[cap-talk] Horton vs. ACLs - private namespaces and the Audit Problem
Karp, Alan H
alan.karp at hp.com
Thu Oct 11 12:20:10 EDT 2007
Jed wrote:
>
> 1. One of those labeled as responsible
> acts irresponsibly
And
>
> 2. From some failure of trusted software
> appropriately used with POLA
I was thinking of something much more mundane in which the capability to
the file was transferred legitimately to enable Alan to do his job.
That made him an insider and selling stock during the quiet period a
crime. Should he forget the restriction, as he is wont to do, and sell
stock, he will be caught by the audit.
This example is real. We have a group at Labs working on algorithms for
forecasting quarterly results. As part of their job, some quarters they
need access to data that makes them insiders. Hence, sometimes selling
stock during the quiet period is a crime, and sometimes it isn't. The
way it's handled today is that they sign a paper for each quarter the
need access to the data.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list