[cap-talk] "Immutable Law" #1 is alive and well at Microsoft
Jed Donnelley
capability at webstart.com
Fri Oct 5 13:16:04 EDT 2007
At 08:29 AM 10/5/2007, Mark Miller wrote:
>On 10/5/07, Stiegler, Marc D <marc.d.stiegler at hp.com> wrote:
> > [...] At MS, it would be especially easy to be unfamiliar
> > with these counterexamples -- you are surrounded by worldclass top
> > experts in security [...] who will tell you the immutable law is true.
>
>I doubt it. Anyone ever hear a worldclass expert in security, whether
>at MS or not, claim that this "law" is true? You can respond to me
>privately if you'd like. If you do, please let me know if I can
>summarize responses for the list. Thanks.
>
>Until we get a positive response to this query, I suggest we stop
>beating this straw man.
I disagree. It isn't a fine point for the few world class security
experts that we need to pound home. We need to communicate (inform,
sell) to the computer hoi polloi. Even at a conference like the
Usenix Security conference I would say the majority had not
heard/conceived of systems like CapDesk or Plash or Polaris where
applications can run under POLA.
Others not at Usenix Security conferences hear from colleagues,
read papers also.
I believe we need to spread the word as far and wide as possible
that this ambient authority "user"/ACL means for access control
is broken and needs to be replaced with something POLA. Visibly
contradicting a published "immutable Law #1" from Microsoft
seems to me an excellent way to do so.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list