspection is
equivalent to capability based access control, but that it may be
implemented using capability based access control.
This is theoretically true, in the Turing-equivalence sense of whole
program transformations, as others have mentioned.
Practically speaking however, it does not conform to important security
practices such as POLA, nor does it look like a capability system to the
developer. Geoffrey has said he would clarify his statements in
follow-up papers, so I hope this discussion has highlighted the precise
distinctions to be made.
Sandro
More information about the cap-talk
mailing list