[cap-talk] Horton vs. ACLs - private namespaces and the Audit Problem
James A. Donald
jamesd at echeque.com
Tue Oct 9 23:17:08 EDT 2007
Jed Donnelley wrote:
> There's something else that I think I don't understand
> about this "audit problem." Namely, if we believe in
> fine grained access control and small protection
> domains (e.g. at the level of active objects in O-O
> programming) that are necessarily very dynamic, what
> sense does it make for an auditor to ask which
> programs have access to which authorities?
Indeed so. Any system that prevents trojans and
malware, while allowing to the user to get his work
done, is going to have such fine grained permissions
that ordinarily no human will ever do an audit, except
when the programmer is stepping through the program with
a debugger, or analyzing the logs to discover how an
attack was accomplished.
More information about the cap-talk
mailing list